What is SameSite? [The Fallout from Google Chrome’s SameSite Cookies Update]

By Tinuiti Team

As a precursor to the many internet privacy changes to follow, Google in 2020 made a SameSite cookies update to its Chrome Browser. In this article, we’ll explain what that means for marketers and some glitches it may be causing on your site that could lead to the loss of valuable data on conversion tracking. 

What is SameSite?

Prior to the onset of COVID-19, consumer privacy was the biggest hurdle digital marketers and advertisers were expected to face in 2020. California launched the first wave of privacy regulation with CCPA, Apple commandeered privacy, and Google announced the death of the cookie by 2022.

While 2020 was a veritable cornucopia of privacy headlines, lost in the mix was a small, but significant change implemented by Google–the enforcement of the SameSite cookie attribute. 

What is the SameSite cookie update?

Beginning with Chrome 84, released in August 2020, Chrome stopped supporting cross-site third-party cookie sharing by default. This means data collected on a website (the first party), will no longer be shared with the company that placed the cookie (the third party) unless action is taken.

SameSite provides a way for developers from Adtech companies like Google, Facebook, and Criteo to explicitly specify how their cross-site cookies work on a website.  If set up correctly, it lets the browser know that the cookie should be there and what it’s doing there, and it’s free to communicate with the third party.

The good news is that companies like Google, Microsoft, and Facebook have implemented the change correctly across their products. Criteo has also actively worked with its partners to protect their data supply chain.

But as of June 2020, only 33% of cookies were set up correctly (source: HTTP Archive). This means data collection outside of Google and Facebook could be restrained and possibly undetected in the short run. 

Keep in mind that the data supply chain is exactly that, a chain. If one partner has not implemented the change correctly, it messes up the flow of data. The chain is only as strong as its weakest link. Brands that rely on bad data could start to see disparities between metrics reported in various systems.

What is the potential negative impact if SameSite is not implemented correctly?

 The following sources/channels could be impacted in a negative way (if SameSite is not implemented correctly):


What are the next steps for marketers?

For business owners and publishers, it’s important to make sure your cookie settings are up-to-date on your website. Here’s a quick way to check if a site may be adversely impacted by the changes:

The SameSite warnings look like this:  

Most brands cannot implement a change directly themselves. Since cookies are set by third parties, it’s the third-party that needs to make the change. If cookie errors are present on the website, brands should push on the ad-tech developers (3p) to update their cookie with the SameSite attribute: ‘SameSite=None; Secure’ to ensure browsers like Chrome or Edge accept their cookies.

If you see errors for the domain (or another tag manager), it usually means that cookies placed within the tag manager have an error. Brands should also audit all their experiences to address challenges described in the “What’s Happened” section above. 

To find out everything you need to know about the new restrictions, cookies, IDFA, first-party data, and all things privacy from our Tinuiti experts, check out The Future of the Web


You Might Be Interested In

*By submitting your Email Address, you are agreeing to all conditions of our Privacy Policy.