Scritto da Michele Pisani 7 min di lettura

Your tracking system is lying to you.
And it’s not your fault.

If your company is still using classic Google Tag Manager, the Meta pixel in the browser and GA4 in its standard configuration, you are making marketing decisions on data that’s missing somewhere between 20% and 40% of your real conversions.

This isn’t a hypothesis. It’s the direct consequence of how the web works today, and the cause is structural. It can’t be fixed by optimising campaigns or switching agencies.

The problem isn’t the end of cookies. It’s that browser-side tracking is already broken

Safari has been blocking third-party cookies since 2017. Firefox since 2019. Ad blockers, today installed on roughly 40% of European internet users ^[1], don’t just block ads: they also block tracking tags, including Google’s and Meta’s. Apple’s Intelligent Tracking Prevention caps the lifetime of JavaScript cookies at 7 days on Safari ^[2].

What does that mean in practice? It means that every time one of your customers converts on Safari, or on a browser with an active ad blocker, that conversion most likely never reaches your systems.

Across European markets — led by Germany, France and the Netherlands — the average share of users with active ad blockers sits around 40%, with Germany above 49% (Source: Statista / SQ Magazine, 2025 ^[1])

In July 2024 Google announced that it would no longer deprecate third-party cookies on Chrome, and in April 2025 it confirmed that there are no longer any removal plans, only a user-choice mechanism. At that moment, many marketing teams breathed a sigh of relief, but it was a misjudgement: Chrome was never really the point.

Safari and Firefox already account for a significant share of global web traffic. On those browsers, third-party cookies haven’t existed for years. Anyone who waited for Google’s move has been losing signal for years, on every campaign, without realising it.

Your reports look normal. They aren’t

Traditional tracking works like this: the user lands on the site, the browser runs dozens of JavaScript scripts that send data to Google, Meta, TikTok and so on. Any ad blocker, any Safari policy, any privacy setting can break this chain silently — with no visible errors and no warnings in the control panel.

The gap, then, has become the new normal. You aren’t seeing fewer conversions because the campaigns are performing worse; you’re seeing fewer because your measurement system is incomplete. And Meta and Google Ads’ algorithms, which work on the data they receive from your systems, optimise accordingly — on a distorted reality.

Scenario	Tracking impact	Detail
Safari on iOS (ITP active)	JS cookies capped at 7 days	Conversions lost outside the short window
Firefox with ETP	3rd-party cookies blocked	Retargeting doesn’t work
Browser with ad blocker (EU ~40%)	GTM tags blocked entirely	No data reaches the platforms
Chrome with no extensions	Partially reliable	The only scenario still manageable browser-side

The way out: take the browser out of the equation

Server-side tracking flips the logic around. Instead of running tags in the user’s browser, events are sent directly from your server to the platforms. The browser is no longer the point of vulnerability.

The consequences are concrete. On the data side, the average signal recovery with this architecture is between 15% and 30% of conversions that previously weren’t being tracked. On campaigns with significant budgets, this changes the numbers the algorithms receive in order to optimise, and the algorithms perform better when they receive complete signals ^[3].

On the compliance side, data passes through your own infrastructure before reaching the platforms. You can apply consent logic centrally, anonymise what shouldn’t leave, decide what to send and what not to. GDPR stops being an external threat managed after the fact and becomes a configuration parameter.

There’s another aspect that’s often underestimated: control. With classic client-side tracking, many companies don’t know exactly what the browser tags are sending to Google and the other providers. With server-side, that visibility is yours — and it’s an argument that carries weight both during audits and in your relationship with the platforms.

67% of B2B companies that have adopted server-side tracking report an average improvement of 41% in data quality (Source: Secure Privacy / Digital Applied, 2025–2026 ^[4])

So why have so few companies completed the transition? Because it requires infrastructure and careful configuration. You need a container server to set up and maintain, skills that live at the intersection of data engineering and marketing operations, and a review of your consent management. It isn’t an afternoon’s implementation.

What’s happening in the sectors we work in

The public numbers available are already telling. One of the leading sport and fashion outlets in Europe, with stores active in several countries, estimated it was losing around 20% of sales because of plugin-based Facebook tracking that was structurally exposed to the limits of the browser. After migrating to server-side GTM with Meta Conversions API, Meta campaigns recorded a 24% drop in cost per purchase and a 32% improvement in ROAS, without any budget increase — simply because the algorithms stopped optimising on partial data ^[5].

At Fortop we work extensively with clients in the food and pharma sectors, and the results we’ve achieved are in line with these benchmarks. The mechanism that repeats itself is always the same: less budget wasted on users and behaviours the system wasn’t seeing correctly, better-trained algorithms thanks to a more complete signal, and KPIs growing at the same level of ad spend.

AI: a tool and a new obligation

As a measurement tool

Marketing Mix Modeling is being democratised thanks to AI tools that require less historical data. AI-based contextual ads don’t need personal data and show performance that is competitive with behavioural targeting ^[6].

As a new compliance front

The EU AI Act becomes fully applicable on 2 August 2026. If you use AI in production, check whether your systems fall into the categories subject to the regulation’s obligations before that date.

Consent: not just a legal obligation

Consent management is often treated as pure compliance. This is a mistake, because the quality of the consent banner directly determines the amount of data that can be collected — and therefore the quality of the signal that reaches the platforms.

Banners with visual parity between accept and reject — following the equal-ease principle required by GDPR — achieve consent (opt-in) rates averaging around 84% in opt-in scenarios. A standard, unoptimised banner sits significantly below this figure (Source: CookieBanner.com, 2026 ^[7])

From 2026 onwards, visual parity between the accept and reject buttons is a regulatory obligation in Europe, not a design choice. Supervisory authorities are applying this criterion with increasing rigour. France’s CNIL fined Google 150 million euros in 2021 for making it harder to refuse cookies than to accept them, and 325 million euros in September 2025 for inserting advertising in Gmail without valid consent ^[8].

The question worth asking this week

Not “are we GDPR compliant?” Almost everyone is — or rather “thinks they are” — at least on paper.

The real question now is: how many of our conversions are we actually seeing?

If your team can’t answer with a number and a methodology, the problem is already there. The gap between real conversions and tracked conversions is where to start. You run a systematic comparison between your back-end data (real orders or leads) and what’s visible in GA4. The persistent difference is the size of the problem. From there you build the case for action — whether that means implementing server-side tracking, reviewing your CMP or kicking off the DPIA on the AI models running in production before August.

Browser-side tracking hasn’t become unreliable because cookies are about to disappear. It has become unreliable because a significant share of users already use browsers and devices that structurally block it. The technology has already changed the rules. The remaining choice is whether to adapt your infrastructure or keep wasting budget trying to optimise on incomplete data.