Back to blog

Marketing and advertising in a privacy-first world

Data privacy & security Personalization

Written by

Published September 1, 2022

Marketing and advertising in a privacy-first world

Data privacy is here to stay. 

Government regulations introduced worldwide and modifications to tracking and cookie technologies have been taking a toll on marketers. 

All these changes don’t come as a surprise.

According to a 2021 survey by McKinsey, only 33% of Americans believe that companies are using their personal information responsibly. 

According to a survey conducted by BCG and Google, over 60% of respondents want personalized ads. But almost half of them are uncomfortable sharing their personal data to personalize the displayed content.

You may be facing a dilemma. How do you provide the best possible experience tailored to users’ needs without compromising their privacy?

You need strong, trust-based relationships with consumers to build a solid foundation. 

Forget about easy fixes and workarounds. Only taking the time to craft a sustainable, effective data strategy gives you a long-term competitive advantage.

We will outline the data protection changes that affect your digital marketing, describe the potential alternatives to making your marketing, analytics and advertising privacy-friendly and effective, and provide steps to follow from 2022 onwards.

How the landscape in user privacy has changed

We can divide the changes in consumer privacy on the Internet into two categories:

  • Legal – regulations and laws introduced or enforced worldwide.
  • Technical – the demise of third-party cookies, tracking protection mechanisms, etc.

Let’s examine the laws and technical aspects impacting your marketing today.

Government regulations introduced worldwide to protect people’s privacy forced many businesses to reevaluate their approach to users’ data.

Collection and use of data

The law that completely turned around how personal data is collected, processed and shared is the EU’s GDPR from 2018. 

Other regions in the world followed, resulting in their own pieces of legislation, such as:

  • California: CCPA
  • Brazil: LGPD 
  • India: PDPB 
  • Thailand: PDPA
  • The UK: PECR
  • Germany: TTDSG

These laws complicate the use of third-party data. For example, most of them mandate websites to get users’ permission to have their information processed.

But European data privacy laws don’t end at GDPR. There are additional regulations that are meant to supplement it.

Another relevant EU legislation is the ePrivacy Directive, which came into force in 2002, long before GDPR. The directive mandates each EU country to pass its own laws corresponding to electronic communications, specifying what they should focus on in their legislations. However, how the laws are structured is up to the countries’ individual interpretations. 

Apart from that, the ePrivacy regulation has been in the works since 2017, focusing on the rules of online privacy of EU citizens, such as the use of cookies, direct marketing and B2B communications. The ePrivacy regulation will replace the ePrivacy Directive and standardize the laws around processing data of EU residents in electronic communications in Europe.

With time, relevant court rulings clarified certain aspects of the GDPR and indicated how websites should approach privacy matters. 

For instance, the ruling on Planet49 case specified that visitors have to give explicit consent by performing an action. It means pre-ticked boxes no longer do the trick in the EU unless they apply to essential cookies.

Data protection officers (DPAs) in some European countries have issued regulations that specify their interpretations of data collection. 

Some acknowledge that data can be collected without consent for web analytics purposes:

  • CNIL in France – Data can’t be shared with third parties or used for other purposes, such as profiling or cross-domain tracking.
  • The Danish Business Authority – Data can be only for the site owner’s purpose and can’t be passed to third parties or used to build a visitor profile.

Transfer and storage of data

Another complicated issue is the transfer and storage of personal data. 

The Privacy Shield, a framework that enabled the transfer of EU personal data to the US, was invalidated in 2020. It was done to prevent US intelligence services from accessing the personal data of EU residents.

Anyone transferring data to the US based on the Privacy Shield framework lost their legal basis for doing so. 

Crucially, invalidating the Privacy Shield complicates the legality of transferring data to US servers when using Google Analytics.

Changes in technical aspects concerning data privacy

Browsers have introduced new privacy features over the years, concentrating on restricting third-party tracking. Doing so prevents vendors from following visitors across websites and sending information about their browsing history to other companies, typically for advertising purposes.

Here are some specific mechanisms introduced in the past few years:

  • Apple has implemented Intelligent Tracking Prevention (ITP) in Safari. It blocks third-party cookies and limits the retention of first-party cookies to avoid workarounds for setting third-party cookies as first-party.
  • Apple has additionally been making changes to its identifiers for advertisers (IDFA) – unique identifiers assigned to a user’s device, which advertisers employ for customized advertising. All apps will be required to follow the App Tracking Transparency (ATT) framework by displaying a prompt where users need to opt in to enable tracking across apps and websites.
  • Firefox has implemented Enhanced Tracking Protection (ETP) to limit third-party tracking.
  • On top of that, Google is phasing out third-party cookies in Chrome in 2024, making it the last browser to do so. It will be a paramount move as Chrome holds the most market share for browsers.

