The Impact of Privacy First

by Veronica BrQuimby Melton
Co-Founder & CEO, Confection

In the years to come, we’ll primarily remember 2020 for its economic chaos and unrelenting healthcare crises. And rightly so. However, in the background of our fragmented, cloistered lives, “privacy first” also gained a lot of momentum.

This matrix of cultural trends and technological changes attempts to give everyday users better control over the information they share online. Along with privacy laws like CCPA, GDPR, and LGPD, the privacy first movement includes Google’s decision to end support for third-party cookies in Chrome and Apple’s plan to force developers to obtain iOS users’ consent before tracking their behavior. Anticipating a privacy-first future, we now see Facebook fighting Apple and Google alienating many of its (increasingly confused) customers. Putting even more pressure on the system, we also see the emergence of antitrust suits, Google’s continued alienation of devs and advertisers, and significant European resistance to Google’s privacy sandbox (a walled garden masquerading as a sort of consolation prize).

Google, Facebook, martech SaaS vendors like those we list here, agencies, professional marketers, businesses, and even everyday web users — the entrenched members of a once stable stellar system are quickly becoming increasingly unstable, fusing heavier and heavier elements, building toward what will almost certainly be a spectacular supernova breakdown.

The Confection team navigates this risky, exciting, radioactive space every day.

We’re building a new standard for utility, compliance, and identity management, a sort of energy grid for a better web. Our product architecture can help all these players thrive in privacy-first browsing environments. Customer relationships and marketing partnerships can continue, even in browsing environments that limit cookies, scripts, and persistent identifiers, and our app will help our customers comply with international data privacy laws.

So we can build solutions to the various challenges created by privacy first, we monitor the kinds of competing interests, battle lines, looming disruptions, and opportunities outlined above. For example, we’ve identified hundreds of companies and tens of thousands of cookies, scripts, pixels, and trackers that will be rendered obsolete by privacy-first browsing. (Find our “Third-Party Cookie Graveyard” here.)

We also help businesses understand the ways privacy first will impact their day-to-day marketing efforts and bottom lines. (Find or request your business’ free, customized risk assessment here.)

As we monitor the privacy first state of play, we’ve noticed something important:

Professionals tend to position privacy first in forward-looking terms, as if it’s something that’s going to happen, as if it’s something we need to prepare for (and have time to prepare for). However, the privacy-first reality — along with all its accompanying economic disruptions, technological challenges, and profound opportunities — is very much part of the here and now. It’s a present and even backward-looking problem.

In many ways, the privacy first supernova has already happened, and we’re already living with the consequences and a staggering, largely unacknowledged gas cloud of waste. The shockwave just hasn’t reached us yet.

But it will. And here what it’s going to look like when the ferocious lightshow finally comes into view.

We Are Stardust

This privacy first’s primary disruptive vector:

Privacy-first browsing environments block cookies and certain scripts and restrict persistent identifiers such as browser, user, and device IDs. This means marketing apps can’t send data to your account. And when enrichment and analytics tools, ad platforms, and CRMs can’t send data to your account, they can’t add much value to your business’ marketing efforts. Whatever time and money you invest in them will be effectively wasted. In fact, as you’ll see below, at this very moment, they’re probably already 20-25% less effective than you think.

Let’s translate this macro-level theory into micro-level practice.

In our research, we’ve found over 72,000 cookies, pixels, scripts, and trackers that are blocked in privacy-first browsing environments.

Note, while “cookie” is a specific technology, we often use the word casually, as a synecdoche for all data-gathering mechanisms. As such, when we talk about the “death of third-party cookies,” we’re actually talking about the end of first- and third-party data gathering at large.

In other words, the privacy-first movement and the “end of cookies” is about much more than just the end of third-party, client-side data storage. In reality, privacy first represents the end of the way marketers and developers have gathered (and used) online data for 25+ years.

I think this is probably why the impact of privacy first is less-than-well understood: it’s a linguistic issue. The reality, though, is quite clear:

Blocking 72,000+ cookies, pixels, scripts, and trackers affects over 750 martech companies, many of whom are household names.



