Impact of Privacy Changes on Marketing: Retargeting

Estimated Reading Time: 5 minutes
January 12, 2023
Impact of Privacy Changes on Marketing: Retargeting

Tom is a marketing executive at a globally-recognized multinational corporation; he’s a client of ours, and his marketing and analytics teams work closely with us. He knows that privacy has and will continue to change the marketing landscape, but despite his best efforts doesn’t quite feel that he has a grasp of the fundamental concepts in a way that he can readily communicate to his leadership.

To highlight that importance, according to the Third Edition of the Salesforce Marketing Intelligence Report, “90% of marketers indicated recent data privacy changes have shifted their KPIs and how they measure performance, with 64% saying they’ve changed how they collect customer data. Despite that, only 36% of B2B brands say they are ready for upcoming data privacy changes, according to another study.” (Forbes)

Needless to say, having an understanding of why and how privacy changes affect fundamental marketing use cases is vital.

Today we will cover one of the most important—and impacted—marketing use cases: Retargeting.


Definition: Retargeting re-engages users who are likely to convert by creating audiences based upon observed actions on a site or other first-party sources, and targeting them via ad platforms. Note that retargeting uses cross-site audience identification, which is heavily reliant on third-party cookies (more on that later). (Another quick note, for clarity: Retargeting refers to paid ads, while remarketing to email.)

Business value: Retargeting matters for several reasons, not least of which is because it is the most cost-effective lower-funnel marketing activity; it drives results. It allows an organization to create more targeted and relevant content for customers based on the customer journey, by generating awareness, nurturing, during the sales process, or in the post-purchase experience. It is also used to learn more about what an ideal or best-fit customer looks like, in order to discover similar ones.

How retargeting works

  1. Identify behavior on which you want to segment (e.g., add to cart, view product, etc.)
  2. Create retargeting audience within Google Analytics based on observed behavior
  3. Audience pushed to platform through integration (Google Ads, Display & Video 360, etc.)
  4. User identified cross-site, ad served

Impact of privacy changes on retargeting

Impact of third-party cookie deprecation

Main takeaway: As a result of third-party cookie deprecation, retargeting in its current form will be impossible.

To understand why, consider that cross-site identification—a necessary component of this tactic—is reliant on third-party cookies (specifically, a unique user ID); an advertiser uses these cookies to identify its audience across sites. As shown below, the retargeting will not be possible due to the impossibility of identifying users across sites.

Impact of ITP (Intelligent Tracking Prevention; Safari) and ETP (Enhanced Tracking Protection; Firefox)

Given that these, as well as other browser-level technical restrictions, effectively deprecate third-party cookies, the same concept above applies.

Impact of regulatory changes

GDPR/ePrivacy (EU): Explicit consent must be given prior to cookies being set, on both publisher and advertiser website.

U.S. Regulations: U.S. users must not opt out (i.e. provide implicit consent) of usage of their data in this particular use case. They must allow for ad platforms (e.g., Google Ads) to set and access cookies for device identifiers used for targeting.

Takeaways & Recommendations

Based on the release of ITP and ETP as noted above, chances are a sizeable portion of your users are already using technologies that deprecate third-party cookies (e.g., Safari, Firefox); once Google Chrome does the same, retargeting in its current form will cease to exist. For this reason, and given new privacy regulations, our key recommendation for marketers is to push for first-party data strategies by creating shared persistent identifiers and obtaining consent. This means obtaining a user’s email address and getting consent, creating a base of named addressable users. With this consent and shared persistent identifier on both your site and a publisher’s site, 1:1 retargeting would be possible.

Retargeting aside, a first-party data strategy, coupled with a proper first-party data architecture, is an excellent place to start. For more information, take a look at our webinar on Preparing for the Privacy Focused Future: First-Party Data Architecture.

Finally, if there is no proper diagnosis, we are unlikely to find a good solution. And in order to have a thorough diagnosis of your marketing efforts’ exposure to third-party cookie deprecation, we recommend carrying out a strategic risk assessment, which we’ve completed with several clients. For more on that, take a look at Privacy-Centric Marketing: Get Started with a Strategic Risk Assessment.

Still confused about retargeting?

Our team of data experts are here to help whenever you need us.


Last Updated: September 27, 2023

Get Your Assessment

Thank you! We will be in touch with your results soon.
{{ field.placeholder }}
{{ }}

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Search InfoTrust

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.