So, how do the cookie changes affect MarTech and AdTech?

Though third-party cookies are on their way out, companies like Google, Facebook and Amazon won’t suffer as much. Since they own the most first-party data, they can utilize it to increase their gains.

Analytics, marketing automation platforms and A/B testing won’t be affected by the demise of third-party cookies since they already rely on first-party cookies. 

However, mechanisms like ITP impact them because of the limited lifespan of the first-party cookie, which in Safari is only seven days.

If a Safari user enters a website, leaves it, and returns after eight days, they will be classified as a new visitor. This means that the data you gather will lack accuracy. 

Let’s not forget about the impact of ad block extensions that users have been turning to in response to intrusive ads online.

As of 2022, already 37% of internet users worldwide adopt ad blockers. 

Though adblocking extensions were intended to block ads, some also block invasive trackers, such as Google Analytics.

Read other blog posts to learn if Google Analytics is privacy-friendly: 

Increased adblocker adoption may be reflected in your data, depending on your analytics platform and audience. For instance, younger demographics are more likely to install ad blockers than the older generation, so their data could be incomplete.

experts opinion

Hopefully we see more innovation that aims to apply privacy-by-design principles in the ad-serving infrastructure

Rotem Dar

VP of Innovation at eyeo

What do you think is the future of effective digital marketing that respects user privacy?

Hopefully we see more innovation that aims to apply privacy-by-design principles in the ad-serving infrastructure. As users become more aware of how much personal data is out there and how it is being used, privacy is quickly becoming a top concern.

Corporations would be well advised to seize this as an opportunity to position themselves as privacy-first and be able to offer users what they want. I would rather be optimistic that we’re heading toward a better online environment, where users have more confidence in how brands and adtech platforms are allowed to engage with them. With that said, there are of course contradicting trends too.


More and more online targeting is done via fingerprinting and other less user-centric practices. Realistically, the shift to privacy-preserving marketing technologies can’t rely on corporate responsibility alone, but also on effective regulatory enforcement by authorities and proactive actions of users themselves.

How to do effective marketing, analytics and advertising in a privacy-first world

Given these privacy-first adjustments, you may need to rework your digital marketing strategy and look for new ways to make it effective. 

Your MarTech and AdTech platforms need to help you gather valuable audience insights with privacy in mind and let you target them accordingly.

Marketing and web analytics tools

Third-party cookies’ demise primarily affects remarketing, data management platforms (DMPs) and ad platforms that track users across different sites.

Most marketing tools such as A/B testing tools (for example, AB Tasty, Optimizely or Convert) or marketing automation platforms (for example, SALESmanago, Hubspot or Marketo) already utilize first-party cookies. That’s why the end of third-party cookies won’t affect them too much

Focus on collecting first-party data from your customers and putting it to good use. And even without user consent, there are insights you can gain about your audience.

Collecting first-party data

Accelerating your first-party data collection will help you redefine consumers’ interactions with your brand.

Pros of first-party data collection

First-party data comes directly from people who had contact with your brand, which gives it enhanced quality

This data gives you better insight into the whole user journey, allowing you to adjust every touchpoint accordingly.

Look around and consider all the places where you get access to user data:

  • Web analytics platforms
  • CRM systems
  • Transactional systems
  • Email marketing
  • Social media
  • Paid search
  • SEO tools

Don’t forget that you can also gather first-party data from offline sources, such as sales calls or in-person customer encounters. You can then combine it to create single customer views in customer data platforms.

Add an option for users to create an account to access additional data shared through logged-in experiences.

The level of insight gained from first-party data allows you to personalize content recommendations and advertising messages at a more granular level. 

For instance, use it to:

  • Send personalized emails
  • Show tailored messages to visitors
  • Display dynamic creatives, like ads

Learn about specific ways to incorporate first-party data into your marketing.

If you process the information of users that are subject to data privacy laws that require consent, you need to display an appropriate cookie banner and collect consent from them. Otherwise, your first-party data collection won’t be compliant. Ensure no pixels or marketing tags are fired on the site until a user gives appropriate consent.

The consent form determines how far you can take communication with users.

