Share on facebook
Share on twitter
Share on linkedin
Share on email

What Should Your Organization Be Doing to Succeed in the New Digital Privacy Landscape?

Succeeding in the Digital Privacy Landscape

Here at InfoTrust, we’ve been publishing a lot of content around the rapidly changing privacy landscape. Major transformations are underway, and they will have massive impacts on retail as we currently know it.

For example, we’ve explained how government regulations are changing the way organizations collect data; how browser changes will affect organizations’ ability to collect third-party data; why having a first-party data strategy is critical in a cookieless world; and how the cloud offers business owners powerful solutions during this volatile period of transition.  

While it’s good to be educated about these changes, it’s easy to feel overwhelmed. Or, even if you’re motivated to tackle these issues, it’s not always evident what your first steps should be. How does one prepare an organization for an as-yet-unknown future?

It’s understandable, then, that two of the most common questions we get from our clients are, “How do we assess what impact these changes will have on our business?” and “what should we actually be doing right now?” Below, I’ll explain the first three steps for your organization’s transition to privacy-centric marketing. 

You Need a Reality Check

For any organization looking to address privacy changes, the first priority should be performing a reality check. Figure out where your business stands today when it comes to digital privacy, reliance on platforms using third-party cookies, and first-party data strategy. 

You won’t be able to make informed decisions about how to make your privacy-centric vision a reality if you don’t understand the current landscape and what areas of your business will be impacted the most. A comprehensive assessment of your current state before considering any possible solutions is a must.

With so many changes happening, it would be easy to get carried away with all the things you could be doing. Instead, focus on three specific evaluations:

  1. Assess your marketing’s reliance on third-party cookies.
  2. Assess your ability to comply with privacy regulations.
  3. Assess your first-party data availability and modeling capabilities.

I’ll explore each of these outcomes in more detail below, highlighting key steps and questions that will ensure your organization is prepared for a cookieless future.

1. Assess Your Marketing’s Reliance on Third-Party Cookies

The topic on many people’s minds right now is the sunsetting of third-party cookies. Google has expressed its intention to phase out support for third-party cookies in Chrome browsers by 2022, and Safari effectively stopped support for third-party cookies with their introduction of Intelligent Tracking Prevention in 2019. 

Before you can adequately adapt, you must first assess how much your marketing platforms will be affected without third-party cookies. Some organizations rely heavily on advertising platforms leveraging third-party cookies, while others use strategies that do not require their use. It’s important to know where your business falls on this spectrum. Here’s how: 

  1. Conduct an inventory of tags present on your website. Step one is to know what marketing and advertising platforms are in use at your organization. Leverage an audit tool such as Tag Inspector to inventory all of the platforms currently collecting data and placing cookies on your owned and operated properties. If you want a complete audit of your tags, just let us know here, and we will send you an inventory, free of charge.

     

  2. Identify the business owners and business use cases for each tag, as well as the types of cookies they set. The goal is to learn which platforms are leaned on most heavily in your marketing mix and which of those rely on third-party cookies. The intersection of these two classifications are the platforms which constitute the biggest risk to the organization’s success. Ask yourself, what is being accomplished by these platforms today? What alternatives are available to me that I can test? How are these vendors preparing for the new reality?

     

  3. Review the need for a Customer Data Platform (CDP) for customer reach and identity resolution. Many organizations rely on third-party data to understand their most valuable users and expand their reach to target others similar to those users. Without third-party cookies, the ability of third-party platforms to be able to tell you who are your most valuable consumers and who should be targeted is no more. It is the responsibility of your organization and your first-party datasets to evaluate ideal consumers and take action on those insights. Having a single view of your customer across platforms and experiences is crucial, as is maintaining named user identifiers (IDs for those who have registered, logged in, etc.) to potentially use to join your datasets with those of partners for targeting. Assess what capabilities you have in this area today and if a solution such as a CDP is necessary to make this critical activity a reality.

2. Assess Your Regulatory Compliance

Government regulations like the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR) have placed limits on data processing, and the future of data privacy looks like it’s heading toward more regulation, not less. 

Perform a legal review to see which regulations might apply to your organization. If you operate only in the United States, this means being flexible and considering multiple state-specific laws such as CCPA (California) and CDPA (Virginia). If you do business in Europe, you will need to be aware of the more extensive GDPR as well as country-specific laws to comply with the ePrivacy Directive. 

For comprehensive information about complying with each of these regulations and deep-dive specifics for auditing methods check out the great content provided by Tag Inspector.

For a quick example, let’s look at the types of questions to ask to evaluate preparedness for Data Subject Access Requests (DSARs in privacy parlance):

  • What platforms are processing Personal Information?

     

  • Where is that information stored? Is it integrated into larger datasets? Shared with other platforms?
  • What processes do we have in place to meet the requests of consumers—both for accessing information in scope and for deleting it upon request?

     

  • How manual vs. automated are those processes?

Many companies are relying on clunky hacks in order to comply with these requirements. When a consumer requests information, someone in the organization goes to each platform that they are aware of to run searches, collect the information in a spreadsheet, and then sends it to the consumer. 

This is not efficient, cost-effective, nor sustainable. Investing in integrated, easily accessible data and robust automated processes will be beneficial to most organizations in the long run. 

