Making the transition to cookieless advertising

In digital marketing, “cookieless advertising” refers to advertising strategies that do not rely on the traditional third-party tracking cookies used to follow users across websites. Web cookies have long underpinned targeted ads, such as remembering user logins, personalizing site experiences, and supporting retargeting campaigns. 

However, growing privacy concerns and regulations are pushing the industry away from these identifiers. A Pew Research study found that 79% of Americans are concerned about how companies use their data; 41% regularly delete cookies, and 30% use ad blockers. Similarly, 72% of people feel that “everything they do online is being tracked.” In response, browsers and tech companies are phasing out or restricting third-party cookies, forcing advertisers to seek new approaches. 

Cookieless advertising represents a new system in which ads remain relevant and effective while respecting user privacy and operating without third-party cookies. The shift to cookieless methods is prompting advertisers and marketers to rethink their digital marketing strategies and overall approach to online advertising. They must find new ways to deliver relevant ads and preserve a positive user experience while rigorously safeguarding personal information and privacy.

Privacy regulations and the end of third-party cookies

User privacy has become a central focus worldwide, driving the move toward a cookieless future. Over the past few years, stringent data protection laws such as the EU’s GDPR, Brazil’s LGPD, California’s CCPA (California Consumer Privacy Act)/CPRA, and others have raised the bar for personal data use. European regulators have even discussed a ban on personalized ad targeting. 

In tandem, browser makers took action: Apple’s Safari started blocking third-party cookies by default in 2017 (Intelligent Tracking Prevention), Mozilla Firefox followed with enhanced tracking protection, and in 2021, Apple’s iOS update (App Tracking Transparency) led most mobile users to opt out of cross-app tracking. 

The biggest player, Google Chrome, announced plans to phase out third-party cookies by 2022, then delayed to 2023, then to 2024, and early 2025. In mid-2024, Google reversed its decision to outright deprecate cookies, instead proposing to give users a choice via new Chrome privacy controls. As of 2025, Chrome will maintain support for third-party cookies by default (with user opt-out options) rather than forcing their removal. In other words, Chrome users will still be trackable via third-party cookies by default unless they actively opt out, at least for now. Google has indicated that it will continue developing its Google Privacy Sandbox proposals, such as the Topics API for interest-based ads, as optional tools for privacy-preserving advertising, but adoption of these alternatives remains uncertain. 

Despite this pivot, the overall trend remains toward privacy-first advertising. Regulators and public pressure are unlikely to wane, and a large portion of internet traffic is already “cookieless” due to Safari, Firefox, and mobile app policies. In fact, nearly 47% of the open internet is already unaddressable by traditional trackers because of these changes. 

Advertisers recognize that clinging to third-party cookies is not sustainable. In fact, early analyses suggested that publishers could lose more than 50% of their ad revenue when third-party cookies were no longer available. Failing to adapt could result in revenue losses and loss of market share for those who lag behind.

Impact on digital advertising

The diminishing availability of third-party cookies affects the digital advertising ecosystem. Targeting and personalization that once depended on cookie-based profiles become more challenging, especially for activities such as retargeting, or showing ads to users who visited a site, and audience extension across the web. Frequency capping, or controlling how often a user sees an ad, and sequenced messaging also relied on a consistent cross-site identifier, which is harder without cookies. Measurement and attribution suffer as well; cookies have been the glue linking ad impressions or clicks to conversions across sites. Without them, marketers struggle to accurately measure campaign performance and assign credit to touchpoints. 

Gartner analysts predict a period of disruption and experimentation in advertising metrics as cookies wane. This includes shifts in media spending away from cookie-dependent channels, such as programmatic advertising platforms that relied on third-party data. Early evidence of this shift includes the rise of privacy-preserving attribution models, such as Google’s aggregated reporting APIs and Apple’s SKAdNetwork for app ads, and a renewed interest in media mix modeling to gauge performance without user-level tracking. 

