How compliance auditing, done right, can prevent a cookie apocalypse

The beginning of the end for cookies

Since the beginning of the advertiser-funded internet 25 years ago, brands have used third-party cookies to track consumer behaviour. Although cookie technology wasn’t intended for how it has been used by the marketing industry, it became the default targeting currency of the web.

Now, however, the world is changing, with people increasingly demanding greater privacy. This has been mirrored in legislation – from GDPR in Europe to the CCPA in California – and one after another, browser companies from Apple (Safari) to Firefox, have switched off third-party cookie functionality. By 2022, Google Chrome – the biggest player in the global market, responsible for more than half of all internet searches – will become the last major browser company to phase out the use and sharing of third-party cookies. Only last month, Google reinforced its determination to kill off cookies by saying it definitely will not develop a replacement that deploys user-specific targeting.

The consequences of a cookie-free internet

As a result of the demise of third-party cookies, advertisers won’t be able to use them to shape their online advertising activity. No longer will cookies be the key data set used to build campaign reach and cap how often individuals see ads, nor enable brands to target and retarget consumers. What’s more, the application of cookies to run digital attribution will be compromised to the extent that a whole new approach to attribution modelling is required.

It’s fair to say that third-party cookies were the fuel required to run a far-from-ideal (though unified) system of consumer targeting. The cookie-free world means that the walled-garden environments run by Alphabet (Google and YouTube), Amazon and Facebook (Facebook and Instagram) will become ever-more dominant on advertisers’ digital media plans. In the medium-term, targeting using third-party cookies will be superseded by a wide variety of often-opaque solutions, each operating to their own standards. It will take some years before a winning, elegant and universally-accepted replacement becomes the norm – if, indeed, that is even a possible objective.

Overall, we can expect the measurement and analytics of digital media performance to become very much more fragmented. Advertisers’ own first-party data will be critical, and the better first-party data, skills and scale brands develop, the better their impact in digital will be. Success will also be much more dependent on logins and alliances across media groups to create identity-led solutions. Multi-standard tools and competing approaches will mean the same campaign may well be shown to have different outcomes, according to the methodology chosen. There will be questions of ownership of both data and intellectual property. If the history of internet advertising follows its usual path, a wide variety of different – and opaque – pricing models will be developed.

Some of the challenges presented by the move to a cookie-free environment can be avoided by carefully selecting the right partners, platforms and business terms; by establishing a contract that’s fit-for-purpose and building regular and rigorous contract compliance auditing into a brand’s established repertoire of checks and balances.

Contracts that fit the purpose

The most important thing that advertisers can do when embarking on any engagement with a new partner is to ensure that the fine details of the partnership are fully documented in a comprehensive contract. The contract should provide full transparency of all entities involved in the delivery of the solution, meaning not just the contracting agency but also all the sub-entities and contractors. Clear visibility and total transparency are necessary for all technical buying deals. Without a clear and transparent contract – one that’s regularly updated – there’s no guarantee of a good engagement.

Regular audits

Because of the sheer pace of change in digital marketing – something that has only accelerated thanks to the deprecation of third-party cookies – it is vital that advertisers commission contract compliance audits regularly, especially after they introduce new initiatives. With a fit-for-purpose contract in place, there are five key areas where a contract compliance audit can check and verify, helping advertisers to manage their digital marketing supply chain.

  1. Data management and ownership: Verify all parties’ contracts and processes, establish the value chain and revenue streams. Match billings and evaluate KPIs and delivery. Review data IP and ownership rights.
  2. Technical costs: Reconcile technical costs to rate cards (if used) and delivery – or to third party costs – ensuring no additional mark-ups.
  3. FTE staffing costs: Verify all people costs, time reconciliations. Match promises and KPIs and verify net billings.
  4. Audit all parties engaged in the value chain: Verify all parties in costs, billings and KPI delivery. This includes understanding related-party transactions across the value chain
  5. Validate targeting and attribution: Validate models, KPIs and delivery to ensure that contractual details are delivered and matching.

The first steps are good planning, testing and selecting the right partner. Next up, is putting in place the right contract that manages data ownership, IP, transparency and price guarantees. Once these are in place, regular contract compliance audits can validate the controls within the contract, monitoring and securing the agency’s degree of compliance. This is the way to minimise disruption and value erosion once advertisers adopt alternatives to third-party cookies for tracking and targeting current and prospective customers.


In March 2021, FirmDecisions and its parent company, Ebiquity – the world leader in media investment analysis – published a new and intensely practical guide titled “Surviving the Cookie Apocalypse”. Download a complimentary copy of this guide here.