3. Assess Your First-Party Data Availability and Modeling Capabilities

First-party data is the information that you collect directly from your consumers on your owned and operated properties. In a cookieless world, that data will become more and more important. 

Before you can maximize your use of first-party data, you must:

  • Review the first-party data collection architecture. First and foremost, you can’t gain insights and take action on data you don’t have. It is critical to have a sound data collection architecture in place. In the new privacy-focused world this means offering an adequate value exchange and maintaining a relationship with consumers so they opt-in to tracking. This also means ensuring consistency data structure across platforms to enable downstream integration.
  • Determine your approach to collecting “named” first-party data. Without third-party cookies, users registering and providing you with a persistent means of identifying them both on your properties and across other domains is critical for personalization. If you run a subscription-based website with registered users, you will have easy access to “named” datasets. However, not all websites have this functionality. What is your strategy for getting users to register and consent to you marketing to them in a one-to-one context?
  • Consider what systems you have in place to maximize the value of your first-party “named” data. A primary benefit of having registered users and named datasets is the ability to then integrate information for those users across devices, domains, even layering in offline information. The unique persistent identifier provides the “key” to join disparate user datasets and unlock the power of integration.

     

  • Review the architecture of internal data warehouses. As I mentioned above, it’s much easier for regulatory compliance if your data is integrated into a single platform. It is also much easier to analyze and use that data to build models. 
  • Identify the core initiatives you have to analyze the data you’re collecting. Review your first-party data modeling practices and techniques to determine any opportunities for growth. If you have a strong first-party data collection process, what are you doing to make the most of the information? What types of analysis are you running?  

You Must Lay the Groundwork

It’s natural to have many questions about the impact of privacy changes. What regulations are on the horizon? What’s FLoC? Can FLEDGE change remarketing? Keeping up with the ins and outs of the latest technology is a job in and of itself, and many solutions are still in the testing phase. 

Don’t get bogged down by the flurry of new developments before you even start. Instead, take a deep look inside your organization. Analyze your current reliance on third-party cookies and how you’re using first-party data, and you will be better positioned to tackle whatever changes are on the horizon.

At the end of the day, the true key to success will be collecting first-party data about your consumers and maximizing how you use that data. All of the questions above will help you lay the groundwork for that strategy, so you can make sure you won’t have any cracks in your foundation. 

Once you know where your organization stands, you’ll be able to consider more concrete tactics, such as investing in the cloud, analytical modeling, and developing better first-party data strategies. 

Start Your Journey to Privacy-Centric Advertising

Take our free privacy risk assessment and our privacy consultants will walk you through the findings!
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email

Other Articles You Will Enjoy

Google Consent Mode 101: Protecting User Rights & Business Needs

Google Consent Mode 101: Protecting User Rights & Business Needs

Table of Contents Introduction Google’s introduction of Consent Mode (beta) provides an organization the ability to technically modify the behavior of Google tags (Google…

Post-Durability Summit 2021 Q&A: You Asked Questions … We’ve Got Answers

Post-Durability Summit 2021 Q&A: You Asked Questions … We’ve Got Answers

InfoTrust recently hosted a Durability Summit, focusing on one of the largest changes the industry has seen in decades: major shifts in the realm…

Operation TURTLEDOVE: How Could TURTLEDOVE and FLEDGE Change Remarketing?

Operation TURTLEDOVE: How Could TURTLEDOVE and FLEDGE Change Remarketing?

Much has been discussed recently about Google’s FLoC proposal and the initial testing phase it has entered. While FLoC is one method from the…

4 Advantages of Server-Side Tagging in Google Tag Manager

4 Advantages of Server-Side Tagging in Google Tag Manager

Server-side tagging is a hot topic these days in the analytics world. For the uninitiated, server-side tagging allows users to move measurement tag instrumentation…

Privacy Sandbox Overview

Privacy Sandbox Overview

Google’s announcement in January 2020 that they intend to deprecate support for third-party cookies in Google Chrome within the next two years sent a…

Conversion Measurement APIs: Event Conversion and Aggregate Measurement APIs Explained

Conversion Measurement APIs: Event Conversion and Aggregate Measurement APIs Explained

The Privacy Sandbox is Google’s proposed solution for marketers reacting to the announcement that third-party cookies in Google Chrome are set to become obsolete. …

FLoC to It –  How the Federated Learning of Cohorts Affects Privacy

FLoC to It – How the Federated Learning of Cohorts Affects Privacy

The Privacy Sandbox is Google’s proposed solution for marketers reacting to the announcement that third-party cookies in Google Chrome are set to become obsolete. …

Side-by-Side Comparison of GDPR and CCPA—and Their Impacts

Side-by-Side Comparison of GDPR and CCPA—and Their Impacts

When it comes to digital privacy, everyone is talking about two sets of recent regulations: 2016’s General Data Protection Regulation (GDPR) and 2018’s California…

What the History of Privacy Regulations Reveals about Where We’re Headed

What the History of Privacy Regulations Reveals about Where We’re Headed

In 1890, Samuel D. Warren and Louis Brandeis published an article in the Harvard Law Review called “The Right to Privacy.” They defined privacy…

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Our website uses cookies and may collect user information to provide a good experience. Read our Privacy Policy here.

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.