Publishers, meanwhile, worry about losing revenue. Personalized ad inventory may lose value if buyers cannot target or measure effectively. Some estimates suggest that advertising on cookie-restricted inventory, such as Safari traffic, makes 50-60% less revenue than on Chrome with cookies, pressuring publishers to find alternative ways to make money from user data. Without cookies, it is more difficult to follow consumers across sites or reliably reach the intended target audience with the right frequency and messaging. In summary, the loss of third-party cookies disrupts many established practices in digital ads, forcing a fundamental realignment of how advertisers identify audiences, tailor messages, and measure success.

Strategies for advertising in a cookieless world

With “business as usual” no longer viable, the ad industry has developed a layered toolkit of solutions, which some call a “layer cake” or “graph stacking” approach,  to support effective advertising without third-party cookies. No single tactic will replace cookies; instead, savvy marketers are layering multiple approaches to rebuild their advertising strategy and keep marketing campaigns effective in this cookieless environment. These approaches include:

Using first-party and zero-party data

First-party data, or information that companies collect directly from their customers,  becomes a cornerstone of cookieless advertising. This data includes website analytics, purchase history, customer relationship management (CRM) records, subscription and loyalty program data, and any behavioral or preference data gathered from a brand’s own channels. Because it is collected with a direct relationship and often consent, first-party data complies with privacy regulations and is relevant. 

Many marketers are also collecting zero-party data, which is data users proactively and voluntarily share, such as survey responses, preference centers, or profile information.  These sources help brands build detailed customer profiles and segments without relying on external trackers. Even basic website analytics from a tool like Google Analytics, which uses first-party cookies to observe on-site user behavior, can become a valuable source of insight for targeting and personalization. 

A 2023 Deloitte study found that 82% of high-growth companies were shifting to a first-party data strategy as cookies are phased out. By investing in customer data platforms and incentives such as loyalty programs or personalized content, brands aim to create their own data assets for targeting and personalization. For publishers, encouraging users to log in or subscribe is a way to turn anonymous visitors into known, addressable audiences tied to first-party cookies or identifiers. Overall, doubling down on first-party data helps advertising become more consent-driven and relationship-based, rebuilding trust with consumers through transparency and value exchange.

Data partnerships and second-party data

Even companies with rich first-party data often have blind spots, so many are turning to data partnerships to learn more about their customers. So-called second-party data is another organization’s first-party data shared through a trusted relationship. For example, a car manufacturer might partner with an auto insurance company to exchange audience insights, or a publisher collective might pool their logged-in user data for mutual benefit. These collaborations can occur directly or via neutral intermediaries, and require privacy safeguards and data rights agreements. 

When done properly, second-party data sharing helps advertisers reach a broader audience that is still privacy-compliant, such as matching a brand’s customer list with a partner’s user base to find overlaps or lookalike prospects. Industry consortia and walled-garden partnerships are increasing for this purpose. However, executing such partnerships at scale can be complex. Increasingly, privacy-focused technologies such as data clean rooms help provide secure collaboration. The underlying goal is to assemble richer consumer understanding without third-party cookies by working with allies who have complementary data.

Contextual and interest-based targeting

Contextual advertising has made a comeback in the cookieless era. Contextual targeting means showing ads based on the content and context of the page or app the user is currently engaging with, rather than on a personal profile. For example, an ad for golf equipment might appear on a sports or golf news website, assuming the reader’s interest from the context. This approach does not require identifying the user at all; it relies on matching ads to the moment rather than the person. 

Recent advances in natural language processing, machine learning, and semantic analysis have improved contextual advertising’s precision. Automated systems analyze page content, including video and audio, to understand not just keywords but sentiment and suitability, helping marketers place ads in relevant and brand-safe environments. These advances in semantic targeting mean today’s contextual targeting systems analyze not only keywords but also the broader meaning and sentiment of content, leading to more accurate ad placement in context. 

