Chrome Blocking Third-Party Cookies: Do You Still Need a Cookie Banner?

Table of Contents

• What Is Chrome's Tracking Protection?
• What Does the Eye Icon in Chrome Mean?
• Why You Still Need a Cookie Consent Banner
• First-Party vs Third-Party Cookies: What's the Difference?
• How Google Consent Mode v2 Works With Tracking Protection
• What This Means for the Future of Cookie Banners
• How Cookie Banner Generator Keeps You Compliant
• Frequently Asked Questions

What Is Chrome's Tracking Protection?

Google Chrome has rolled out Tracking Protection, a built-in feature that blocks third-party cookies by default for all users. This is the culmination of years of work on Google's Privacy Sandbox initiative, following Safari and Firefox, which have blocked third-party cookies for years.

Here is what Tracking Protection actually does:

• Blocks third-party cookies — Cookies set by domains other than the one you are visiting are blocked automatically
• Limits cross-site tracking — Advertising networks and data brokers can no longer follow you across websites using traditional cookie-based tracking
• Shows a visual indicator — An eye icon appears in the address bar when third-party cookies are blocked on a page
• Allows per-site exceptions — Users can temporarily re-enable third-party cookies for a specific site if something breaks

This is a significant shift for the advertising industry, which has relied on third-party cookies for cross-site tracking and retargeting for over two decades. But for website owners who care about legal compliance, the picture is more nuanced than the headlines suggest.

The critical point: Chrome blocking third-party cookies does not change your legal obligations under GDPR, PECR, the ePrivacy Directive, or any other privacy regulation. These laws require consent for all non-essential cookies, not just third-party ones.

What Does the Eye Icon in Chrome Mean?

When you visit a website with Chrome's Tracking Protection active, you may notice a small eye icon in the address bar. Here is what it means and how it works.

The Eye Icon Indicator

The eye icon appears when Chrome has blocked one or more third-party cookies on the current page. Clicking on it opens a panel that shows:

• A message stating "Third-party cookies blocked"
• The number of third-party cookies that were prevented from loading
• Which external services attempted to set cookies
• An option to temporarily allow third-party cookies for that site

The 90-Day Temporary Allow Feature

If a website is not working correctly because third-party cookies are blocked (for example, a login widget or embedded payment form), users can click the eye icon and choose to allow third-party cookies for that specific site. This permission lasts for 90 days, after which Chrome automatically reverts to blocking.

This is important for website owners to understand: some of your users may choose to allow third-party cookies on your site, while others will not. Your site needs to function correctly in both scenarios.

What This Means for Your Website

If your website relies on third-party services that use cookies — such as embedded forms, social login, chat widgets, or payment processors — some of these features may break for users with Tracking Protection enabled. You should:

1. Test your website with third-party cookies blocked in Chrome
2. Identify any broken functionality and find alternatives
3. Ensure your cookie consent banner still works correctly regardless of Tracking Protection status

Why You Still Need a Cookie Consent Banner

This is the most common misconception we see: "If Chrome is blocking third-party cookies, I don't need a cookie banner anymore." This is wrong, and here is why.

Cookie Consent Is a Legal Requirement, Not a Technical One

Chrome's Tracking Protection is a technical feature built into the browser. Cookie consent laws like GDPR and PECR are legal requirements that exist independently of what any browser does.

Think of it this way: just because your car has airbags does not mean you can stop wearing a seatbelt. Browser-level blocking and legal consent are two separate layers of protection for users.

GDPR Still Requires Consent for All Non-Essential Cookies

The General Data Protection Regulation (GDPR) requires that you obtain explicit, informed consent before setting any non-essential cookies. This includes:

• First-party analytics cookies (Google Analytics, Plausible, Matomo)
• First-party marketing cookies (conversion tracking, A/B testing)
• First-party preference cookies (language settings, display preferences)
• Any cookie that processes personal data

Chrome's Tracking Protection does not touch first-party cookies. Your Google Analytics cookies, your marketing pixels, and your preference cookies are all still being set — and they all still require consent under GDPR.

PECR and the ePrivacy Directive Are Even More Specific

The UK's Privacy and Electronic Communications Regulations (PECR) and the EU's ePrivacy Directive are specifically about cookies and electronic communications. Under PECR:

• You must tell people that cookies are being set
• You must explain what each cookie does
• You must get consent before setting non-essential cookies
• This applies to all cookies, regardless of whether they are first-party or third-party

These regulations have not changed because of Chrome's update. If anything, the increased public awareness of cookie tracking makes compliance more important than ever.

The Legal Risk Has Not Changed

Regulatory authorities like the ICO (UK) and EU data protection authorities continue to enforce cookie consent requirements. Fines for non-compliance can reach:

• Up to 20 million euros or 4% of global annual revenue under GDPR
• Up to 500,000 GBP under PECR
• Individual enforcement actions from national DPAs across Europe

The fact that Chrome now blocks third-party cookies does not reduce these penalties or change the enforcement landscape.

