Blogprivacy regulationsdisplay advertising

How Privacy Laws and Browser Settings Are Reshaping Publisher Ad Revenue

GDPRad blockersSafari ITPFirefox ETPGoogle Chromethird-party cookiesfirst-party cookiesconsent managementdevice fingerprintingRTBaudience targetingDSPad networksSSPfirst-party dataemail ID resolution

How the Privacy Narrative in Display Advertising Has Evolved

Google Chrome's announcement that it would stop supporting third-party cookies by 2022 generated considerable press — and for good reason. It marks the end of a display advertising paradigm that publishers have operated within since the mid-2000s.

Chrome's move is effectively the death knell of third-party cookies, and a clear signal that the future of display advertising will be built around privacy first. But even before that change takes full effect, privacy legislation like the GDPR and browser-level privacy features — ad blockers, Safari's ITP, Firefox's ETP — have already been eroding publisher ad revenues for years.

Here's a look at the key developments that have shaped this narrative and what they mean for publishers.

Ad Blockers

Publishers have been contending with ad-blocker browser plugins since the mid-2000s, and adoption has climbed steadily ever since.

Most ad blockers work by blocking JavaScript originating from domains on a blacklist and preventing elements with ad-related class names and alt text — think class="advertisement" or alt="ad" — from loading. In practice, this means ad tags from AdTech platforms (ad servers, DSPs, ad networks) fail to load entirely, cutting off the ad revenue that would otherwise flow to publishers.

Because these plugins prevent AdTech JavaScript tags from executing, they don't just suppress ad display — they also prevent third-party cookies from being created in the first place. The financial impact is immediate and severe: lost ad revenue from ad blocking runs to many billions of dollars per year.

Privacy Laws: The GDPR

Nearly two years after the European Union's General Data Protection Regulation came into force, its impact on publishers has been uneven — and the divide tracks fairly closely with compliance behaviour.

Publishers that have made a genuine effort to comply with GDPR requirements — selecting consent (rather than legitimate interest) as the lawful basis for advertising data processing and implementing proper consent collection flows — are seeing effects comparable to ad blockers: smaller addressable audiences for advertisers, which translates directly to lower ad revenue.

Publishers that have taken a looser interpretation of compliance, on the other hand, have faced a less severe financial hit. Common non-compliant approaches include assuming consent without explicit collection, blocking site access unless users opt in to data processing, and continuing to fire advertising partner tags even after a user has declined a data-processing request. These tactics prop up short-term revenue, but at clear legal and reputational risk.

Privacy Settings in Web Browsers

Over the past several years, Safari and Firefox have made incremental but significant changes to how they handle cookies, local storage, and other tracking mechanisms — including device fingerprinting — with the stated goal of strengthening user privacy.

Safari moved first. In 2015, Apple began allowing iOS users to install content blockers, downloadable from the App Store, that could prevent ads and tracking cookies from loading in the Safari browser on iPhones and iPads.

Then in 2017, Apple introduced Intelligent Tracking Prevention (ITP), which took things further. ITP blocks third-party cookies by default and also limits how long first-party cookies and locally stored data can persist. The third-party cookie blocking directly undermines audience targeting and retargeting via RTB, while the limits on first-party cookie and local storage duration cut into the workarounds that AdTech companies had developed to identify users in the absence of third-party cookies.

Firefox followed a similar path in 2019, blocking third-party cookies by default and restricting alternative identification methods like device fingerprinting through its Enhanced Tracking Prevention (ETP) feature.

With Chrome now committed to following suit by 2022, the trajectory is clear. What was once a patchwork of browser-specific restrictions will become a universal condition across the three most widely used web browsers. The outlook for the display advertising ecosystem as it currently exists is difficult — fundamental changes are coming, and the industry will need to adapt accordingly.

This shift has been a clear win for internet users. For publishers, advertisers, and AdTech companies, it demands a serious rethink.

How Publishers Can Adapt to a Privacy-First World

Despite the pressure, publishers do have options. A few practical directions worth pursuing:

  • Build addressable first-party audiences. Invest in collecting consented first-party data and package those audiences as targeting segments for advertisers — this becomes a core value proposition once third-party cookies disappear.
  • Deepen direct brand relationships and explore email-based ID resolution. ID resolution services that operate on email identifiers offer an alternative to cookie-based identification that can work across browsers and devices.
  • Audit your consent management platform. Make sure it is genuinely GDPR-compliant — not just superficially so — including correct lawful basis selection and clean consent collection flows.
  • Ask your AdTech partners hard questions. SSPs and other supply-chain partners should have clear plans for the post-cookie world. If they don't, that's useful information.

The underlying shift isn't reversible. Publishers who treat these changes as an external imposition will continue to see revenue erosion; those who rebuild their audience and data strategies around first-party relationships stand a better chance of maintaining meaningful ad revenue in the years ahead.

<Related />