Read time: 8 minutes

tl;dr Everyone is talking about cookie deprecation — but what do nonprofits need to do about it right now? Join us on June 26th for a webinar about what you (yes, you!) need to do before this year-end. For a preview of what we’ll be discussing, read on…

Back up. What are third-party cookies, and what’s happening to them? 

Third-party cookies are the core technology that allows media companies and advertisers to follow people around the internet. If you’ve ever been relentlessly pursued by that one sweater you put in your cart that one time (like seriously, why is that sweater haunting me?), you have almost certainly been the target of cookie-based advertising. If you’ve ever run digital display or video ads for your nonprofit, you’ve almost certainly used cookies. They’re fundamental to the ad-supported internet.

Here’s the issue: third-party cookies are kind of a terrible technology. You’ve likely heard about the major privacy concerns surrounding them (e.g. allowing companies like Google to access sensitive information, often without users’ consent). From a pure business perspective, they’re also woefully outdated: they expire after a certain amount of time, and they work only in web browsers — meaning they’re useless if you want to run ads in other contexts (like internet-connected TVs or audio streaming apps).

How outdated are they?

Listen: some things from the mid-’90s have aged well (e.g. the 1995 cinematic classic Hackers). Some… less so! Third-party cookies have aged a bit like a pack of Dunkaroos stashed in the back of your parents’ pantry since the mid-’90s: perhaps technically edible if there are no other options, but probably best to toss ‘em out.

That’s what our industry’s been doing — slowly but surely phasing this technology out.

Firefox and Safari have already fully removed support for 3rd party cookies.

Google has removed 1% of cookies to test their cookie alternative, and are planning to fully remove support for them in Q1 2025. (They keep moving this deadline, but… they promise it’s real this time?)

It’s easy to focus on the downside here: we’re losing a foundational advertising technology. But we think nonprofits are better served by framing this as a (much-needed) update: we’re replacing third-party cookies with a more durable approach that’s better for the everyday people interacting with our ads.

So: here’s one thing you need to do, and three things you need to think about.

Do this now: start passing back hashed first-party data (such as email address) to your ads partners (such as Google and your DSPs).

If you’ve read other articles about cookie deprecation, you’ll notice they all talk about first-party data and leaning into that! To be clear, this does not simply mean CRM targeting. Then what does it mean? 

Remember, cookies are just a way of identifying people: the same person who looked at the sweater last week is the person about to see an ad for it on (and the same person who will, a week from now, relent and just buy the damn sweater, if only to make the ads go away). Google and many advertising platforms propose that we replace this identifier (cookies) with alternatives based on first-party data (like email, name, or phone number). You’ll often hear this referred to as a “cookieless identity graph.”

From a pure advertising perspective, we cannot overstate the case for doing this: if this is not enabled, conversion tracking & ability to optimize ads will be extremely limited, unquestionably and dramatically impeding your ability to effectively advertise. This is especially timely knowing that Safari and Firefox have already ended support for third-party cookies. Even with Chrome shifting their timeline to 2025, cookie loss on the other browsers is an ongoing (and oft-overlooked!) factor in campaign performance. The advertisers who are proactive about addressing it now will certainly gain a competitive advantage relative to those who are waiting for Chrome to force their hand.

However, it raises a lot of questions around privacy: is giving your supporters’ email addresses to Google actually good stewardship of their data?

It’s a complicated question. Many advertisers are already sharing hashed data with platforms like Google via one-off uploads of supporter lists — so you may determine that this is just an extension of your current approach. The data is also hashed and stored in clean rooms, meaning it’s not accessible to anyone outside of your organization and the partners you choose to share it with. That said, data like name and email is undeniably more personal and durable than a random identifier like a cookie: organizations may feel a justified level of concern about sharing this deeper level of supporter data with Big Tech.

In full transparency, we think the pros outweigh the cons — especially if effective online advertising is how nonprofits generate the financial resources to do their critical work. That said, we recognize there will be exceptions: partners for whom advanced data-sharing may prompt a higher level of scrutiny who aren’t to be trusted with this level of data sharing (TikTok, Meta), and organizations whose specific data policies differ from their peers (e.g. health organizations or those working in reproductive justice and LGBTQIA+ rights). For more details on how we’re approaching the data stewardship question, join us on the 26th! 

So that’s the one thing we think you should do — what about the three things we think you should consider?

  1. Cookieless reporting: what’s your approach, and what are your benchmarks?

In a post-cookie world, you should expect ads reporting to get a lot more complicated. A lot of this comes from the lack of a clear industry standard for identity resolution. Remember earlier, when we said Google and its peers want to replace cookies with alternative identifiers? There are a LOT of competitors in that space: aside from Google’s Privacy Sandbox, we have LiveRamp’s RampID, theTradeDesk’s Unified ID 2.0, Yahoo’s ConnectID, Viant’s household ID… are your eyes glazing over yet? The point is, a fractured landscape makes comparisons across vendors harder. Reporting will require more resources and technical expertise than it has previously.

On our end, our fabulous ads analytics team has spent the past year reworking Scout Ads to incorporate this altered data — and we’re really excited about what we’ve come up with! (Again, join us on the 26th for more.)

More broadly, we encourage nonprofits to prepare for decreased visibility into ad conversion performance, especially from view-through conversions (a conversion that happens when someone sees an ad, but doesn’t directly click on it). We expect that determining how much revenue a specific creative, audience, or vendor drove won’t be available, which is going to make optimizations much more challenging. For fundraising programs, consider shifting program performance to a cost per donation instead of a return on ad spend. 

This is also a good time to look at your attribution model and consider investing in media mix modeling to help you evaluate performance across platforms without cookies. 

  1. What impact is cookie deprecation already having on revenue?

Ads vendors have been relying on cookies for years, and most DSPs (our partners for buying primarily display and video inventory) have built their algorithms on cookies — which means we can expect some bumps in the road as they change the entire data foundation of their platforms. Google’s initial testing showed only a 3% decline in ROI. However, larger testing on Google’s alternative solution (privacy sandbox) indicates several issues with the solution. Therefore, we are expecting cookie deprecation to have a larger effect on performance. Consider adjusting your revenue projections based on lower performance after cookies go away. 

We especially encourage nonprofits to consider the ongoing impact of Safari and Firefox’s cookie deprecation on your campaigns. Chrome gets a lot of airtime (because Google keeps pushing back their timelines), but any advertisers relying on cookie-based audiences and reporting will already be missing critical data for those browsers — representing nearly a third of your audience!

  1. Does your media plan need to shift?

We recommend reviewing your media plan for this year and next year to prep for cookie-apocalypse. A few things to consider: 

  • Reduce reliance on the channels most affected by this shift (display and video) while you reassess your approach to audience-building and reporting. This could look like shifting budget to search, social, Google’s Performance Max, or other click-heavy channels.
  • Increase investments in channels that are already cookieless (and have been improving their cookieless reporting and optimizations greatly over the past few years) such as Connected TV and Audio.
  • Examine your current DSP’s capabilities: Are they planning to rely on Google’s alternative solution, have they been building their own alternative solution, or have they been cookieless from the start? All are possibilities depending on who you are working with. It might also be worth testing different DSPs now to understand which cookieless solution works best for you. 

Last thing: we’ll be hosting a webinar to chat more about this topic!

Date: Wednesday, June 26

Time: 1 to 2 pm Eastern / 10 to 11 am Pacific

Speakers: Sarah Coughlon and Kristen Witkin, with guests from International Rescue Committee


Join us!