First-Party vs Third-Party Cookies: What's the Difference?

Understanding the difference between first-party and third-party cookies is essential for grasping why Chrome's change does not eliminate the need for consent.

First-Party Cookies

First-party cookies are set by the website you are currently visiting. They live on that domain and cannot be read by other websites.

Common examples:

• Session cookies — Keep you logged in as you navigate pages
• Shopping cart cookies — Remember items you have added to your cart
• Analytics cookies — Google Analytics _ga and _gid cookies that track your behaviour on that specific site
• Preference cookies — Your language, theme, or display settings
• Marketing cookies — First-party conversion tracking and remarketing data

Chrome Tracking Protection impact: None. First-party cookies are unaffected.

Third-Party Cookies

Third-party cookies are set by a domain other than the one you are visiting. They are typically loaded through embedded content, scripts, or iframes from external services.

Common examples:

• Ad network cookies — DoubleClick, Facebook Pixel cross-site tracking
• Social media embeds — Facebook Like buttons, Twitter widgets
• Cross-site analytics — Tracking you across multiple websites
• Retargeting cookies — Following you around the internet with ads

Chrome Tracking Protection impact: Blocked by default.

The Key Takeaway

Chrome blocks third-party cookies but leaves first-party cookies untouched. Since first-party cookies — including analytics and marketing cookies — still require consent under GDPR and PECR, you still need a cookie consent banner.

How Google Consent Mode v2 Works With Tracking Protection

Google Consent Mode v2 is Google's framework for respecting user consent choices while still allowing some data collection through modelling. It works hand-in-hand with Chrome's Tracking Protection to create a more privacy-respecting ecosystem.

What Is Google Consent Mode v2?

Google Consent Mode v2 is a set of consent signals that your cookie consent banner sends to Google services (Analytics, Ads, Tag Manager). It tells Google whether a user has granted or denied consent for:

• analytics_storage — Consent for analytics cookies
• ad_storage — Consent for advertising cookies
• ad_user_data — Consent for sending user data to Google for advertising
• ad_personalization — Consent for personalized advertising

How It Works When Consent Is Denied

When a user declines cookie consent through your banner, Consent Mode v2 tells Google tags to operate in a restricted way:

1. No cookies are set — Google Analytics and Ads respect the denial
2. Cookieless pings are sent instead — Basic, anonymized page-level data
3. Conversion modelling fills the gaps — Google uses machine learning to estimate conversions from users who did not consent
4. No personal data is collected — User privacy is fully respected

How It Works With Chrome Tracking Protection

Chrome Tracking Protection and Consent Mode v2 operate at different layers:

• Tracking Protection is a browser-level block on third-party cookies
• Consent Mode v2 is an application-level consent framework

When both are active, they reinforce each other. If a user blocks third-party cookies through Chrome AND declines consent through your banner, Google services receive the strongest possible privacy signal. If a user grants consent through your banner, first-party Google tags still work normally even with Tracking Protection enabled.

Why This Matters for Your Business

If you are running Google Ads or relying on Google Analytics, Consent Mode v2 integration is no longer optional. Google requires Consent Mode v2 for:

• Google Ads remarketing in the EEA and UK
• Accurate conversion tracking when third-party cookies are blocked
• Audience building for campaigns targeting European users

Without Consent Mode v2, you will see significant data loss in your analytics and advertising platforms.

What This Means for the Future of Cookie Banners

Chrome's Tracking Protection marks a significant shift in the privacy landscape, but cookie consent banners are not going anywhere. Here is why.

Browser-Level Privacy Is Increasing

All major browsers now block third-party cookies by default:

• Safari — Intelligent Tracking Prevention since 2017
• Firefox — Enhanced Tracking Protection since 2019
• Chrome — Tracking Protection rolling out now
• Brave, DuckDuckGo, Arc — Aggressive blocking from day one

This trend will continue. Browsers will add more privacy features, and users will expect greater control over their data.

But Legal Requirements Remain

No browser feature can replace the legal obligation to:

1. Inform users about what data you collect and why
2. Obtain consent before processing personal data through cookies
3. Provide granular control over different cookie categories
4. Allow users to withdraw consent at any time
5. Keep records of consent for compliance audits

These requirements come from law, not technology. Until privacy regulations change — which no one expects in the near term — cookie consent banners remain mandatory.

