Attribution Modeling in Digital Marketing: The Future [Part 3/3]

Is attribution modeling really coming to an end with the death of third-party cookies?

That's the question addressed throughout this three-part series, which has covered the privacy-related changes reshaping the AdTech and MarTech ecosystem and how attribution modeling is affected by them.

This final instalment focuses on the developments that technology and attribution companies are pursuing to keep their solutions viable in a post-third-party-cookie environment.

The Future of Attribution

The future scenario for attribution will largely be shaped by four characteristics:

• The data oligopoly: Data access will be controlled by the walled gardens of Google, Apple, Facebook, and Amazon.
• Data integrations: Direct agreements and integrations to access first-party data will compensate for much of what is lost when third-party cookies disappear.
• Authenticated first-party data: Hashed email addresses and other unique identifiers will become the robust substitute for third-party cookies.
• User-level data: Granular, user-level data will be significantly harder to come by.

1. The Data Oligopoly

Online advertising is dominated by a small number of large platforms — Google, Facebook, and increasingly Amazon. These companies collect vast amounts of data within their own environments and use it to deliver hyper-targeted ads. Data collection and usage is a core competitive asset for each of them.

When control over a market is concentrated among a few players, consequential decisions tend to be made by those few, leaving the rest of the ecosystem as spectators. This is exactly the dynamic the concept of walled gardens describes.

Walled gardens, in this context, can be understood as: large companies with a significant market share that collect data and hold enough power to determine what happens with that data. What they share in common is that tracking or measuring activity within their platforms using third-party tools is effectively impossible. The only way to access their data is through the integrations they manage and make available — and those integrations never expose data at a granular level.

There is a meaningful tension embedded in this situation. Advertising accounts for 70% of Google's revenue. So the question worth asking is: why would a company whose primary revenue source is advertising eliminate one of the most important mechanisms powering online advertising — third-party cookies — and introduce a framework like Privacy Sandbox that avoids 1-to-1 identification?

The more pointed question is whether 1-to-1 identification will actually disappear for everyone, or whether Google retains the ability to perform it within its own platforms and ecosystems while competitors cannot. If the latter is true, the end of third-party cookies strengthens Google's control over data while weakening that of independent players.

The net effect is likely an increase in advertising dollars flowing toward walled garden platforms, given their unique ability to hyper-target and measure specific audiences — capabilities that independent AdTech vendors will struggle to replicate in a cookieless environment.

2. Direct Integrations as a Path Through Walled Gardens

One solution that companies running advanced attribution modeling are actively working on is user-level identification through cookieless measurement — and authenticated data held within walled gardens is fundamental to making that work.

Walled gardens collect data on the ads served within their platforms, and that data is typically tied to a unique identifier such as an email address or phone number. The expected scenario involves linking the first-party data silos held by advertisers, publishers, and walled gardens by matching on the unique identifiers common across all three.

Direct integrations between these parties will, in effect, become the new infrastructure for multi-touch attribution.

3. Authenticated First-Party Data

The future of multi-touch attribution is expected to rest on authenticated first-party data. Every solution being developed to replace third-party cookies is, at its core, an attempt to establish a new unique identifier that enables cross-site measurement without relying on third-party intermediaries.

Authenticated first-party data refers to data collected directly by an advertiser or publisher that can be associated with a unique identifier tied to a real user.

An illustrative example: a user logs into their Instagram account (owned by Facebook) and sees an ad for a shoe retailer. They click the ad, are taken to the retailer's website, and accept the cookie consent prompt. While browsing, they encounter an offer — 20% off a first order in exchange for registering with their email address. They register using the same email they use for their Instagram account, and ultimately complete a purchase.

Throughout that journey, an attribution platform is receiving signals. The authenticated first-party data from the retailer (the email, the purchase event) can then be matched against the walled garden's data (the ad impression, the click) to reconstruct the path to conversion.

The practical implication for advertisers and publishers is clear: creating sufficient incentives for users to provide their email addresses — through loyalty programmes, account registration, members-only content, or similar mechanisms — becomes a strategic priority, not just a nice-to-have.

4. User-Level Data Will Be Harder to Access

Even as advertisers and publishers feed authenticated first-party data into walled garden integrations, the information they receive back will not be granular. Based on Google's Privacy Sandbox conversion measurement plans and Safari's Privacy Preserving Ad Click Attribution, data will only be shared in aggregate — never at the individual user level.

The realistic positive scenario is one where, as long as advertisers, publishers, and walled gardens can connect their respective data through shared unique identifiers, multi-touch attribution remains viable — even if it operates at a coarser level of granularity than what practitioners are accustomed to.

Can Attribution Be Done Without Third-Party Cookies?

In short, yes — but the industry needs to make a substantial set of adjustments to operate in this new environment.

Authenticated first-party data is the cornerstone, along with establishing the direct connections with walled gardens necessary to access their data. Additional approaches that can support attribution measurement include:

• Creating identifiers from email addresses, mobile IDs, phone numbers, and similar signals, then using them for identification and data stitching.
• Using panel-based and aggregated data to gain insight into customer behaviour where user-level signals are unavailable.

What Practitioners Can Do Now

The most actionable priority is to focus data collection strategy on growing the base of logged-in users. There are several proven approaches:

Gamification and incentive mechanics — encouraging users to participate in interactive experiences (games, roulettes, contests) in exchange for providing an email address is increasingly common and effective. The email becomes the price of admission for the prize.

Incentivized registration — offers, discounts, and loyalty programme benefits tied to account creation give users a concrete reason to share their contact information.

Members-only content — gating genuinely valuable content or features behind a login creates a natural prompt for registration. There is a well-documented psychological phenomenon sometimes called the commodity effect — the perception of scarcity increases desirability — which suggests that selectively restricting access can enhance, rather than harm, the user experience when done thoughtfully.

The underlying principle across all of these is the same: start collecting first-party identifiers wherever it is reasonable to do so, and build the infrastructure now to match those identifiers across advertiser, publisher, and walled garden data.

Series Takeaways

• Browsers like Safari and Firefox have implemented privacy settings that block third-party cookies by default. Google Chrome introduced SameSite changes to how it handles third-party cookies and announced plans to phase out third-party cookie support entirely. Chrome's proposed replacement framework is called Privacy Sandbox.
• The "more private web" narrative surrounding these changes leaves open the question of whether Google's own AdTech platforms will be affected in the same way as independent AdTech companies.
• In browsers that block third-party cookies by default, users no longer have the option to accept or reject those cookies — the decision is made for them at the browser level.
• Multi-touch attribution models, DMPs, ad servers, and retargeting are all materially affected by third-party cookie deprecation.
• Last-click attribution is the only attribution model that remains unaffected by cookie changes — but it is not the dominant model in use, which means most marketers will see their measurement capabilities impacted in some form.
• Walled gardens will be central to the future of attribution, and authenticated first-party data will serve as the primary substitute for third-party cookies.
• Aggregate, group-level data will become the standard output from walled garden integrations, replacing the granular user-level data that was previously available.
• Building a robust base of first-party identifiers — particularly email addresses — needs to be actively incentivized, as email remains one of the most reliable identifiers available in a cookieless environment.