May 4, 2021
How will affiliates be impacted by Google’s third-party cookie ban
9-MINUTE READ | By Johannes Rastas
[ Updated Jan 17, 2023 ]
Google’s announcement to phase out third-party cookies in Chrome might be considered yesterday’s news by now. But what does it actually mean? And what impact does it have on affiliate marketing, where browser cookies are used for sales tracking and attribution?
Google is on a mission to move toward privacy-first web that places user privacy over data collection and ad targeting. Google Chrome has a 64% market share globally. And given that it’s also the dominant web browser in affiliate marketing, the magnitude of this kind of change can hardly be overstated. But fear not, it doesn’t mean the end of tracking.
Here, we approach this topic from the affiliate marketing perspective. We’ll also explain the difference between first-party cookies and third-party cookies and look at the potential solutions. After reading this post, you’ll get a better understanding of what this change means for affiliates.
Navigate this post:
- What is changing and why
- Difference between first-party and third-party cookies
- What is the impact on affiliates and the affiliate industry
What is changing and why
By removing third-party cookies by 2022, Google is taking a step forward for users’ privacy. It means that Google Chrome will no longer place cookies that collect data about users’ browsing habits and sell web ads that use that data for targeting. As a result, companies that rely on these tracking cookies will have to find alternative ways of targeting web users.
In comparison, Safari and Firefox have been blocking third-party cookies since 2013. This makes Google Chrome the last man standing when it comes to third-party tracking cookies.
New privacy laws and regulations
Google’s decision is most of all a reaction to the privacy issues highlighted in the media and the new privacy laws passed by regulators. For example, the European Court of Justice ruled in 2019 that users’ consent must be obtained prior to storing non-essential cookies. This includes tracking cookies used for targeted advertising. And the consent cannot be implied or assumed.
Anyone using the web will have come across notifications like this by now:

Websites have to ask visitors to press an accept button to allow third-party cookies. Visitors who want to prevent the use of cookies can change their browser settings not to allow the storing of cookies on their device. And all websites must share their privacy policy regarding cookies.
The French Data Protection Authority CNIL recently went a step further. It now demands that websites must not only inform users about what data they collect and ask for their consent but also make refusing cookies as easy as it is to accept them.
What does it mean in practice? All cookie notifications will have to give users a real choice by implementing a ”Reject” or ”Deny all” button next to the ”Accept All” button. Having a ”Configure” or “Cookie policy” button placed next to the ”Accept” button is no longer enough. That is if websites wish to remain compliant with the French guidelines. The grace period for adopting them has already ended in March 2021.

Latest developments and concerns
Google’s Privacy Sandbox is an initiative to make the web more private for users by rebuilding advertising and tracking without third-party cookies. The idea is to move all user data into the browser, where it will be stored and processed.
The sandbox will consist of five browser APIs, which will provide advertisers with aggregated data about conversion and attribution. Instead of cookies, it will rely on anonymized signals that will give access to users’ browsing habits.
To replace third-party cookies, Google has introduced Federated Learning of Cohorts (FLoC). It’s designed to keep track of users’ browsing habits and then place users in various cohorts based on these habits. This allows interest-based advertising without the advertisers knowing anyone’s identity. Users are associated with a cohort—a group of users that share certain qualities and interests. Individual browsing history is kept private by making the browser responsible for looking at the history and assigning users to these cohorts accordingly.

So, targeted advertising isn’t going anywhere. It’s only done in a more anonymous way. Some marketers have also raised concerns about Google’s reasoning behind the third-party cookie ban. If first-party cookies are not affected and Google’s Privacy Sandbox tools allow ad targeting, what is the real motivation behind the decision?
Third-party ad platforms will suffer the most without support from Chrome. So, is it actually about improving privacy for the end-user? Or is Google just tightening its grip on the ad market by forcing advertisers to spend their money on Google platforms? Or maybe it’s a bit of both.
Difference between first-party and third-party cookies
Marketers, and especially advertisers, whose strategies rely on third-party data will obviously be affected by the disappearance of tracking cookies. But the impact isn’t the same for everyone. There’s a key difference between utilizing first-party cookies and thriving on third-party data.
A first-party cookie is generated and stored by the website you’re visiting directly. The domain owner can both collect analytics data of visitors and provide a better user experience by remembering preference settings such as form-fill data and language. A third-party cookie is created by another website than the one you’re visiting and is mainly used for tracking and advertising.
Keep in mind that first-party cookies are not under attack here. It’s only third-party cookies that will be facing extinction. First-party cookies only track the activity on the website that the user is intentionally visiting. Without first-party cookies, you would have to fill in your login information and other details every time you visit a website like Amazon. They also allow websites to gather valuable user data within their own domain.
Unlike third-party cookies, first-party cookies are accepted automatically. But users can also disable them in their browser settings if they wish.

