CookiePro Knowledgebase

dot pattern banner

Knowledgebase IAB Advertising Technology (AdTech) & Cookies


Advertising Technology (AdTech) & Cookies

Last Updated: March 17, 2021

The end of third-party cookies will soon be a reality for most marketers. The use of MargTech and AdTech cookies will require websites to adapt and find new strategies to deliver personalized experiences without relying on third-party cookies.

Many of the changes and regulatory updates that have been seen in the AdTech landscape in the past few years will continue to shape the industry moving forward. Important trends reflect on giving consumers more insight and control over their data, while still enabling publishers to generate revenue and brands to be able to target consumers.


AdTech Explained

Advertising Technology, AdTech, is essentially an ecosystem that consists of each component necessary to manage digital advertising campaigns for demand and supply-side platforms. Ad exchanges are the platforms that connect advertisers with publishers. It is the tool that allows for the transaction of the ad inventory. Exchanges also allow publishers to set up private, restricted marketplaces for media.

Advertising has evolved from publishers and advertisers convening in the same room to being able to craft advertising campaigns digitally through the Content Delivery Network (CDN). Advertisers can get targeted advertising and analytics, through AdTech cookies, to better target the demographic audience leading to more conversions.


Latest AdTech Cookies Guidance Updates

As of early 2021, we’ve seen much regulatory guidance concerning the use of cookies in the AdTech space. Some notable updates include:

  • Brazil: In regards to cookies, the LGPD states website owners are responsible for providing notice and obtaining consent for each cookie and tracking technology. Data controllers can obtain LGDP cookie consent that demonstrates their will in writing or by other means. It is the data holder’s responsibility to prove that cookie consent was obtained in accordance with the LGPD’s requirements including the right to withdraw consent.
  • California: In July 2020, CCPA enforcement began with the important aspects of the regulation including no requirement for prior consent for cookies, as well as, consumers being able to opt-out of cookies that are used as part of a “sale” of personal information.  In November 2020, the approval of the CPRA introduced the opt-out of “cross-context behavioral advertising” which can be considered a sale or “sharing” of information, and the introduction of the ” Limit the Use of My Sensitive Personal Information” button on websites. While the CPRA will go into effect in January 2023, websites can stay ahead of trends and create competitive advantages by testing new ways to comply today.
  • France: In October 2020, the CNIL shared new recommendations on the use of cookies and associated tracking technologies. Notably overturning their original prohibition on cookie walls, and highlighting that consent is necessary regardless of the nature of the data. In April 2021, the CNIL will begin enforcing against non-compliant organizations under its new guidance. Easily prepare now by downloading our CNIL Cookie Consent Toolkit today!
  • Ireland: In April 2020, the DPC provided updated guidance on the use of cookies and other tracking technologies. Including a report indicating an increase in enforcement against non-compliant businesses after the grace period, which ended October 5, 2020.
  • Spain: The Spanish DPA heavily revised their view of implied consent for cookies. Following an EDPB announcement on consent, the Spanish DPA issued updated guidelines concerning lawful consent and the outright prohibition of cookie walls which became effective for enforcement on October 31, 2020.



The Belgian DPA’s (APD) investigation found and reported GDPR infringements with IAB Europe’s Transparency and Consent Framework (TCF). Their report concluded the IAB Framework allows companies to swap sensitive information about people without authorization and controls for the process of intimate personal data that occurs in the real-time-bidding (RTB) system are inadequate.

IAB Europe responded to the Belgians DPA’s allegation, “While IAB Europe is currently assessing the APD’s report, we note that the findings point to several alleged compliance issues that stem solely from IAB Europe’s role as Managing Organization of the Framework. We respectfully disagree with the APD’s apparent interpretation of the law, pursuant to which IAB Europe is a data controller in the context of publishers’ implementation of the TCF.”

Next steps:

  • The report isn’t final – the APD has not technically found the TCF to breach the GDPR.
  • The IAB had until December 7, 2020, to issue their response, which prompted a process of review and counter-response.
  • In the meantime, the TCF’s technical operations are not affected by the report and will continue to function.


Google’s Privacy Sandbox

Google’s decision to end third-party cookies on its Chrome browser has been received well by many. First, Google has been praised for standing on the right side of the shift to tightening user privacy protections but also to strengthen its proprietary first-party data offering to keep advertisers still engaged.

Google’s Privacy Sandbox is intended to be private by default ecosystem. Involving three essential initiatives: disable third-party cookies, replacing the functionality of cross-party tracking, and mitigating privacy-reducing alternatives.

To address activities like personalization and single sign-in without cookies, Google has proposed trust tokens. Intending to combat fraud and spam, ad-measurement reporting, first-party data for ad tracking, a privacy-preserving WebID, first-party datasets while limiting other forms of tracking such as fingerprinting, browser cache inspection, and network-level tracking.


Alternatives to Third-Party Cookies

Website owners and marketers looking for alternatives to cookies can use their own data and insights to supplement. Examples include information triggered from email marketing, segmentation, and social media monitoring.

Other alternatives include:

  • Utilizing Identifiers. Establish the identifiers your business is using and progressively profile your visits. Then implement collection points across your website or mobile apps. And once captured, activate this data to understand your audience and segment them better.
  • First-Party Data. As described above, first-party data is information that is collected directly from your audience or user. Including data from behaviors, actions, or interests demonstrated across your website or app. Because there is no middleman selling you the data, this process of data collection provides transparency.
  • Paywalls. Digital subscriptions and paywalls have progressed over time as publishers have the flexibility over UX, the ability to sync subscription data and manage it efficiently. Additionally, now paywalls can offer choice and transparency. With increasing global regulations, most likely when a user visits a website, they’ll be prompted with a CMP to capture consent and preferences.


Let CookiePro Help

Ultimately, your goal is to meet consumer expectations, comply with privacy regulations, and adapt to industry standards. Obviously, this is not an easy task – but with the right solution, you can prepare now and make the degradation of third-party cookies a competitive advantage in 2022.

To learn more about third-party AdTech cookies and CMP banners, watch our webinar RIP Third-Party Cookies: How to Prepare, and Why You Still Need a Cookie Banner or request a 1:1 demo with our cookies experts to learn how CookiePro supports this transition.

Onetrust All Rights Reserved