To improve the accuracy of your first-party data collection, consider implementing server-side tracking, for example, through server-side tagging or tracking with a first-party collector. 

Learn more in the blog post: Server-side analytics tracking with first-party collector: What you need to know

Cons of first-party data collection

Though first-party data is high-quality and valuable, certain aspects of collecting it in a privacy-friendly way make it complicated.

The main drawback is that not everyone will accept your consent requests and agree to share their information. Consequently, your data profiles won’t be complete. 

Showing a consent bar might also negatively affect user experience on the site, especially if it interferes with important content or contains lots of text.

And although first-party data is effective for marketing to members of your audience (such as site visitors or customers), it won’t work for prospecting, such as advertising to the right target group to bring them to your site or app for the first time.

Anonymous tracking

Fortunately, you can collect anonymous data.

Pros of anonymous tracking

This approach lets you maximize the data you acquire, including from visitors who opt out or ignore the cookie banner.

Anonymous data is valuable for understanding user behavior on your site. 

It lets you track most actions, like the number of visitors, page views, conversions and time spent on the site, displays basic attribution and helps credit actions to a single visitor.

There are a few methods for collecting anonymous data, all of which are available in Piwik PRO Analytics.

With cookies and session data 

A session identifier in the form of a cookie is deployed and removed from the browser after 30 minutes. This method is sometimes not desired because specific regulations (e.g., PECR in the UK or TTDSG in Germany) prevent using cookies without consent.

Without cookies but with session data 

This method deploys a session identifier in the form of a temporary session fingerprint. It ties events, such as page views, to one session. This option is compliant with numerous regulations, like TTDSG or PECR.

Without cookies or session data 

This option shows data about events but provides no context of users or sessions.

Here is what all of these methods have in common:

  • You don’t need consent under GDPR
  • You don’t store personal data in the database 
  • You cannot identify individual visitors on the website
Cons of anonymous tracking

Naturally, anonymous data has certain limitations, such as:

  • You can only attribute a specific type of action to a single visitor throughout one session
  • You can’t identify if a returning visitor performed the actions
  • You can’t connect data from multiple sessions (e.g., for multi-channel conversion attribution)

For example, you will not be able to attribute conversions to actions taken over several site visits.

Be sure to follow our guide to anonymous tracking to learn about the technical details and implementation options.

The demise of third-party cookies, widespread adoption of ad blockers and legal regulations significantly impact advertising and remarketing

Advertisers and publishers need to depend primarily on first-party data or combine it with other options, such as adding paywalls or subscriptions. 

Other solutions include Google’s Privacy Sandbox, walled gardens, or contextual targeting – let’s analyze their pros and cons.

Privacy Sandbox

Google has taken the stage by launching the Privacy Sandbox – an initiative to set new standards to replace third-party cookies. The center of the project is a suite of suggested protocols to satisfy the myriad of use cases that third-party cookies offer advertisers.

FLoC

One of the proposed alternatives was Federated Learning of Cohorts (FLoC), a form of behavioral targeting. 

While FLoC had the potential to resolve some privacy issues, some of its characteristics posed additional risks. Specifically, FLoC would enable fingerprinting techniques to identify users within a cohort and share sensitive user data, allowing discriminatory ad targeting.

Google has ultimately withdrawn the proposal of FLoC, replacing it with another system of interest-based advertising, Topics API.

Topics API

Topics API was an alternative option that Google proposed after stepping away from FLoC.

As part of Topics API, Chrome will calculate and store the top five topics for a user weekly based on their web activity – it could be things like “Fitness” or “Travel & Transportation”. When you visit a website, Topics will show the site and its advertising partners three of your interests, consisting of “one topic from each of the past three weeks.” After three weeks, the topics are deleted.

Pros of Topics API

Ultimately, Topics API is meant to reflect a consumer’s interests rather than placing them into interest-based cohorts like FLoC. And the advantages over its predecessor don’t end here.

First, the topics are stored on the consumer’s browser, not an external server belonging to Google or another party. 

Topics API won’t contain any sensitive categories, such as race or gender. There will also be fewer, more generalized categories – it’s been mentioned there would be 350 interest groups. In the end, users might even be able to adjust their preferences – for example, add or delete topics and turn off the feature altogether. 

This doesn’t mean that Topics API solves all the issues with FLoC, but it beats it in terms of user privacy and security.

Cons of Topics API

The main downside to Topics API is the unlikeliness of its widespread adoption.