Studies indicate that contextual ads get comparable or even better engagement because the ad aligns with the user’s immediate interests. Tech platforms are also using interest-based targeting as a replacement for individual tracking. Google’s proposed Topics API, for instance, lets Chrome infer a handful of broad interest categories, such as  “travel” or “fitness” for a user based on recent browsing, which advertisers then use for targeting. Because these interest signals are coarse-grained and don’t reveal a unique identity, they preserve anonymity. By combining contextual relevance with interest-based signals, advertisers approximate the effectiveness of behavioral targeting in a privacy-safe way. Contextual and interest-based methods also inherently respect brand safety, because they avoid serving ads alongside inappropriate content and do not rely on personal data at all. As a result, contextual ads offer a viable route to relevant, privacy-safe outreach.

Identity solutions and unified IDs

Another strategy is the development of alternative identifiers to stand in for third-party cookies. A number of industry consortia and companies have introduced “unified” or “universal” IDs intended to allow advertising across sites while honoring privacy and consent. These systems typically use hashed or encrypted email addresses, phone numbers, or device IDs that a user has provided to one or more sites, often via login. 

For example, The Trade Desk’s Unified ID 2.0 (UID2) generates an anonymized identifier from a user’s email address with consent, which advertisers and publishers use as a stable ID instead of cookies. Unified ID 2.0 is open source and comes with user transparency and built-in opt-out mechanisms. Similarly, LiveRamp’s ATS (Authenticated Traffic Solution) lets publishers match logged-in user data to LiveRamp’s RampID, an identity graph ID, in real time. These people-based IDs help preserve many capabilities of cookie-based advertising,  such as frequency capping, suppression of ads to converted users, and audience targeting across sites, but in a way that is consented and encrypted rather than opaque tracking. 

Dozens of other identity frameworks exist, such as ID5 and Panorama ID, each attempting to scale by getting publishers and advertisers to support them.  Adoption is growing; for instance, LiveRamp reported hundreds of publishers implementing ATS and major ad platforms integrating with unified IDs. The big caveat is whether these email-based identifiers can reach critical mass. Not all users will log in everywhere, and some browsers or regulators may still intervene, as seen by Firefox blocking some fingerprinting techniques or EU regulators scrutinizing any new tracking. 

Nonetheless, unified IDs represent a leading approach to identifying ad audiences in a cookieless world by using first-party authenticated data at scale. Implementing such identity frameworks at scale often requires robust, real-time identity resolution by matching a consumer’s identifiers, such as emails, phone numbers, device IDs, and logins, on the fly so they can be recognized across platforms and channels. In practice, this means building an identity graph behind the scenes that links these identifiers and updates continuously as new data arrives, so the user’s profile stays consistent and up-to-date. In a related article, industry experts noted that identity graphs provide a 360-degree view by consolidating customer data from multiple touchpoints, so marketers can continue delivering personalized ads at scale.

AI and machine learning for targeting

In the absence of easy cross-site tracking, marketers are increasingly turning to artificial intelligence (AI) and machine learning (ML) to infer and predict the best ways to reach consumers. Historically, many ad firms have already used lookalike modeling and predictive analytics to improve targeting. Machine learning models analyze patterns in whatever data is available, including first-party data, contextual signals, and demographic data, to predict user interests and propensities. 

For example, AI clusters users into segments based on on-site behaviors, or predicts which anonymous visitors are likely to convert even without knowing their past browsing history. Some advertisers are using propensity models to score ad impressions in real time for relevance, filling the gap left by behavioral cookies with statistical probabilities. AI is also being applied to content, tailoring ads on the fly using context cues and learned user preferences.

Looking ahead, industry leaders envision a time when AI-driven personalization replaces human identity targeting altogether. Instead of ads following a known individual user, an AI agent, like a virtual assistant or a recommendation engine, might curate the advertising content based on its own understanding of the user’s needs, without needing a persistent ID on that user. While that future may be a few years away, AI-based targeting is already helping advertisers mitigate the loss of cookies by learning more from limited data.

These models must be trained and executed in privacy-compliant ways. Techniques such as federated learning, which involves training on-device or on distributed data, and differential privacy help AI learn from aggregate behavior without exposing personal data. Increasingly, AI-driven personalization at scale is becoming the cornerstone of marketing strategy in this cookieless era, replacing blanket third-party tracking with predictive, context-aware targeting and content.

