Skip to main content

History and Origins of Tracking Consumers and Cookies

·5 mins
EPrivacy Cookie Compliance Horizon Scanning Marketing

History and Origins of Tracking Consumers and Cookies

Cookies hit the headlines again last week with Google’s announcement that it had halted its phase-out of third-party cookies. We encounter them every day whilst browsing the web, and they’ve been around for decades — but to understand their purpose, we need to trace their history and origins.

1. Pre-cookies #

Before the advent of the World Wide Web, tracking consumers involved various methods that leveraged both direct and indirect means to collect data.

Early 20th Century: beginnings of consumer research #

1920s: The rise of consumerism leads to the early stages of market research. Companies begin using surveys and focus groups to understand consumer preferences and behaviours. Businesses send out questionnaires to consumers, incentivising responses with small rewards.

1930s–1940s: evolution of market research #

Gallup Organisation: Founded in 1935 by George Gallup, it popularises opinion polling through interviews and surveys to gather consumer opinions and trends.

Nielsen Ratings: Established by Arthur Nielsen in the 1940s, Nielsen Ratings begin tracking radio and later television viewership to provide data on audience sizes and preferences.

1950s–1960s: expansion of data collection #

Credit card tracking: The introduction of credit cards allows banks and retailers to collect data on consumer purchases, used to analyse spending patterns and target marketing efforts.

Loyalty programmes: Retailers start offering loyalty programmes using punch cards or stamps to record purchases and reward loyal customers.

1970s: computerisation and data analytics #

Point-of-Sale (POS) systems: The adoption of computerised POS systems in retail stores records transaction data, which can be analysed to track consumer buying habits.

Direct mail marketing: Businesses use mailing lists to send targeted advertisements and promotions to specific consumer segments.

1980s: database marketing #

Customer databases: Companies begin creating detailed customer databases, compiling information from sales records, warranty cards, and customer service interactions.

Geo-demographic segmentation: Marketers use demographic and geographic data to segment consumers into distinct groups for targeted marketing.

1990s: pre-web advanced techniques #

Telemarketing: With the proliferation of telephone services, telemarketing becomes a popular method for reaching consumers directly.

Early data brokers: Firms specialising in collecting and selling consumer data emerge, compiling information from public records, credit reports, and purchase histories to create comprehensive consumer profiles.

2. Cookies & more #

1994 #

Lou Montulli, a programmer at Netscape, developed cookies to enable e-commerce applications — specifically to help websites remember users’ shopping carts. He remembered a software trick from an old operating systems manual: a technique for passing information back and forth between the user and the system. The small piece of data exchanged had been called a “magic cookie.”

On 27 October 1994, AT&T placed the first banner ad on hotwired.com for three months.

1995 #

Netscape Navigator becomes the first web browser to support cookies. The Internet Engineering Task Force (IETF) begins discussions on standardising cookies.

1996 #

DoubleClick, one of the first ad-tech companies, uses cookies for tracking user behaviour across different websites to serve targeted ads.

1998 #

Public awareness of cookies increases. The New York Times publishes “Cookies May Annoy But They Don’t Hurt.” In the US, the FTC publishes “Privacy Online: A Report to Congress” that mentions cookies.

2002 #

The EU’s ePrivacy Directive is introduced, requiring websites to obtain user consent before storing cookies.

2009 #

The ePrivacy Directive is amended to require explicit consent from users before storing cookies, reinforcing privacy protections.

2010 #

The “Do Not Track” header is proposed by the FTC as a mechanism for users to signal their preference not to be tracked across websites — but receives a mixed reception.

2013 #

Device and browser fingerprinting emerge as more sophisticated tracking methods that do not rely on cookies, instead using unique attributes of a user’s device and browser.

2017 #

Apple introduces Intelligent Tracking Prevention (ITP) in Safari to limit cross-site tracking by restricting the lifespan of cookies and blocking third-party trackers.

2018 #

Mozilla introduces Enhanced Tracking Protection (ETP) in Firefox, blocking known trackers by default. The EU’s GDPR comes into effect, imposing strict requirements on how websites obtain and document user consent — including for cookies and other tracking technologies.

2019 #

Planet49’s use of pre-ticked boxes to obtain user consent for cookies during an online lottery is challenged before the CJEU. Firefox turns its Enhanced Tracking Protection on by default. Google announces the Privacy Sandbox initiative.

2020 #

Google announces plans to phase out third-party cookies in Chrome by 2022, later extended to 2024. Amazon is fined €35M by the CNIL for violating cookie rules. Safari updates ITP to block all third-party cookies by default.

2021 #

Amazon is fined €746M by the Luxembourg CNPD for using cookies without proper user consent. The CNIL fines Google €150M and Facebook €60M for cookie violations. Google delays its phase-out of third-party cookies to the second half of 2023.

2022 #

Microsoft is fined €60M for not giving Bing users a way to reject cookies. Google delays the phase-out again, setting a new deadline for the second half of 2024.

2023 #

Google begins extensive testing of Privacy Sandbox features, such as the Topics API and FLEDGE, with a limited number of users.

2024 #

Google announces a third delay to the deprecation of third-party cookies in Chrome, citing “ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers.” The decision was made in response to heightened regulatory scrutiny — particularly from the UK’s Competition and Markets Authority (CMA), which had flagged 39 unique concerns about Google’s plan.

In July 2024, Google halted its effort to phase out third-party cookies entirely, choosing instead to enhance its Privacy Sandbox initiative. Anthony Chavez, Google’s Vice President of Privacy Sandbox, confirmed that cookies will remain, but privacy-preserving alternatives will continue to be developed. The decision disappointed some regulators, including the UK’s Information Commissioner’s Office, though industry groups like the Digital Advertising Alliance welcomed the move.

Author
Tim Clements

Browse by Topic

accountability accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation article 12 article 13 article 28 article 30 article 32 article 46 article 5 article 6 article 7 audit and assessment automated decision-making awareness campaigns behaviour change beyond legal board reporting case law cloud infrastructure compliance monitoring consent cookie compliance cross-border transfers dark patterns data breach notification data flows data mapping data minimisation data processing agreements data protection data protection by design data protection day data protection leader data quality data residency data retention data sovereignty datatilsynet deceptive design direct marketing dora dpia education employee data employee engagement eprivacy esg executive communication external legal counsel finance and banking gdpr gdpr at 10 generative ai governance grc healthcare horizon scanning hr and data protection hr and employment incident response information security intellectual property internal communications international transfers lawful basis leadership lego serious play machine learning marketing nis2 privacy by design privacy culture public sector quantum computing records of processing regulatory guidance risk management risk reduction ropa software development special category data standard contractual clauses strategic planning sub-processors sustainability third-party risk training design transparency trend radar ux design vendor management visual communication weak signals workshop facilitation

Related Posts