Written by Neil Collins, Managing Director, Google Technology Practice, Merkle UK; Louise Heaven, Product Partner, Google Technology Practice, Merkle UK

The growing challenge of signal loss

For years, third-party cookies have been the backbone of digital advertising, allowing brands to track users across websites, understand customer journeys, and optimise media spend. These small pieces of code, placed on a user’s browser by websites other than the one they are visiting, have enabled advertisers to run targeted campaigns, refine audience segmentation, and accurately attribute conversions. 

But now, the digital marketing landscape is changing. In 2025, the phasing out of third-party cookies will continue, alongside the ongoing impacts of Apple’s privacy restrictions and global data privacy regulations such as GDPR and CCPA. Over 75% of the world’s population is now covered by data protection and privacy laws (Gartner), making compliance more than just a legal necessity: it’s a competitive imperative. 

The consequences for marketers are profound. Without third-party cookies, brands lose the ability to track and attribute conversions effectively, reducing the accuracy of audience targeting and driving up customer acquisition costs. Data gaps make it harder to optimise budgets and measure campaign effectiveness, while regulatory fines for non-compliance can reach up to 4% of annual revenue for brands. As tracking methods evolve, businesses must shift to privacy-first measurement and first-party data strategies, or risk losing their competitive edge. 

ICO’s 2025 crackdown: why this matters now

The UK’s Information Commissioner’s Office (ICO) is intensifying its focus on compliance, making tackling cookie deprecation even more urgent for brands. In January 2025, the ICO announced an expanded crackdown, increasing scrutiny from the top 200 to the top 1,000 UK websites to ensure compliance with data protection and privacy laws. The focus now extends beyond websites to include apps and connected TVs, reinforcing the shift toward a privacy-first digital landscape where users have greater control over their data. 

For brands, this increased scrutiny means ensuring that consent management platforms and tracking practices align with regulatory expectations. Non-compliance not only exposes businesses to legal and financial risks but also damages consumer trust. As public awareness of privacy rights grows, brands that fail to demonstrate transparency and respect for data privacy may struggle to maintain customer relationships. 

How brands can recover lost conversion data and stay competitive

With third-party cookies disappearing, brands need to rethink their approach to measurement and attribution. Many businesses are turning to privacy-first marketing strategies that comply with regulations while still delivering meaningful insights. There are some excellent tools and technologies that can be implemented to help:  

• Google Enhanced Conversions leverages hashed first-party data to improve attribution accuracy.  
• Google Consent Mode adjusts tag behaviour based on user consent. Conversions are recovered for users consenting to analytics tracking.   
• Facebook Conversions API (CAPI) allows advertisers to send server-side signals directly to Facebook, preserving conversion tracking despite the loss of cookies. 
• Server-side tagging (sGTM) shifts data tracking from browsers to secure servers. This method not only enhances compliance but also ensures data is transmitted more reliably to advertising platforms.  
• Data clean rooms offer a privacy-safe way for brands and platforms to collaborate, enabling analysis and audience segmentation without exposing personally identifiable information. 

Marketing measurement is evolving from reliance on individual-level tracking to a combination of aggregated, modelled, and first-party data-driven insights. Brands that adopt these solutions now will be better equipped to navigate the post-cookie world, optimising their media spend and maintaining effective customer engagement.

Case study: how Specsavers recovered lost attribution and optimised marketing spend

As a leading optical retailer, Specsavers relied on Facebook as a core acquisition channel. When privacy restrictions tightened, the company faced a sharp increase in cost per acquisition, rising by 233%, while up to £700k in weekly revenue became unattributable. Without accurate conversion tracking, media budget allocation suffered, and audience list building became significantly more challenging. 

Merkle, dentsu’s customer experience agency, worked with Specsavers to implement a privacy-first data strategy that restored lost attribution and improved targeting. Server-side tagging was introduced through Google Tag Manager, enabling secure, privacy-compliant data transmission. Facebook Conversions API was also deployed, allowing hashed first-party data to be matched with ad interactions. 

The results were immediate and measurable. Specsavers recovered 30% of previously lost conversions, regaining visibility into ad performance. Facebook’s Event Match Quality Score improved from 4.5 to 8.3, enhancing the precision of audience targeting. With a clearer picture of customer behaviour, Specsavers was able to optimise its advertising spend and improve campaign performance. This case study demonstrates that brands investing in privacy-compliant data strategies can maintain – and even improve – their marketing effectiveness despite the loss of third-party cookies.

How Merkle’s privacy transformation audit helps brands stay ahead

With privacy regulations evolving and third-party tracking fading, brands need a structured approach to compliance and data resilience. Merkle offers a Privacy Audit that is designed to fast-track compliance while maximising durable data collection for marketing measurement. 

The audit provides a comprehensive review of a brand’s current data practices, starting with cookie categorisation checks to ensure compliance with ICO standards. It also examines consent banner performance, recommending optimisations that improve opt-in rates without sacrificing user experience. Another key focus is validating cookie triggers, ensuring that non-essential cookies are deployed only after explicit consent is given. 

Beyond compliance, the audit also helps to future-proof marketing measurement. By identifying opportunities to implement enhanced conversions, CAPI, and modelled attribution techniques, brands can maintain visibility into customer behaviour while respecting data privacy. The service can be delivered in under two weeks, with pricing starting from £5,000 per domain, making it an accessible solution for businesses looking to strengthen their data strategies.

What’s next? The future of privacy-first marketing

As we have mentioned, as third-party cookies are increasingly phased out, marketers must move beyond traditional tracking methods and embrace privacy-first approaches. One key shift is the transition from observed to modelled data, with techniques such as marketing mix modelling providing reliable insights even in a fragmented data environment. First-party data strategies will also become increasingly important, with CRM and loyalty programmes playing a greater role in customer engagement. 

Privacy-safe activation methods will be crucial in maintaining effective digital marketing. Data clean rooms, walled gardens, and identity-based solutions offer alternative ways to connect with audiences while adhering to evolving privacy regulations. Brands that adopt these strategies early will gain a competitive advantage, ensuring that their measurement and attribution frameworks remain robust in the post-cookie era.

Adapt, or lose visibility and risk rising costs

The privacy landscape is changing rapidly, and brands that fail to adapt risk losing visibility into their customer journeys, struggling with rising costs and potential regulatory penalties. To stay ahead, marketers must assess their current compliance and measurement setup, shift toward first-party and modelled data solutions, and implement privacy-first marketing technologies like server-side tagging and data clean rooms. 

Merkle’s Privacy Audit provides the guidance brands need to navigate these changes with confidence. By ensuring compliance and optimising data collection, businesses can not only avoid regulatory risks but also enhance their marketing performance in a privacy-first world.

To learn more, contact us and take the first step toward futureproofing your data strategy.