27th March 2017


You’d be forgiven for having a sense of déjà vu when reading the phrase “beyond the cookie.” Haven’t we had this debate already? Well, yes, we have. In 2011, the EU ePrivacy Directive (often known as the Cookie Law) required publishers to notify consumers about the use of third-party cookies and to provide them with an opt-out. Many of us feared that this new era of transparency and control would cause a plummet in cookie-data volumes for use in behavioral targeting, but it wasn’t the case. Far from obsolete, online advertisers continue to rely on cookies for audience targeting, attribution, and consumer insight. And so they should—because cookies continue to provide a simple, scalable, and precise solution for all of the above.

Now a new threat looms. In 2018, the General Data Protection Regulation (GDPR) will raise the stakes again—its scope spans the full gamut of online identifiers and ramps up the level of choice and control that consumers will have in relation to their data. Crucially, it is likely to classify cookies as personal data. The implications of this are considerable—as are the fines that businesses will incur if they don’t comply.

This is not the death of the cookie, but it is certainly a major threat to the current way in which marketers are approaching online data. Marketers will need to adapt their strategy and their systems as a result—but they should view this as an opportunity as well as a threat. GDPR should encourage us to explore more innovative types of data and, ultimately, employ a more diverse data strategy.