I've done a bit more reading. This is not as dramatic as it seems. First party GA is not blocked. Access to 3rd party storage may be blocked, but this would not prevent web interactions from being visible to GA.
All cookies set via Javascript code are 1st party, and belong to the site that was in the address bar when the code ran (unless they are in a frame).
GA primarily utilises 1st party JS cookies. If you have GA on example.com then the cookie will be stored against example.com. One of these cookies stores a unique ID for you as a user.
GA will then send 'beacons' (GET requests to Google endpoint, with data passed in URL parameters) for pageviews and other events. Your unique ID is included in these URL parameters, which allows the various events from you to be joined up into a 'session'. That has not changed.
Apple's ITP affects both 3rd party HTTP cookies and 1st party JS cookies.
The main impact of ITP on GA is to limit the age of these cookies to auto delete after 7 days (usually), meaning that if you leave a site for more than 7 days your new session won't be able to be joined up with your previous session.
There is an edge case where ITP 3rd party cookie limits will directly block GA JS cookies, which is when it is running inside an iFrame (hat tip to Simo [1] for alerting me to this), in which case the JS code may not be able to set a cookie and will not fire a beacon.
Strictly speaking, GA is always 3rd party (it would only be 1st party if/when its used to measure google-analytics.com which is not a user-facing domain). For measuring any other website, its 3rd party.
I believe that this would limit GA's ability to store data in cookies on my system (user or session-based attributes). GA could still create unique identifiers based on my user or session-based attributes and store those IDs on their own servers, then call them back up when I revisit the site.
I'm still coming up to speed on this, maybe someone with more experience could correct or clarify my statements.
In the context of web analytics, first-party vs third-party usually refers to how the user is identified, not to where the analytics status is hosted. Google Analytics uses first-party data for its tracking. Third-party tracking builds a universal profile of the user across the internet, first-party tracking builds user profiles that are silo'd to the website.
Google Analytics stores a first-party cookie with a unique ID for each user. This is used to de-duplicate traffic from the same user to the same domain. This cookie not shared across websites. If you go to example.com and website.com, those are two different first-party cookies without views into each other.
Optionally, Google Analytics can be configured correlated this with a third-party cookie from google.com for advertising purposes. This allows the website owner for example.com to connect a user converting on example.com to that same user having seen or clicked an ad on google.com. It also allows the website owner to target ads on google.com towards users based on their activity on example.com
Previous iterations of Safari's ITP have outright blocked the third-party cookie, and have limited first-party cookies based on whether they're HTTP cookies or JavaScript cookies.
There are a few threads in Twitter where people are discussing the validity of this article's claim. Here are the two most prominent (referenced in the article) [1], [2].