Data clean rooms and privacy-preserving collaboration

As direct user-level tracking diminishes, data collaboration has to happen in privacy-preserving environments. Data clean rooms have emerged as a popular solution for advertisers and publishers to work together on data without sharing individual-level information. A data clean room is a secure software environment where parties, such as an advertiser and a publisher, match and analyze their data sets in aggregate to find audience overlaps or measure campaign outcomes under controls that prevent either side from seeing the other’s raw personal data. In a clean room, identifying details are anonymized or hashed, and queries return only aggregated insights, such as “number of users who saw ad X and made a purchase”, often with minimum threshold rules to avoid re-identification. 

This setup allows a brand to attribute conversions by matching its customer list with a publisher’s exposure data while complying with privacy laws. Players such as Google Ads Data Hub, Amazon, and Facebook, as well as independent providers such as LiveRamp, Snowflake, and InfoSum, have introduced clean room offerings. 

The use of clean rooms in marketing has surged in recent years, driven by the need for compliant data sharing. A survey by Deloitte Digital found that one in three companies was using data clean rooms extensively in 2023, and 87% expected to increase their use in the following year. Clean rooms are becoming integral for tasks such as advanced attribution, customer journey analysis, and building combined datasets for targeting, filling some of the gaps left by the loss of easy cross-site tracking. They are not a silver bullet, because setup can be complex, and standards are still evolving. Still, they represent an important piece of the cookieless future by supporting walled gardens across organizations and analyzing users’ data without violating their privacy.

Building a robust data infrastructure

Underlying these strategies is a need for strong data infrastructure. In a cookieless advertising world, success depends on how effectively a company collects, processes, and activates data from multiple sources in real time. Advertisers must handle high volumes of first-party data and partner data and draw insights quickly for personalization, targeting, or measurement without relying on third-party cookie profiles. 

This requires investing in scalable databases, customer data platforms, and analytics tools that unify disparate data such as web analytics, CRM, and mobile app data into one view,  often called a “golden record” of each customer or entity. Creating this unified profile can be technically daunting because it involves resolving identifiers across devices and channels, a process known as entity resolution. More recent technological solutions involve using graph databases or multi-model data stores to link various identifiers to one entity, such as connecting an email address, a phone number, and a device ID as one user to maintain a consistent profile for targeting and personalization. 

Speed is also crucial. Real-time or near-real-time data processing is needed so that when a user takes an action like viewing a product or interacting with an ad, the system updates their profile or triggers a relevant marketing response. In short, companies need to make sure their data architecture supports low-latency, high-volume data handling. Industry experts note that a key to navigating the cookieless future is having data platforms that are “reliable, fast, and affordable” in delivering customer information for personalization and analytics. 

Many organizations are redesigning their first-party data infrastructure to achieve this single customer view. They consolidate data from all channels into a central customer data platform and support real-time identity resolution across devices and touchpoints to keep profiles up-to-date for targeting. To meet these new low-latency requirements at scale, some firms are adopting edge computing, or processing data closer to where it is generated, alongside their cloud infrastructure. By handling more events at the edge, they reduce round-trip delays and keep sensitive personal information on local devices or servers, improving both response times and privacy. Many advertisers are now evaluating their technology stacks, from cloud data warehouses to edge computing,  to handle the new demands of privacy-centric advertising at scale. Those that succeed will still offer timely, personalized ad experiences by using first-party intelligence, even without cookies.

Measurement and attribution without cookies

One of the most difficult aspects of going cookieless is rethinking how to measure ad performance and attribute conversions to the right touchpoints. Traditional digital marketing relied on cookies to do last-click or multi-touch attribution. For example, a third-party cookie identified that the same user who saw an ad on Site A later clicked a search ad and made a purchase on the advertiser’s site, to assign credit to each channel. 