What is the impact on affiliates and the affiliate industry
The privacy concerns driving this change relate to tracking user activity across the web. Namely, using cookies that don’t originate from a website that users themselves have chosen to interact with.
So, given that the invasion of user privacy is about third-party cookies, affiliates and affiliate programs that rely on them are the ones who will be impacted the most. Especially those whose strategies involve leveraging user data for targeted advertising. But using paid ads to drive traffic to an affiliate website is a rare strategy these days due to its obvious challenges regarding profitability.
In-house programs like the Supermetrics partner program make use of first-party cookies that are generated directly by the visited domain. When a prospect clicks an affiliate link in any channel and lands on our website, our domain places the first-party cookie on the prospect’s browser.
The affiliate is credited with the referral as long as the prospect signs up for a free trial within our 90-day cookie lifetime window. And when that free trial ends and the user becomes a paying customer at any point in time, the affiliate earns a 20% recurring commission of the sale.
There’s also coupon code attribution, where the conversion is assigned to the affiliate linked to a specific coupon code. Therefore, any prospect who makes a purchase using an affiliate’s coupon code will be automatically attributed to the affiliate without any reliance on cookies.
First-party cookies are not immune to new privacy trends
Affiliate programs that operate using first-party cookies are able to continue their affiliate sales tracking after the third-party cookie phase-out. But this doesn’t mean they’re immune to the privacy-first trend and other potential requirements it may give rise to later.
For example, the French Data Protection Authority’s demand for a “refuse all cookies” option is something that would concern first-party cookies as well. The question is how many visitors would actually choose to accept any cookies if refusing them is made equally easy. And whether it can later become a general requirement everywhere. For now, it’s too early to say.
Affiliate networks and possible alternatives
Affiliates who are members of an affiliate network can be in a different situation. They embed links into their content and redirect the user to the affiliate network’s ad server that places a third-party cookie on the user’s browser. That is, if the affiliate network relies on third-party cookies. It’s not the case with all platforms of course. But what new methods could they use?
One solution would be server-to-server tracking. It refers to using a unique identifier that’s generated and stored when a user clicks the affiliate link. If that same user later ends up making a purchase, this unique identifier is matched to the user by posting it back to the tracking server. This presents a way to send data directly to secure servers without relying on the user’s browser and third-party cookies.

Another possible scenario would be for merchants who use affiliate networks and rely on third-party cookies to close direct deals with their affiliate partners. This could potentially give more power to affiliates and strengthen their relationships with merchants. But it could also lead to programs becoming more selective with the partners they work with. As a result, it could reinforce the impact of influencers and key opinion leaders while making it more difficult for novice marketers to enter affiliate programs.
Final thoughts and how to prepare
As an affiliate marketer, getting ready for Google’s third-party cookie ban means finding out what type of tracking method is being used in the affiliate programs and networks you’ve joined. Chances are that many of them don’t even rely on third-party cookies in any way.
It all depends on the platform. Third-party ad platforms will take the biggest hit. But new tracking technologies will keep appearing before the complete phase-out. If you’re a Supermetrics partner, you have nothing to worry about at this stage. We use first-party cookies for affiliate sales tracking that are not at risk of disappearing anywhere yet.
A requirement for having a refuse all cookies option on all websites is another question that should be taken into consideration, albeit only imposed in France for now. Whether it will become a common trend in the whole EU area, for example, remains to be seen.
Check what else to expect from affiliate marketing in 2022. And join the Supermetrics partner program to earn 20% recurring commissions from each sale.
About Johannes Rastas

A Partner Marketing Manager at Supermetrics, Johannes focuses on expanding the Supermetrics partner program and collaborating with their existing partners. He also works with SEO and content on a daily basis. Feel free to contact him on LinkedIn.
Turn your marketing data into opportunity
We streamline your marketing data so you can focus on the insights.