How top data privacy trends will impact marketing by 2025

As the online world shifts to a more privacy-first web, digital marketers who have relied on widely available data have to adapt to accelerating data privacy trends or get left behind. Now, compliance is key, and the pathways to access and utilize consumer data have become more complicated.

For many brands, focusing on first-party data (i.e., customer data that you have collected directly from your audience or engaged customers) and zero-party data (i.e., data customers proactively give you) instead of third-party data has become a top priority to grow their customer bases and optimize cross-channel marketing. To win, you have to own your brand’s data — and use it to innovate.

In the meantime, here are four main data privacy trends that are pulling in the reins of consumer data, so you can adjust your strategies accordingly as they evolve and go into effect through 2025.

Data privacy trends impacting marketers

1. Browsers are blocking third-party cookies, some by default.

According to research by Statista, 51% of marketers consider third-party cookies very important to their current marketing strategy. But the demise of cookies is on the horizon, with a shift to block them by default or phase them out. 

Here are where the major browsers currently stand:

• Safari: Apple has blocked all third-party cookies in Safari by default since the release of Safari 13.1 in March 2020.
• Firefox: Although Firefox introduced its Tracking Protection in 2015, Firefox only recently rolled out its Total Cookie Protection by default to all users worldwide in June 2022.
• Chrome:  According to Google’s Vice President of Privacy Sandbox, Anthony Chavez, Google does not plan to begin phasing out third-party cookies in Chrome until late 2024 — referring to his update on the matter in July 2022.
• Edge: Although users can change their cookies and site data settings, Edge does not block third-party cookies by default.

2. Consumers are actively protecting their online privacy.

As consumers continue to become more savvy and wary of big tech, consumers are paying much more attention to their online privacy. With more tools to block ads, clear or hide browsing histories, or to block cookies, consumers are taking control. 

Here are a few compelling stats that help to tell the story:

• According to Pew Research, “72% of Americans report feeling that all, almost all or most of what they do online or while using their smartphone is being tracked by advertisers, technology firms or other companies.”
• And for another compelling stat, Pew Research also found that “52% of Americans have decided not to use a product or service because of privacy concerns.”
• Research in Hootsuite’s Digital 2022 Global Overview Report found 37% of worldwide internet users aged 16 to 64 use ad blockers and 28.3% use virtual private networks (VPNs).

3. Legislators are catching up with new general data regulations. 

Regulations like California’s CCPA, Europe’s GDPR, Brazil’s LGPD, China’s PIPL, and other proposed state-specific regulations make data collection and activation more challenging for marketers.

Here are some highlights of recent impactful regulations**:

• California Consumer Privacy Act (CCPA)
  • Since it went into effect in January 2020, CCPA has secured privacy rights for California consumers, including the rights to: 
    • Know what info a business collects about them 
    • Delete personal information collected about them 
    • Opt-out of the sale of their personal information
    • Non-discrimination for exercising CCPA rights
    • Sue for security breaches
• California Privacy Rights Act (CPRA)
  • For the most part, CPRA just expands on the CCPA 
  • Although it went into effect in December 2020, many of the protections it covers don’t fully go into effect until Jan.1, 2023
  • Two additional rights included are:
    • Request a business correct inaccurate personal information
    • Direct a business to limit use and disclosure of personal information (e.g., social security number, financial account information, your geolocation data, or your genetic data)
• General Data Protection Regulation (GDPR)
  • Since May 2018, the GDPR has unified data privacy laws across the European Union
  • GDPR is strict when it comes to how consumers give consent and opt out
  • Among others, GDPR includes the rights to:
    • See what personal data a business has about them
    • Update inaccurate or incomplete personal data
    • Delete all the personal data about them
    • Restrict or stop processing of their data
    • Receive a copy of their data that can be easily transferred to another business
    • Object to a business processing their data
    • Challenge decisions made about them based on their data
• Lei Geral de Proteção de Dados (LGPD) 
  • The LGPD is commonly known by its Portuguese acronym, but in English translation the full act also is called the Brazilian General Data Protection Act
  • Enacted in 2018, the LGPD provisions began to go into effect in Brazil in late 2020
  • Although the privacy rights are similar to those in the GDPR, the LGPD includes exemptions to the processing of personal data for:
    • Individual and exclusively private purposes that have non-economic reasons (e.g., keeping a personal contact list or address book)
    • Solely journalistic, artistic, or academic purposes
    • Exclusive purposes related to public safety, national defense, state security, or the investigation and prosecution of crimes
    • Personal data originating from outside the national territory that is not shared outside the country of origin (with other noted restrictions)
• China Personal Information Protection Law (PIPL)
  • Similar to the GDPR, the PIPL addresses privacy law for any business, inside or outside of China, that collects or processes personal data of people in China
  • The PIPL went into effect in November 2021
  • Here are a few helpful sources reviewing the effects of PIPL, as some uncertainty about the full implications still remains:
    • Deloitte
    • Columbia Journal of Transnational Law
    • PwC Cybersecurity and Privacy
    • Fortune

4. The walled gardens of key players are creating a level of data privacy at the brand level — and restricting access.

When a platform controls how an ad looks, how its data is used, and who can advertise, one term that comes to mind is the walled garden. 

And most notably, over the past decade giants like Amazon, Apple, Facebook, and Google have created meticulously controlled environments and ad tech stacks that limit marketers’ ability to access and extract data for their own marketing purposes — leaving marketers on the outside. Arguably, the trend elevates the concepts of data privacy to the brand level.

Although one response to this growing issue is for brands to create their own walled gardens (e.g., a branded mobile app) and forge partnerships, the shift can be daunting.

Here are some helpful resources on the impacts of walled gardens:

• Research from Gartner on walled gardens
• Report from Criteo and Digiday on life outside walled gardens
• Perspective on Apple’s envied walled garden

Make the most of your first-party customer data

Cordial has always focused on the collection of first-party data and prioritized the ability for clients to not only be able to easily access it but also activate it through advanced segmentation, personalization, and more.

Learn how Cordial can help you build a first-party data strategy to fuel your marketing efforts by watching our webinar: “Why moments are the secret to cross-channel success.”

[** Content about legislation is for informational purposes only, and should not be construed as legal advice.]