Norway
Danmark

Third-party cookies are unreliable: How to build a first-party data strategy

June 25, 2026

Sondre Einarsen

Let's start with an important clarification: third-party cookies are not technically gone everywhere. In April 2025, Google chose not to implement the planned full phase-out of third-party cookies in Chrome. Instead, third-party cookies will remain as an option controlled by the user through Chrome's privacy settings.

However, for Nordic businesses, the conclusion is still clear: marketing should not rely on third-party cookies.

The reason isn't a single change. It's the sum of many. Safari limits the lifespan of cookies and other script storage through Intelligent Tracking Prevention. Ad blockers are stopping more and more tags. Browsers are tightening up on tracking. Across the Nordic markets, cookies and similar tracking technologies generally require prior consent unless they are strictly necessary. At the same time, GDPR sets strict requirements for how personal data can be collected, processed and used for marketing.

The problem is therefore not just technical. It is legal, commercial, and strategic.

The old way of measuring marketing is becoming weaker

Previously, many businesses could rely heavily on advertising platforms. Meta, Google, and other systems received a lot of data directly from the browser. Retargeting lists almost built themselves. Conversions were recorded relatively easily. Reports looked precise, even if they were never perfect.

Today, the picture is weaker. More purchases and leads are not correctly attributed back to campaigns. More users disappear between clicks, consent, browser restrictions, and checkout. More decisions are made based on incomplete data.

It then becomes dangerous to optimize marketing blindly based on the platforms' own figures. If the data foundation is weak, algorithms may also receive poorer signals to optimize against.

The solution is not to track more aggressively. The solution is to build a first-party data strategy that can withstand both regulations and technological changes.

What first-party data actually means

First-party data is data a business collects directly from its own platforms: website, online store, forms, CRM, email list, customer club, purchase history, support, booking, and newsletters.

The point is that the relationship is between the business and the customer, not between the customer and an unknown third party. This makes the data more robust, more relevant, and easier to use responsibly.

This is especially important in the nordics. Nordic customers expect clear digital experiences, transparent information, and high trust. If data collection feels hidden or manipulative, it harms the brand. If, on the other hand, it is clear, relevant, and useful, it can strengthen the relationship.

Consent is the start of the strategy

A good first-party data strategy starts with consent. Not as an annoying cookie pop-up that you just have to implement, but as a genuine control point in your data strategy.

Your company needs to know what data is collected, why it's collected, where it's sent, and what purposes the user has actually agreed to. Consent must also dictate what happens technically. If the user declines marketing, ad pixels and marketing tags should not fire regardless.

This isn't just about legal compliance. It's the foundation for reliable measurement.

Server-side tracking provides better control

Once consent and data mapping are in place, the next question is how data is technically processed. Here, server-side tracking is a crucial part of modern tracking setups.

Traditional tracking often occurs in the user's browser. This makes it vulnerable to ad blockers, browser restrictions, and short cookie lifespans. With server-side tracking, more of the data processing is moved to a server your company controls. This can lead to better data quality, improved performance, and more control over what is sent to ad platforms and analytics tools.

However, server-side tracking is not a shortcut around privacy. It doesn't automatically make the solution GDPR-compliant. Its value lies in control: your company gains an intermediary layer where data can be filtered, adapted, and forwarded based on consent and purpose.

With that infrastructure in place, the strategy can be built more controllably – not around maximum tracking, but around data your company is actually permitted to use.

Four steps to a practical first-party data strategy

The first step is to map data and consent. What cookies, pixels, forms, and integrations are currently on the website? What are their purposes? And are they actually governed by the user's consent choices?

The second step is to prioritize the most important events. Not everything needs to be measured. Start with the signals that truly matter: purchases, leads, add-to-cart events, qualified forms, bookings, and other actions that have business value.

The third step is to better connect your website, CRM, and ad platforms. Leads and customers shouldn't just exist in Google Analytics or Meta. They should be integrated into a system your company owns, so that follow-up, segmentation, and reporting can be built on your own data.

The fourth step is to segment based on consent and value. Differentiate between new leads, existing customers, high-value customers, inactive customers, and users who have actually given permission for relevant follow-up.

What works instead of classic retargeting?

As retargeting weakens, marketing must improve. Instead of chasing everyone who has visited a product page, companies should build relationships and valuable touchpoints over time.

Examples that often work better than classic cookie-based retargeting:

  • product guides, comparisons, and buying assistance that collect relevant leads
  • newsletters and email sequences based on explicit opt-in and interest
  • customer loyalty programs, benefits, and replenishment reminders for online stores
  • CRM-based audiences built on consent and actual customer relationships
  • webinars, expert articles, and lead scoring for B2B companies
  • improved search advertising and content targeting users who already have purchase intent

The point is not to replace one tracking method with another. The point is to build a marketing model where more of the signals come from your own customer relationships.

More data is not automatically better

A common mistake is to believe that first-party data is about collecting as much as possible. It's not. Poorly structured data only creates more noise.

A company that collects emails without clear consent, sends all leads to the same list, doesn't differentiate between customers and prospects, and doesn't measure qualified conversions, doesn't have a strategy. It just has more systems.

Therefore, tracking and analytics in 2026 should be less about “are we getting all conversions into Meta?” and more about “do we have a reliable basis for decision-making?”. This is also the right way to view services like Tracking & Analyzing. The value isn't in setting up as much tracking as possible, but in building a solution where consent, server-side tracking, CRM, GA4, and ad platforms work together in a way that marketing and management can actually trust.

The old model is on its way out

Third-party cookies may not be entirely gone in a technical sense. But the old way of doing performance marketing is on its way out.

The companies that will succeed going forward are not those who track users most aggressively. It's those who build better relationships, better measurement, and better decisions with data they are actually allowed to use.

Get more value from the traffic you already have. See how We Assist can help you with conversion optimization.

Need a steady partner for your next project?

We are the experts you can trust.

Contact us here!

Want to read more?

View all articles
View all articles