It’s easy for businesses to write this off as a peripheral issue, as something that affects a few web users who use fringe browsers like Tor or Brave. However, this is a mistake. Doing so has consequences today — as it has for three years — and it will have even greater consequences going forward.

Consider the following graph.

It illustrates two things: (x) the year a browser stopped (or will stop) supporting third-party cookies by default and (y) the percent of web users affected by this change. (“By default” means a browser no longer supports third-party cookies “out of the box.” While a user could, theoretically, enable them manually, the vast majority won’t.)

As you can see, businesses haven’t been able to track or advertise to a steadily increasing number of web users since 2016. We saw a big jump in 2017, and we’ll see an even larger spike in 2022. By 2025, just about every web user will be untrackable and unreachable.



Safari and Firefox have a combined usage share of 20-25%. This means that right now, at this very moment, most of your marketing apps, partnerships, and integrations aren’t able to reach or track one out of every 4-5 web users. And this has been true for three years.

Note that, while we generally talk about privacy first in forward-looking terms, Safari and Firefox haven’t supported third-party cookies since 2017. This means the investments you make in your CRM, DSP, marketing automation tools, programmatic ads, &c. — they’re only, at most, 75-80% effective. 20-25% of your time and money are effectively wasted, and that’s true every hour of every day.

As alarming as this is, by 2022, the current state of affairs will look attractive by comparison. By then, only Microsoft browsers and Opera may continue to support third-party cookies by default. With a collective usage share of < 7% today and < 3% in 2025, that’ll leave 93-97% of web users unreached and untracked.

When Google phases out support for third-party cookies in Chrome, your marketing apps, partnerships, and integrations won’t be able to reach or track three out of every four web users. By 2025, this will be true for virtually every web user.

This state of affairs creates a staggering amount of waste.

Let’s put some numbers to it. Right now, at this very moment:

  • 20-25% of interested leads and their data will never reach your CRM.
  • 20-25% of events — pageviews, clicks, downloads, &c. — will never reach your analytics system.
  • 20-25% of your digital ads will go unseen.
  • 20-25% of your user IDs will be incorrectly separated or incorrectly mixed together.
  • If you spend $10,000/mo on a marketing app, partnership, or integration, you’re wasting $2-2,500 each month. That’s $24-30,000 per year.

By 2022, all these figures will jump to 75%.

If you spend $10,000/mo on a marketing app, partnership, or integration, you’re suddenly wasting $7,500 each month. That’s $90,000 per year.

Why don’t more people realize what privacy first is costing them right now? To discover the disconnect, like Gary Bernhardt (below) you’d have to be monitoring two well-integrated systems and know what you’re looking for.

<blockquote class=”twitter-tweet”><p lang=”en” dir=”ltr”>Our client-side integration with Mixpanel lost ~50% of events to ad blockers. I know this because of our &quot;Upgrade To Paid&quot; event: the actual subscription count in Stripe was always around half of what showed up in Mixpanel. Now I&#39;m removing all client-side analytics.</p>&mdash; Gary Bernhardt (@garybernhardt) <a href=”https://twitter.com/garybernhardt/status/1338679291182080000?ref_src=twsrc%5Etfw”>December 15, 2020</a></blockquote> <script async src=”https://platform.twitter.com/widgets.js” charset=”utf-8″></script>

If you’re just using one CRM or analytics tool or not looking for discrepancies between two systems, you’d never see the waste because you can’t see what your system doesn’t collect.

Confection is helping insure companies against privacy-first disruptions. We built it to work with the apps you already use. Instead of disrupting and replacing existing relationships, our product will help you keep using your marketing partners in privacy-first browsing environments. Get started now. It’s free to start, and just pennies after that.

And good news: no matter what kind of site or application you have, installation is simple and takes about :05 Learn more in our quick-start guides.


Have questions? Email us at get@confection.io Want to learn more about our product, read our deck.