We can expect that other browsers, like Firefox, Safari, or Brave, won’t adopt Topics, just like they refused to adopt FLoC. As a result, collecting cross-browser or cross-device data wouldn’t be possible.

Even if Topics API is added to Chrome and demonstrates its value for advertisers, you shouldn’t rely on it exclusively. 

Though Google is making the right decision by phasing out third-party cookies in Chrome, the question remains about Google’s motivation for introducing the Privacy Sandbox. Many argue it’s another one of Google’s attempts to establish control over the web and advertising.

And let’s remember that Google will continue to collect and use its first-party data to improve ad revenue in other properties, like Google Search and YouTube.

Walled gardens

Another frequently discussed alternative for third-party cookies is walled gardens. 

A walled garden is a closed ecosystem in which the platform provider controls the content, applications, and media and restricts access as it sees fit.

In the AdTech world, the primary examples are Google and Facebook, with Amazon catching up to them. In 2021, the three companies together accounted for more than 74% of global digital ad spending.

Pros of walled gardens

Walled gardens offer publishers some definitive benefits, namely:

  • Immense audience reach
  • Monetization options
  • Opportunities to boost referral traffic

Platforms like Facebook or Amazon tend to provide better ROI than others due to the massive amounts of data and how refined their algorithms are. It lets them target the right audiences with compelling ads.

The most evident advantage for user privacy is that the platforms collect first-party data. Many users log into their Google or Facebook accounts on multiple devices, allowing them to combine more data for cross-device targeting and attribution

Within a closed platform, the service provider is in charge of the data and creates effective systems for securing it, such as through encoding. Also, consent is required to make specific tracking options available to advertisers. 

Large publishers, like the New York Times or the Washington Post, are already investing in audiences based on their first-party data. They use them for ad targeting and, effectively, build their own walled gardens.

Cons of walled gardens

At this point, you probably see how the above-mentioned aspects of walled gardens are simultaneously causing issues. 

The biggest downside is that the platforms have a monopoly in the ad world, preventing independent publishers from reasonably competing with them.

Another problem is the lack of transparency in measuring and reporting data. Each platform does it differently, so the audience information you get on one platform can’t be applied to another. 

The provided data is aggregated, which poses a challenge to extracting audience insights, monitoring user journey and understanding how visitors respond to your offer. 

On top of that, advertisers and publishers don’t have sufficient control over the data, as companies that develop walled gardens use marketers’ data for their purposes

If you decide your business may still benefit from walled gardens, don’t focus on them exclusively but combine them with other methods. Over-reliance on the same few platforms will be detrimental to your marketing efforts.

Contextual targeting

Since behavioral and audience ad targeting is tricky, think about turning to contextual targeting.

With contextual targeting, a display ad is placed on a website. The ad is directly related to the content on the page or site. To implement the ads, you can turn to advertising platforms that offer complete solutions for contextual targeting, for example, by keywords, subjects or categories.

Pros of contextual targeting

The undisputed asset of contextual targeting is that it doesn’t require user-level data. Instead, contextual targeting uses session data, such as the browsed website, to determine their intentions and interests. 

Targeting based on the context rather than user data complies with legal regulations concerning data privacy. This makes it a safe and preferable system for most companies that must follow regulations like GDPR.

With the right audience and keyword selection, contextual ads can be highly relevant and add value to the site’s content, potentially driving more conversions. They will be a great option for niche, highly specific sites.

Since contextual ads are specifically designed for an audience already interested in the subject, they are less disturbing than traditional banner ads.

Cons of contextual targeting

Contextual targeting also comes with challenges.

The process of contextual advertising takes time and attention. Your ads lack the amount of data on the visitor profile, which limits your knowledge of what the user wants.

You need to carefully consider the choice of keywords while writing the content. Make sure the keywords match user intent. 

Many sites have content that is too broad or generic to target contextually. One example is news sites where contextual targeting may fall short compared to behavioral advertising, for example, in Google’s display network.

In the end, you may end up showing content that your visitors won’t be interested in. 

Additionally, contextual targeting is challenging to scale organically, especially when it comes to branded contexts.

experts opinion

Marketers and advertisers need to acknowledge the path to a privacy-preserving online ecosystem is not a zero-sum game

Rotem Dar

VP of Innovation at eyeo

As marketers and advertisers consider different privacy-friendly solutions in their marketing, analytics and advertising, what are the things they need to think about first to make sure whatever they do is right for their organization?

