The history and origins of tracking consumers and the use of cookies
Cookies hit the headlines again last week with Google's announcement that it had halted it's phase-out of third-party cookies. We encounter them every day whilst browsing the web, and they've been around for decades but to understand their purpose, we need to trace their history and origins.
COOKIESTRACKING USERS
Tim Clements
7/31/20247 min read
Cookies hit the headlines again last week with Google's announcement that it had halted it's phase-out of third-party cookies. We encounter them every day whilst browsing the web, and they've been around for decades but to understand their purpose, we need to trace their history and origins.
1. Pre-cookies
Before the advent of the World Wide Web, tracking consumers involved various methods that leveraged both direct and indirect means to collect data. Here's a detailed timeline and history of consumer tracking techniques before the web era:
Early 20th Century: beginnings of consumer research
1920s: The rise of consumerism leads to the early stages of market research. Companies begin using surveys and focus groups to understand consumer preferences and behaviours.
Mail surveys: Businesses send out questionnaires to consumers, incentivising responses with small rewards. This method helps gather data on purchasing habits and preferences.
1930s-1940s: evolution of market research
Gallup organisation: Founded in 1935 by George Gallup, it popularises opinion polling. Gallup's methods include conducting interviews and surveys to gather consumer opinions and trends.
Nielsen Ratings: Established by Arthur Nielsen in the 1940s, Nielsen Ratings begin tracking radio and later television viewership to provide data on audience sizes and preferences.
1950s-1960s: expansion of data collection
Credit card tracking: The introduction of credit cards allows banks and retailers to collect data on consumer purchases. This data is used to analyse spending patterns and target marketing efforts.
Loyalty programmes: Retailers start offering loyalty programs to track repeat customers. These programs use punch cards or stamps to record purchases and reward loyal customers with discounts or gifts.
1970s: computerisation and data analytics
Point-of-Sale (POS) systems: The adoption of computerised POS systems in retail stores marks a significant advancement. These systems record transaction data, which can be analysed to track consumer buying habits.
Direct mail marketing: Businesses use mailing lists to send targeted advertisements and promotions to specific consumer segments. Mailing lists are compiled from various sources, including customer purchases and survey responses.
1980s: database marketing
Customer databases: Companies begin creating detailed customer databases, compiling information from various sources such as sales records, warranty cards, and customer service interactions.
Geo-demographic segmentation: Marketers use demographic and geographic data to segment consumers into distinct groups for targeted marketing. This method leverages census data and other public records to categorise consumers based on location, age, income, etc.
1990s: pre-web advanced techniques
Telemarketing: With the proliferation of telephone services, telemarketing becomes a popular method for reaching out to consumers. Companies use call lists to directly market products and gather data on consumer interests.
Early data brokers: Firms specialising in collecting and selling consumer data emerge. These data brokers compile information from various sources, including public records, credit reports, and purchase histories, to create comprehensive consumer profiles.
2. Cookies & more
1994
Lou Montulli, a programmer at Netscape developed ‘cookies’ to enable e-commerce applications, specifically to help websites remember users' shopping carts
On October 27th, 1994, AT&T places the first banner ad on hotwired.com for 3 months.
Montulli remembered a software trick from an old operating systems manual he’d read a few years earlier, a technique for passing information back and forth between the user and the system. For some reason, the small piece of data exchanged had been called a “magic cookie.”
1995
Netscape Navigator is the first web browser to support cookies.
Internet Engineering Task Force (IETF) begins discussions on standardising cookies.
1996
DoubleClick, one of the first ad-tech companies to use cookies for tracking user behaviour across different websites to serve targeted ads.
1998
Public awareness of cookies increases. New York Times publishes: ‘Cookies May Annoy But They Don't Hurt.’ Wired covers similar articles.
In the US, the FTC publish ‘Privacy Online: A report to Congress’ that mentions cookies.
2002
The EU’s ePrivacy Directive, is introduced requiring websites to obtain user consent before storing cookies, focusing on the protection of online privacy.
2009
The ePrivacy Directive is amended to require websites to obtain explicit consent from users before storing cookies, reinforcing privacy protections.
2010
With a mixed reception and limited implementation by websites and browsers, the ‘Do Not Track’ header is proposed by the FTC as a mechanism for users to signal their preference not to be tracked across websites.
2013
Device and browser fingerprinting emerge as more sophisticated tracking methods that do not rely on cookies but instead use unique attributes of a user’s device and browser.
2017
Apple introduces Intelligent Tracking Prevention (ITP) in their Safari web browser to limit tracking.
2018
The EU's GDPR comes into effect, imposing strict requirements on how websites obtain and document user consent that are also applicable for for cookies and other tracking technologies.
2019
Planet49’s use of pre-ticked boxes to obtain user consent for cookies during an online lottery is challenged and brought before the CJEU for clarification.