The Shift to First-Party Data

The death of third-party cookies is accelerating a broader industry shift toward first-party data strategies. Businesses are increasingly relying on:

• First-party analytics (server-side tracking, first-party cookies)
• First-party customer data platforms
• Contextual advertising instead of behavioural targeting
• Privacy-preserving measurement APIs (Google's Topics API, Attribution Reporting)

All of these first-party approaches still involve cookies and data collection that require consent. The cookie banner's role is evolving, but it is not disappearing.

Consent Banners Will Get Smarter

The future of cookie consent is not fewer banners — it is better banners. Expect to see:

• Tighter integration with browser signals like Tracking Protection
• Consent Mode v2 as the standard for Google ecosystem compatibility
• More granular controls as regulations become more specific
• Better UX patterns that respect users without disrupting their experience

How Cookie Banner Generator Keeps You Compliant

Cookie Banner Generator is built to handle exactly this situation — where browser technology and privacy law intersect.

Built-in Google Consent Mode v2

Our cookie banners come with Google Consent Mode v2 integration out of the box. When a user interacts with your banner, the correct consent signals are automatically sent to Google Analytics, Google Ads, and Google Tag Manager. No manual configuration required.

Works Regardless of Browser Settings

Whether your visitors use Chrome with Tracking Protection, Safari with ITP, Firefox with ETP, or any other browser configuration, our cookie banner:

• Loads correctly and displays your consent options
• Sets only the cookies the user has consented to
• Sends the right consent signals to your analytics and advertising tools
• Respects both browser-level blocking and user consent choices

Covers All Major Privacy Regulations

Cookie Banner Generator helps you comply with:

• GDPR — Full opt-in consent with granular cookie categories
• PECR — Clear cookie information and prior consent
• ePrivacy Directive — EU-wide cookie consent requirements
• PIPEDA / Law 25 — Canadian privacy compliance
• CCPA / CPRA — California consumer privacy rights

Easy Setup, No Developer Required

You can generate a fully compliant cookie banner in minutes:

1. Sign up at cookie-banner.ca
2. Configure your cookie categories and consent preferences
3. Copy the script tag and add it to your website
4. Done — Your banner handles consent, Consent Mode v2 signals, and compliance automatically

Ready to make your website compliant? Chrome blocking third-party cookies does not change your legal obligations — but it does make having the right cookie consent solution more important than ever. Get started with Cookie Banner Generator today →

Frequently Asked Questions

Does Chrome blocking third-party cookies mean I don't need a cookie banner?

Answer: No. Chrome's Tracking Protection only blocks third-party cookies at the browser level. Privacy laws like GDPR, PECR, and the ePrivacy Directive still require you to get informed consent before setting any non-essential cookies, including first-party analytics and marketing cookies. A cookie consent banner is still legally required.

What is Chrome's Tracking Protection feature?

Answer: Chrome Tracking Protection is a built-in browser feature that blocks third-party cookies by default. When active, an eye icon appears in the address bar showing that third-party cookies are blocked. Users can manually allow third-party cookies on a per-site basis for 90 days.

What does the eye icon in Chrome's address bar mean?

Answer: The eye icon indicates that Tracking Protection is active and third-party cookies are being blocked on that page. Clicking the icon shows you which cookies were blocked and gives you the option to temporarily allow third-party cookies for that specific site for 90 days.

Does Google Consent Mode v2 work with Chrome Tracking Protection?

Answer: Yes. Google Consent Mode v2 works alongside Chrome Tracking Protection by sending consent signals to Google services. When a user declines consent, Google tags use cookieless pings and conversion modelling instead. This means you can still get aggregated analytics data while respecting both browser-level blocking and user consent choices.

What is the difference between first-party and third-party cookies?

Answer: First-party cookies are set by the website you are visiting and stay on that domain. Third-party cookies are set by external services like ad networks, social media embeds, and cross-site trackers. Chrome Tracking Protection blocks third-party cookies but does not affect first-party cookies. Both types still require consent under GDPR if they are non-essential.

Will cookie consent banners become obsolete?

Answer: No. Even as browsers block third-party cookies, privacy regulations like GDPR, PECR, and the ePrivacy Directive require informed consent for all non-essential cookies, including first-party analytics and preference cookies. Cookie consent banners will remain a legal requirement for the foreseeable future.

How do I test if my website works with third-party cookies blocked?

Answer: In Chrome, go to Settings, then Privacy and Security, then Third-party cookies, and select "Block third-party cookies." Then browse your website and check that all features work correctly — login flows, payment processing, embedded content, and analytics. Fix any issues before your users encounter them.

Do I need to update my existing cookie banner for Chrome Tracking Protection?

Answer: If your cookie banner already handles first-party cookie consent and integrates with Google Consent Mode v2, you may not need significant changes. However, you should verify that your banner works correctly when third-party cookies are blocked and that all consent signals are being sent properly. Cookie Banner Generator handles this automatically.

Still have questions? Get in touch with our team → or try Cookie Banner Generator free →