How can your business collect more first-party data? What is going to happen to digital advertising when third-party cookies go away? Wait a minute…what’s the difference between first-party and third-party data, anyway?

There’s been a lot of chatter around the upcoming cookieless world and a lot of new terms and phrases have been floating around the ether. Whether you’re concerned about the impact of the deprecation of cookies on your PPC campaigns, SEO efforts, tracking and analytics, or conversion rate optimization, we thought it would be helpful to take a step back and provide a glossary of these terms as a reference. As additional cookieless terms evolve, we will add them to this glossary.

Do you have questions about how to include planning for the upcoming cookieless world in your digital marketing strategy?

Contact us to learn more about how we’re helping our clients position themselves for the cookieless world as part of our strategic, data-driven approach to digital marketing.



California Consumer Privacy Act – Privacy regulation in California that regulates the selling of personal information, the CCPA was signed into law in 2018 and went into effect January 1, 2020.


Cookies are text files with small pieces of data. Cookies let websites remember you, your website logins, shopping carts, and more.

Cookieless tracking

Cookieless tracking is a process of tracking that does not involve dropping cookies on browsers, so users won’t receive personalized ads and their actions will not be documented.

Cookieless World

The cookieless world is a phrase used to refer to a future when third-party cookies are deprecated, either because technology doesn’t use them anymore or because regulations make it difficult to use while complying.

Zero-, First-, and Second-party cookies are not talked about as being deprecated, currently.


When a website visitor explicitly acknowledges and agrees to a policy. This shouldn’t be just an “I agree” button, but an unchecked checkbox (opted-out by default) and implications explained in plain language where the choice is being made. A reference should be made linking to a more complete/legal definition of the consent policy.

Customer data platform

A customer data platform (CDP) is a system designed to collect customer data from all sources to build unique and unified customer profiles. It’s a database that can interface with other marketing technology systems and a viable tool in first-party data strategies.

Data clean room

A data clean room is software that brands and advertisers use to run digital advertising in a privacy-friendly way. Each uploads their first-party data and that data is aggregated to provide each the ability to target, track, and measure campaigns.

Data clean rooms prevent any user-level data from being accessed outside of the data clean room so no data is shared or exchanged among its users.

Data lake

Data repository that can store structured and unstructured data.

Data subject access requests

A right users have that allows them to access, correct, or delete their data.

Data warehouse

A data warehouse is a data management system that stores current and historical data from multiple marketing sources for the purpose of performing business intelligence activities like queries and analysis for business insights and reporting.

Deterministic identity resolution

A high-confidence approach to identity resolution using first-party data, based on what you know to be true.

First-party cookies

First-party cookies are created and used on a single domain. A small amount of text is stored on the user’s computer. They don’t share information with other websites or advertising partners. It allows site owners to collect customer analytics data, remember language settings, and carry out other valuable functions that help provide a good user experience.

First-party data

Data collected from the customer, usually from website engagement. This is sometimes grouped together with zero-party data e.g., user visits on a mobile device in USA, watches a video, and visits pages A, B, & C.


GA4 is the latest version of Google Analytics which combines data from apps and websites. GA4 was announced in 2020 to help address user privacy as well as cross-device and -platform tracking concerns and uses machine learning to fill in data gaps where user consent is not given for tracking.


General Data Protection Regulation – EU privacy regulation, often used as a reference or benchmark to compare other data privacy regulations. It was enacted in 2016 and went into effect May 25, 2018.

Google analytics consent mode

A feature in GA4 that allows for delaying of tracking until the user performs an action on the site, usually agreeing to a privacy policy.
PII Personally Identifiable Information e.g Emails, Phone numbers, Addresses, social security numbers, etc.

Privacy by design

Design technique where personal data is protected by default because it is integrated into the technology used.

Privacy impact assessment

An analysis of how PII is used in an organization to determine compliance with various regulations.

Privacy policy

A privacy policy is a statement or a legal document that states how a company or website collects, handles and processes data of customers and visitors.

Privacy Sandbox

Privacy Sandbox is a Google-led initiative which uses APIs to preserve user privacy during ad selection, conversion tracking, and other digital advertising purposes.

Probabilistic identity resolution

A lower confidence approach to identity resolution based on predictions from statistical modelling.

Progressive profiling

A method to collect data from users without having them fill out a long form. Initially, a form asks only the necessary info (name + email), but as the user engages more, additional questions get asked such as preferences, occupation, etc.


A process that replaces PII with a placeholder value.

Right of access

The right users have to access their data.

Right to be forgotten

A right users have that allows them to request their data be deleted.

Second-party data

Someone else’s first-party data, often from a business partnership. e.g. Agency X partners with its clients to pool customer data. The clients have first party data and the agency uses second party data to inform strategy. Platforms such as Google, Facebook, etc. use second party data passed from advertisers to match conversions to identifiers.

Server-side tagging

A data collection and processing method that sends data to your cloud-hosted server, i.e., passing data from a website’s HTTPS server and not the browser (Chrome, Safari, etc.).

Server-side tracking

Using the data from a website’s server to create events that are sent to analytics for the purpose of understanding the user journey and engagement.


Sharenting is the practice of parents publicizing sensitive content about their children on internet platforms.

Third-party cookies

Third-party cookies are created and placed by third parties other than the website you visit directly and are mostly used for tracking and online advertising purposes. They are placed on a website by someone other than the owner (a third party) and collect user data for the third party, e.g., Facebook places a cookie on your website for the sole purpose of tracking you across the internet to serve you ads.

Third-party data

User data that companies purchase and share with other businesses, e.g., sells and buys user data to and from to serve ads or to target more customers.

Walled gardens

An ecosystem which keeps its technology, information, and user data to itself, with no intention of sharing it, e.g., Facebook, Amazon, or Apple.

Zero-party data

Data provided directly from consumers; usually refers to email address, names, number, or communication preferences and includes form/checkout data, e.g., user visits and willingly enters their information to get a service offered by