The big picture. Marketers and advertisers need to acknowledge the path to a privacy-preserving online ecosystem is not a zero-sum game. Sustainable success will come from winning users’ trust “in the system”. The only way to do this is through straightforward practices, transparency and respecting choice. All of these are key to ensuring a thriving web economy in the future.

If users feel that they are treated fairly, then they don’t have to read the small print, and they can trust their selections about which information they share are being respected. This leads to users having more trust in buying online and in being addressed through advertising. We have to choose between short-term earnings, or doing the right thing that will also result in long-term success.

Adapting to the new privacy-friendly state of digital marketing

The changing cookie-tracking landscape and new data protection laws mean we have an opportunity to revisit the tools we’ve been relying on. We can verify how to get better insights and access to our audience.

Let’s outline the key points of how you should refocus your digital marketing strategy.

Focus on trust and transparency in your relationship with users

Showing users that their privacy and preferences regarding it are important to you increases their trust in you in business contexts.

Users who perceive your brand as trustworthy are more likely to complete the desired customer journey and conversions.

You need to pay attention to sensitive data and respect your customers’ privacy preferences.

Ensure you communicate:

  • What data you collect
  • How you use the data
  • How this usage benefits visitors

Present this information in a way that highlights the security measures you take to protect the data.

This should remain consistent across touchpoints, but you need to first communicate it through the cookie consent form, where the message should be clear and written in plain language. Don’t resort to an overly legal, convoluted style of writing that some users may struggle to understand. 

You can A/B test your consent form to see which version gets you the most opt-in rates.

Piwik PRO’s Consent Manager does the heavy lifting of getting consent for you.

Consent Manager allows you to:

  • Provide an easy way for users to opt out
  • Fully customize the layout and text on the form
  • Clearly state what data you are collecting and why
  • Give your visitors a way to change or withdraw their consent
  • Make sure your tags aren’t fired before you obtain legal consent
  • Collect all consents and preferences in one place

Show users the value exchange behind sharing their data

You need to focus on the value you get through direct engagement with your prospects and customers. Be aware of what benefits your brand gives customers and how to make their experience worthwhile. 

It’s much easier to convince your customers to share their information if they understand how it is used, especially since it often serves their best interests. For example, you can employ it to personalize website content or provide clients with customized offers.

There are also ways to encourage people to share their data.

As we learn from BCG and Google’s survey, value exchange plays a vital role for consumers. As much as 90% of respondents said they are willing to share their data when presented with a clear incentive. 

Depending on the industry, the incentives can be different – you can offer discounts or free samples or trials, as well as access to unique, valuable content or features.

Evolve your tech and data infrastructure

Revamping your data technology stack is another step to take.

Ensure your analytics and marketing platforms comply with privacy requirements. 

In particular, these platforms:

  • Should let you respect users’ choices.
  • Shouldn’t use data for their own purposes, for example, to improve their algorithms.
  • Should allow you to minimize the amount of data to only collect the necessary information.

Additionally, find out which platform will provide you with valuable insights to address users’ needs and deliver business results.

You can facilitate a privacy-first approach with Piwik PRO’s Analytics – here is why:

  • It’s fully GDPR-compliant.
  • It prioritizes the security of user data, making it suitable even for industries that handle sensitive data.
  • It doesn’t share data with third parties.
  • It integrates well with other functional modules, such as tag manager and consent manager.
  • You can choose between different server locations for storing the data.
  • You get extensive data anonymization features to maximize the amount of collected data.
  • You have control over the data.
  • You can customize how you use the data – e.g., you gain access to unsampled or raw data.
  • You get access to accurate data and a stack of reports, dashboards and integrations.

Final thoughts

Privacy legislation and technical changes aim to protect the user from any interference with their private life and let them make decisions regarding their personal data.

The future of digital marketing is shifting, but it’s an opportunity to better understand what your audience wants and give it to them.

Revamped consumer experiences achieved through first-party data need to be your long-term goal.

The sooner you consider your first-party data strategy, the more you get ahead of those competitors that aren’t yet modifying their approach.

And if you want to learn more about how Piwik PRO can help you gather valuable data in a privacy-compliant way, we are always happy to answer your questions!

Author

Małgorzata Poddębniak

Senior Content Marketer

Content marketer and editor with experience in writing about various technical topics, creating research-based, comprehensive articles about the intricacies of web analytics and privacy.

See more posts by this author