In the same year, Firefox turned its Enhanced Tracking Protection (ETP) privacy feature on by default
2020
Google announces plans to phase out third-party cookies in Chrome by 2022, later extended to 2024.
In the same year, Amazon is fined €35M by the CNIL for violating cookie rules.
2021
Amazon are fined €746M by the Luxembourg CNPD for using cookies without proper user consent.
At the end of 2021, the CNIL fine Google €150M and Facebook €60M for cookie violations
2022
Microsoft fine €60M for not giving Bing users a way to reject cookies.
2024
Google’s intention with its Privacy Sandbox was to phase out third-party cookies by using techniques, like differential privacy, k-anonymity, and on-device processing. It should also help limit other forms of tracking, like fingerprinting, by restricting the amount of information sites can access.
On 22 July, Google announced it is halting its phase-out of third party cookies in its Chrome browser while reworking its Privacy Sandbox initiative to address a balance between consumer privacy and sustainable advertising.
The demise (and reprieve) of third-party cookies
The digital landscape has undergone a major transformation as third-party cookies are being phased out by the major web browsers. This shift is driven by increasing concerns over user privacy and the need for greater transparency in how personal information is collected and used.
Google Chrome, announced its plan to phase out third-party cookies by the end of 2024. This change is part of Google’s Privacy Sandbox initiative, which aims to develop new technologies that replace third-party cookies while preserving privacy and supporting advertising needs. Features like the Topics API and FLEDGE are part of this initiative, designed to enable targeted advertising without compromising user privacy.
Other browsers, such as Firefox and Apple's Safari, have already implemented measures to block third-party cookies by default. Firefox's Enhanced Tracking Protection and Safari's Intelligent Tracking Prevention have set the stage for a more privacy-focused web browsing experience.
The demise of third-party cookies marks a significant shift in online advertising and user tracking. Advertisers and website owners must adapt to these changes by exploring alternative methods for tracking and personalisation that comply with new privacy standards.
2017
Safari introduces Intelligent Tracking Prevention (ITP)
Apple’s Safari browser launches ITP to reduce cross-site tracking by limiting the lifespan of cookies and blocking third-party trackers. This initial move sets the stage for other browsers to follow suit in enhancing user privacy
2018
Firefox enhances tracking protection
Mozilla introduces Enhanced Tracking Protection (ETP) in Firefox, which blocks known trackers by default. This development marks a significant step toward user privacy by preventing third-party cookies from tracking users across websites
2019
Google announces Privacy Sandbox
Google announces the Privacy Sandbox initiative aimed at developing web standards that enhance privacy while still supporting online advertising. This initiative represents Google's strategy to eventually replace third-party cookies with more privacy-preserving alternatives
2020
Safari updates its Intelligent Tracking Prevention to block all third-party cookies by default, further tightening its restrictions on cross-site tracking and enhancing user privacy
Firefox rolls out Total Cookie Protection within its ETP, isolating cookies to the site where they were created, thus preventing cross-site tracking and enhancing privacy
2021
Google announces a two-year delay to its original plan to phase out third-party cookies by 2022, pushing the deadline to the second half of 2023. This extension aims to provide developers and advertisers more time to adapt to the new standards
2022
Google delays the phase-out of third-party cookies again, setting a new deadline for the second half of 2024. This decision reflects the need for more thorough testing and a smoother transition for the advertising industry
2023
Google begins extensive testing of Privacy Sandbox features, such as the Topics API and FLEDGE, with a limited number of users. These trials aim to evaluate the effectiveness of these new technologies in replacing third-party cookies
2024
Google announces that it will, for the third time, delay the deprecation of third-party cookies on its Chrome browser.
“We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem,” the company said in a blog post.The decision to postpone once again was made in response to heightened regulatory scrutiny – particularly from the UK’s antitrust enforcer, the Competition and Markets Authority (CMA), which had been closely monitoring the proposed transition. The CMA had flagged 39 unique “concerns” about Google’s plan to sunset third-party cookies,
July 2024
Google halts its effort to phase out third-party cookies in Chrome, choosing instead to enhance its Privacy Sandbox initiative to balance privacy with sustainable advertising. Anthony Chavez, Google's Vice President of Privacy Sandbox, confirmed that cookies will remain, but privacy-preserving alternatives will continue to be developed. Google plans to introduce a feature in Chrome allowing users to make informed privacy choices. The decision to keep cookies has disappointed some regulators, like the UK's Information Commissioner's Office (ICO). However, industry groups like the Digital Advertising Alliance support Google's move, emphasising the need for privacy-enhancing advertising approaches.
Purpose and Means
Helping compliance leaders turn digital complexity into clear, actionable strategies
BaseD in Copenhagen, OPerating Globally
tc@purposeandmeans.io
+45 6113 6106
© 2025. All rights reserved.