Blog

    Why Cookies Still Matter for Privacy, Trust, and Your Data Strategy 

    Last updated: October 14, 2025

    Cookies Aren’t Crumbling (Yet), But Your Compliance Might Be

    Will Google kill the third-party cookie this year? Maybe. Probably. Eventually? 

    At this point it is like waiting for a band to go on “one last tour” for the fifth time. But here’s the thing: Whether third-party cookies finally crumble, they are creating compliance headaches—and strategic blind spots—for publishers and marketers. 

    As Bettina Lippisch, Omeda’s VP of Privacy and Data Governance, pointed out during her talk at OX8, cookies are more than tech—they’re potentially capturing a sharing personal data of your site visitors. And the laws are catching up. 

    “Cookies collect PII. What you looked at, where you went, how long you were there, where you logged in from—it’s all data. And it’s all subject to the same rules.” 

    So yes, even that pixel buried in your lead-gen form matters. 

    Essential cookies (think: access management, cart functions) are one thing. But once you venture into analytics and marketing tracking, consent becomes critical: 

    • You need clear disclosures of which data is being collected, how it’s being used, and whom it might be shared with.
    • You need meaningful user choices about consenting to data use – especially when PII is involved. 
    • And you need to regularly conduct cookie audits to evaluate which data cookies are collecting and for what purpose.  

    And not just for the sake of regulators (though, they’re watching 👀). It’s first about creating trust with your audience through transparency. Bettina puts it this way: 

    “A subscriber who trusts you is more likely to give you more data. If you’re doing lead gen, if you’re personalizing content, trust fuels it.” 

    What Does Good Cookie Governance Look Like? 

    Let’s break it down: 

    • Transparency: Spell out what you’re collecting and why. Yes, even if everyone hates cookie banners, making it easy to opt-out to specific tracking is critical, and being honest about what you are using the data for is the gold standard 
    • Choice + Control: Let users say no. And honor their choice without punishing them with a bad experience. 
    • Review & Document regularly: Tools change, tags sneak in, teams forget to flag things. Make audits a habit and pay close attention to which data, especially PII, each cookie collects and document it for reference. 
    • Data Minimization: Don’t collect what you don’t need. If you’re not using data, don’t collect it just because your tool can.  

    Cookies might be “just a string of text,” but the risks are real. The more data they collect, the greater your liability. So next time someone installs a new tool or tags a landing page, ask: 

    • Do they know what it collects and from whom?
    • Did you tell your compliance team about any PII?
    • Does our privacy policy reflect it?
    • Do our users understand it and can they opt out? 

    If not, it’s time to bake cookies into your privacy and data governance strategy. Not just your website. 

    What About Ad Cookie Compliance? 

    Third-party advertising cookies are where things get especially dicey. 

    These cookies don’t just track basic user behavior on your site. They follow users across domains, tie behavior to identifiers, and often feed into larger ad networks or programmatic systems with potentially risky privacy practices. That means you’re not just collecting data—you’re sharing it without even realizing it. 

    “Marketing cookies require a higher standard. You can’t just assume consent. You have to offer clear choices—and respect them.” 

    And with new state privacy laws in effect (and more coming), these aren’t optional nice-to-haves. States like California, Colorado, and Connecticut have rules that treat this kind of tracking as a data sale or sharing, potentially triggering opt-out requirements. 

    Here’s the catch: 

    • Many sites still load ad cookies before users opt in 
    • Many cookie banners bury or mislabel advertising tracking and sharing 
    • And many teams don’t realize what cookies are in use, even if they are no longer part of their marketing flows 

    It’s not always intentional. But ignorance won’t protect you from a complaint or enforcement action. Neither will a banner that makes opting out feel like trying to cancel a gym membership. 

    Ask yourself the following questions: 

    • Have you audited your ad tech stack recently? 
    • Do you know which vendors are placing cookies on your pages and which data they collect? 
    • Are you offering a clear, easy opt-out for marketing cookies? 
    • Do you have documentation to prove it? 

    If the answer is “I think so,” it is time to double-check. 

    Transparency. User control. Innovation. 

    The goal is to balance transparency, user control and innovation. 

    You want to launch smart new features, roll out AI-powered tools, and build high-performance campaigns. But to do that sustainably, you need a plan that bakes privacy and governance in from the start—not as a compliance afterthought. 

    “You don’t want to roll it out fast… and then have to start over,” Bettina warned. “Put a good privacy program in place now, and you’re not just checking boxes—you’re building trust.” 

    Want to learn more about how Omeda can help you stay compliant and collect the first-party data your business needs to thrive? 

    👉 Let’s talk.

    Subscribe to our newsletter

    Sign up to get our latest articles sent directly to your inbox.