Privacy Technology & Legal Updates: Death to the Cookie

2020 changed how marketers need to approach their customers – perhaps forever. And I’m not talking about the impact of the pandemic on consumers (for once). Last year also saw a number of data privacy developments, and some are likely to disrupt many a social media marketing strategy by the end of 2021.

Customer analytics remains a top priority for most businesses, providing valuable business intelligence to guide some tactics while measuring the success of others. However, the promise of analytics is largely predicated on access to a firehose of audience and customer data. And then there’s tracking data; fueling and trigger marketing automation, targeting ad campaigns and making it possible to personalise the customer experience at scale.

But access to personal data has grown increasingly difficult as new data privacy practices and regulations come into play.

The trend is towards ever-more stringent regulations. The California Privacy Rights Act (CPRA) 2020 came into full effect on July 1^st, 2020, and requires the creation of a new government agency to enforce it; the first U.S. agency dedicated to data privacy and protection.

Meanwhile, New York’s proposed consumer privacy bill – also known as the It’s Your Data Act (IYDA) – could go even further by allowing “consumers to take the matter in their own hands and sue companies that have violated their privacy.”

Over in Europe, the EU’s General Data Protection Regulation (GDPR) – which came into effect in 2018 – has already demonstrated that it has teeth. And, as the UK finally left the EU on December 31^st (Brexit), it now has six months to ensure its newly established data protection laws are compatible with the EU’s GDPR without EU countries needing to apply additional safeguards.

And then there are all of the other countries or states currently adding to or revising their data protection and data privacy laws. It’s a long list. According to Gartner, by 2023 the personal data of 65% of the world’s population will be covered by one or more modern data privacy regulations. If your business hopes to do business with anyone within that 65%, those regulations will impact you.

If keeping track of all of the legal changes wasn’t enough, there are also a bunch of technology changes and policies that may force marketers to change how they do business in 2021.

Consumers have increasingly been using VPNs, ad blockers and other methods of covering their digital tracks for years, and browsers like Safari and Mozilla Firefox already include tracking protections, allowing users to block third-party cookies.

Now Google has announced its Chrome browser will also block third-party cookies by the end of 2021. Google hopes to replace third-party cookies with new, less invasive technologies to reduce tracking without eroding the advertising revenue so many websites rely on.

Chrome’s share of the browser market worldwide is currently over 63%. Factoring in Safari (19.25%) and Firefox (3.77%) means that over 86% of internet users will be invisible to many conversion tracking, ad optimisation and retargeting tools, including the Facebook Pixel.

Around the same time, Apple launched App Store privacy labels to provide consumers with detailed information about the personal data captured by each and every app. According to the Apple Developer hub, developers are “required to provide information about some of your app’s data collection practices on your product page. And with iOS 14, iPadOS 14, and tvOS 14, you will need to ask users for their permission to track them across apps and websites owned by other companies.”

For a far more complete breakdown than I could ever manage of Apple’s privacy changes, the potential impact on Facebook advertising and how some brands are already adapting, Common Thread Collective has published an astoundingly detailed guide.

But not every major firm is happy with increased transparency. Taking out full-page adverts in a number of major U.S. newspapers, Facebook claimed Apple’s new features would “limit businesses’ ability to run personalised ads and reach their customers effectively”.

It’s an odd argument. After all, Apple isn’t blocking Facebook or any other business from capturing data or tracking users (Google definitely is, but Facebook doesn’t seem to want to criticise the big G for some reason). Apple just wants developers and businesses to be transparent with their users and ‘fess up to the data their apps will capture. The new features simply mean users know exactly what data an app will capture from their device, giving them an opportunity to agree or decline before installation.

If anything, Facebook’s response confirms that data capture works best in the shadows – when users aren’t aware quite how much they’re being tracked, measured and analysed.

But users are aware. The last few years have seen numerous data breaches and privacy scandals – including the Cambridge Analytica mess that involved Facebook. And that means sensitivity to data privacy is incredibly high right now.

Look at what happened to WhatsApp just days into 2021. A user notification of changes to WhatsApp’s terms and conditions – specifically related to data-sharing practices – led to an exodus of users leaving for competing encrypted messaging apps such as Signal and Telegram.

WhatsApp has since pushed back the deadline for users to agree to the new terms to May, giving the company time to reassure users and clarify exactly what is or isn’t changing.

This backlash against WhatsApp was largely driven by a misreading of the terms, a misunderstanding of what the changes actually mean in practice, and a growing distrust among many towards parent company Facebook. However, WhatsApp has shared user data with Facebook since 2016.

The WhatsApp debacle highlights how cautious consumers have become regarding their data privacy – particularly where Facebook is involved. It doesn’t matter how strong your data protections are if consumers perceive them as weak. And most consumers are not IT professionals or data privacy lawyers. You can’t expect the average person to parse every nuance of a lengthy set of Ts and Cs and feel reassured.

It’s not enough for businesses to merely comply with whatever data privacy regulations apply to them. Compliance is pretty much the minimum requirement by definition. Instead, in 2021, businesses need to be perceived as beyond reproach in their use of data. Asking for permission needs to become the norm. Transparency needs to become the norm. An ethical approach to all personal data needs to become the norm.

For years, big data has been talked about in terms akin to mining. Businesses dig for insights and extract value, often with massive spoil-heaps of untouched data captured just because the system allowed it. Like the earth beneath us, consumers have had little control over how their data is acquired to provide value to someone else. But the big data gold rush is nearly over.

Facebook is right to suggest that prompts for permission will mean more users opt out. However, rather than this being an argument against greater transparency, it should be an argument for brands, developers and marketers to give users more information to reassure consumers, along with incentives to share their data, while taking only that data which is absolutely necessary.

If 2020 has demonstrated anything, it’s that consumers will happily use QR codes and hand over identifying information in return for relaxed lockdown measures. There was value in the exchange – and protections too.

Brands need to justify data collection and give value in return to motivate users to give permission. The future of big data needs to be viewed less as an exercise in mining and more as individual transactions – customer first.