In a cookieless scenario, such deterministic linking is often not possible, especially across domains and platforms. The industry is exploring alternatives such as privacy-preserving attribution APIs and frameworks. Google’s Privacy Sandbox, for instance, includes an Attribution Reporting API that lets advertisers measure conversions in aggregate without individual user IDs, using techniques like aggregated event reporting and multi-party computation to hide personal data. 

Similarly, Facebook (Meta) and other ad platforms have shifted toward conversion modeling, where statistical models estimate how much each ad contributes to sales when direct tracking is unavailable. Another approach is a return to marketing mix modeling and incrementality testing, using higher-level methods based on statistical analysis and experiments to infer the effect of ads without user-level data. 

Each of these approaches has pros and cons: They can preserve privacy, but often with some loss of granularity or accuracy. As companies calibrate these new methods, we are likely to see a period of trial-and-error in measurement. New metrics of success will emerge, focusing on broader outcomes and probabilistic insights rather than exact per-user tracking. 

For instance, it’s now much harder to connect the dots between a specific exposure, such as a Google ad, an email message, or a social media impression, and a later purchase without cookies to link those events. As a result, the way advertisers evaluate ad performance will shift toward aggregate insights and probabilistic models instead of tracking every individual interaction. 

For advertisers, this means developing comfort with uncertainty and confidence intervals, and investing in data science expertise to interpret results. In the long run, measurement will become more about trends and correlations bolstered by occasional experiments, rather than the precise user journey mapping that cookies provided. The upside is a more privacy-friendly approach, but it requires re-educating marketing teams and clients about how to gauge return on investment in the post-cookie world. Companies that adapt by upgrading their analytics and using techniques such as clean-room analysis for attribution will be better positioned to succeed under the new rules.

Personalization beyond cookies

Even as the industry implements these solutions, many are looking further ahead to a future where advertising might not just be cookieless but fundamentally different in nature. 

One vision gaining traction is an era of AI-driven personalization where ads evolve into something closer to personalized recommendations than overt targeted promotions. In this scenario, the importance of identifying a user via cookies or any ID diminishes. Instead, AI algorithms or virtual assistant “agents” act on behalf of users to find content and products that match their needs. Early signs of this shift are visible in technologies such as recommendation engines on e-commerce platforms and streaming services, which suggest products or content based on behavioral patterns without needing third-party cookies. 

As AI capabilities grow, we may see advertising messages that are so well integrated and contextually relevant that the line between an ad and a recommendation blurs. For example, suppose a user asks a voice assistant or an AI-powered search engine for a product suggestion. In that case, the response might include sponsored options tailored to user criteria such as price, quality, or style, purely through AI inference, not because a cookie identified them from a previous site visit. This agent-mediated model of advertising would prioritize utility and relevance, not identity. 

Such a future could render many current targeting debates moot, but it also raises new challenges, such as providing AI transparency, preventing bias, and creating data formats that AI agents can easily parse. Some have suggested that ads themselves will need to encode machine-readable attributes such as “price” and “durability” to be considered by AI agents. 

While this vision is still emerging, it underscores a core theme: The advertising industry’s evolution is ultimately moving toward less reliance on personal identifiers and more toward contextual, aggregated, and AI-driven methods of reaching audiences. Ultimately, the distinction between a personalized ad and a product recommendation could disappear, as sponsored content becomes dynamically tailored by AI in response to a user’s interaction with their environment. In the meantime, companies that follow privacy-first practices and innovate with these strategies will not only navigate the cookieless present but also be well-positioned for whatever comes next in digital marketing.

How Aerospike supports cookieless advertising

As marketers pivot toward privacy-first strategies, they need a data foundation to unify first-party signals, power real-time identity resolution, and deliver sub-millisecond decisions across the programmatic supply chain. Aerospike’s real-time data platform does that. Its patented hybrid-memory architecture takes in, adds to, and serves petabytes of customer data with predictable single-digit-millisecond latency, giving brands and AdTech providers the speed and scale required to replace third-party cookies with smarter, more privacy-compliant targeting. By keeping user profiles, contextual signals, and AI inference results in one globally distributed store, Aerospike eliminates the data silos and latency spikes that undermine cookieless initiatives and real-time bidding.