On July 22, 2024, Google announced that it would not proceed with third-party cookie deprecation in Chrome. Instead of removing cookie support, Google will introduce a user choice prompt — allowing Chrome users to decide for themselves whether to accept third-party tracking. The choice prompt model aligns roughly with how Firefox and Safari have handled privacy controls, moving cookie management from browser-enforced restriction to user-facing decision.
The four-year saga is over. Cookies aren’t going anywhere.
The question for the industry — the one everyone in adtech, publishing, and media buying is running through this week — is what this means for the substantial infrastructure built in anticipation of a cookie-free world.
What Actually Changed on July 22
Google’s announcement is more nuanced than the headlines suggest. The company is not reversing its privacy stance or abandoning Privacy Sandbox. The Privacy Sandbox APIs — Protected Audience, Topics, Attribution Reporting — will continue to be developed and available in Chrome. Google is maintaining that privacy-preserving alternatives to third-party tracking are important.
What’s changing is the mandatory enforcement mechanism. Rather than simply disabling third-party cookies for all Chrome users by a set date, Google will present users with an informed choice about their tracking preferences. This approach satisfies several simultaneous pressures: it responds to the CMA’s competition concerns (no single mandatory architecture), it maintains user agency (which regulatory frameworks in multiple jurisdictions require), and it removes the deadline pressure that has been driving industry chaos for four years.
The practical consequence is that third-party cookies will persist for users who accept them — which, based on every analogous choice architecture in digital products, will be a substantial majority of casual users who click “OK” or “Accept” without reading carefully. Privacy-conscious users, who are already largely using Safari or Firefox anyway, will likely opt out. The actual incremental cookie loss from this change may be smaller than the years of deprecation preparation would suggest.
The $1B Question: What Happens to Alternative Identity Infrastructure?
The industry has invested substantially in building the infrastructure that was supposed to replace cookies. The Trade Desk’s Unified ID 2.0 program has enrolled hundreds of publishers and DSPs. LiveRamp’s RampID has become a significant revenue driver. ID5, Criteo’s PAIR, and dozens of other identity resolution products represent meaningful engineering and commercial investment.
The immediate, and understandable, concern is that this infrastructure has just become unnecessary — that the market need it was built to serve has been solved by Google’s pivot to user choice rather than forced deprecation.
That concern is real but overstated, for several reasons.
First, the infrastructure was always solving a problem that existed beyond Chrome. Safari and Firefox together represent 35-40% of browser traffic without third-party cookies by default. Every DSP investment in cookieless bidding, every publisher investment in identity resolution, and every clean room deployment has present-tense value against that existing traffic. Cookie deprecation being indefinitely deferred in Chrome doesn’t change the safari/firefox situation.
Second, the user choice model will produce a cookie-bifurcated Chrome user base — users who accept cookies and users who don’t. The users who don’t accept cookies in Chrome are likely to skew toward the same demographic that values privacy tools generally: higher income, higher education, higher purchase intent. That’s not a population buyers should be comfortable ignoring.
Third, regulatory pressure on third-party data is completely independent of Google’s Chrome policy. The FTC’s commercial surveillance rulemaking, EU enforcement actions, and state privacy laws are constraining how third-party audience data can be collected and used regardless of what cookies do in Chrome.
What UID2 and RampID’s Business Cases Actually Look Like Now
The more honest question is whether the commercial case for identity resolution platforms is as strong as it was when Chrome deprecation was the forcing function.
The Trade Desk’s UID2 program was explicitly designed as a cookie replacement: a shared, industry-operated identity graph that would provide targeting and measurement capabilities equivalent to cookies in a cookieless environment. With cookies persisting in Chrome, the “replacement” framing weakens considerably.
What UID2 still provides that cookies don’t: cross-device matching across mobile, CTV, and browser environments. Third-party cookies never worked on mobile apps or CTV. UID2, RampID, and their equivalents are the only way to extend audience targeting consistently across screens. That use case — cross-screen identity — is not solved by cookie persistence in Chrome and remains a real and growing commercial need.
What UID2 overpromised: that scale of adoption would quickly reach the threshold needed to match cookie targeting quality in open exchange. Publisher enrollment in UID2 has grown significantly, but pass rates — the percentage of bid requests that arrive at DSPs with a valid UID2 signal — remain well below cookie resolution rates. The cross-screen case is real; the “as good as cookies” case is not yet real.
LiveRamp’s RampID sits in a slightly different position. RampID was always primarily a data collaboration tool — enabling advertiser CRM data to be onboarded and matched with publisher first-party data for audience activation and measurement. That use case is unaffected by cookie persistence. The onboarding, matching, and clean room workflows that RampID powers exist because they solve problems that cookies never solved.
The Contextual Targeting Industry’s Awkward Position
The contextual targeting renaissance of 2021-2024 was explicitly positioned against cookie deprecation. Startups and incumbents across the contextual stack — GumGum, Seedtag, Peer39, IAS, DoubleVerify’s contextual products — raised capital and built market presence on the premise that context would be the core targeting signal in a cookieless world.
That premise has complicated. The contextual targeting market is still healthy — contextual is genuinely useful for brand safety, content alignment, and targeting in environments where user data is absent or restricted. But the “contextual as cookie replacement” story has weakened materially.
The honest positioning for contextual in a cookie-persistent world: it’s an important complement to audience targeting, not a replacement. For campaigns where context and content alignment matter — brand advertising, premium placements, sensitive category adjacency — contextual remains the right tool. For performance campaigns where individual-level targeting matters, contextual doesn’t compete with identity-resolved audiences.
What to Actually Do This Month
The industry spent four years preparing for something that didn’t happen. The useful response is not recrimination but recalibration.
First-party data programs built for cookie indifference are assets. Keep building them. Clean room infrastructure deployed for cookie alternatives has cross-screen and regulatory use cases. Keep using it. UID2 and RampID publisher integrations that were built for Chrome are already generating value on Safari and Firefox. Keep them live.
What to recalibrate: the narrative. Cookie deprecation as a forcing function is gone. The business cases for identity and first-party data infrastructure need to stand on their own — and the good news is that the genuine use cases (cross-screen targeting, CRM activation, measurement accuracy, regulatory resilience) are strong enough to support the investment without a Chrome deadline to justify them.
FAQ
Q: Will Google’s user choice prompt actually result in many Chrome users opting out of cookies? Most digital consent frameworks that present opt-in/opt-out choices see opt-out rates below 20% for casual users presented with default-accept prompts. Chrome’s user choice prompt design hasn’t been finalized, but if it follows similar UI patterns, the functional impact on cookie availability across the Chrome user base may be modest — concentrated among privacy-motivated users.
Q: Does Google’s decision affect the Privacy Sandbox APIs already deployed in Chrome? No. The Protected Audience, Topics, and Attribution Reporting APIs remain available in Chrome and will continue to be developed. Google has positioned these as tools that advertisers and publishers can use, not as mandatory replacements for cookies. Adoption is now commercial rather than mandated.
Q: What does this mean for publishers who built subscription walls and registration gates specifically to generate authenticated audiences for cookie-free targeting? Those audiences have significant value that exists independent of Chrome’s cookie policy. Authenticated publisher audiences generate CPM premiums in any environment. The investment in user authentication is a durable revenue and business asset, not a hedge against a specific technical event.
Q: Should SSPs and DSPs that invested in Privacy Sandbox API integration unwind those investments? No. Privacy Sandbox integration provides value for cookieless traffic that already exists (Safari, Firefox) and for Chrome users who opt out of cookies in the new choice prompt. The integration work is not wasted — it’s infrastructure for an audience segment that is already real and will remain so.