Learn How We Got Here
Understand the Pattern of Privacy & Align with Stakeholders
"70% of Americans believe their personal data is less secure now than it was five years ago."
Source: Pew Research Center
Why is that sentiment so strong? Well, quite frankly, because it’s true.
For example, between 2015-2020 in the United States alone, there were approx. 7,253 data breaches exposing 1.1 billion records of sensitive/personal data:
Source: Statista
Just let that sink in.
As a result, it shouldn’t come as a surprise that,
"84% of consumers say they want more control over how their data is being used."
Source: Cisco
This is a large part of the reason why the digital marketing industry has been hit by a slew of legal policies and requirements driven by state legislations and government action over the past three years. What started with ‘GDPR’ in 2018, quickly became an abundance of more:
- May 2018: GDPR (European General Data Processing Regulation)
- December 2019: CCPA (California Consumer Privacy Act)
- March 2019: ITP2.1 (Apple’s Intelligent Tracking Prevention 2.1)
- June 2019: ETP (Firefox’s Enhanced Tracking Prevention)
- February 2020: SameSite (Google Chrome’s Security Update)
- July 2020: LDU (Facebook’s Limited Data Use Feature)
- November 2020: 7-Day Attribution (Facebook’s Move from 28-Day Window)
- January 2021: iOS14 (Apple’s Opt In Privacy Prompt)
- April 2021: CAPI (Facebook’s Conversion API Rollout)
- August 2021: Targeting Minors (Facebook & YouTube Policy Updates)
For many, the ripple effect has been a tough pill to swallow (to say the least!)
What's at Stake
With the amount of highly saturated information out there about data privacy — it’s no wonder why some companies have fallen victim to “action paralysis”.
However, that can be a costly mistake. If you aren’t talking about or preparing for privacy, you’re taking a big risk — especially if lawfully obliged to meet regulatory requirements for compliance.
Make sure you know where your company stands from a legal perspective to prevent the potential for a worse-case scenario (e.g. paying out massive fines, fighting long/ugly court battles, and so on).
But even in the cases where you aren’t under legislative pressure to prioritize privacy, there are still many pitfalls to looking the other way. The level of impact can range from viral PR scandals to increasing rates of customer churn, or even losing market share to competitors who are getting privacy right. After all:
"More than 48% of consumers have stopped buying from a company over privacy concerns and that number is only rising."
Source: Tableau
Shift Happens
While the methods in which we deliver personalized user experiences, track the performance of our campaigns and optimize the conversion journey are evolving — it doesn’t put us at a disadvantage as marketers. Rather, it just means it’s time we adapt to winning differently.
That starts with developing a critical understanding of how proper data management contributes to the overall goal of improving online experiences and growing relationships with the real people on the other end of marketing.
The Bottom Line: It’s going to take time, resources, and stakeholder alignment — but the key to conquering privacy-first marketing is to adopt a new mindset that is all about consumer respect and trust.
Prepare Your Business
Future-Proof Your Measurement Strategy & Tech Stack
To overcome privacy challenges, you’ll need to start by taking a long, hard look at your existing tech stack, and the practices by which you collect, process, and manage users’ information — including:
Consent Management:
- Do you have a strategy in place for informing users about what data you’re collecting, why, and how they can opt-in/out based on their preferences?
- How are you managing their data based on their level of consent?
- What technology are you using to scale consent features on your website?
Data Collection & Tools:
- Are you leveraging tools that are scalable and durable long-term as it relates to privacy in a world without cookies?
- Do you have a solid technical infrastructure to continuously support updates to tracking and tagging?
- What’s your first-party data strategy and how are you activating on it for maximum value?
Consent Management
88% say their willingness to share personal information is based on how much they trust a company (Source: PwC). However, it’s the next stat that’s most staggering:
"54% of consumers say it’s harder than ever for companies to earn their trust."
Source: Salesforce
In order to build trust with the real people behind your marketing — you must gain their consent. Consider a cookie consent platform to keep things centralized and streamlined, for example:
- OneTrust – https://www.onetrust.com/
- Cookiebot – https://www.cookiebot.com/
- TrustArc – https://trustarc.com/
- Termly – https://termly.io/
- UserCentrics – https://usercentrics.com/
Privacy Policies
This public document should explain what data is being collected and how it’s being processed as well as what you’re using it for and why. Your legal team should help you decide what needs to be highlighted in the document about the data you collect.
It’s also important to ensure your privacy policy is easily understood and written in plain language for the sake of gaining the trust of the user reading it.
Examples:
Check out Termly’s guide to privacy policy strategy.
Cookie Notices
These prompts typically appear on applications, websites, or browsers and will ask users whether or not they want to be tracked. Many companies develop Cookie Policy pages in addition to their main Privacy Policy. This allows further explanation of information provided in Cookie Notice prompts in case users want more details.
In prompts, users should always have the option to say no, but should also have all the information about what happens when they opt out vs when they opt-in.
Examples:
Explore Termly’s library of cookie notice examples.
Data Collection & Tools
Depending on your company’s digital maturity and business challenges, ensuring the stability and breadth of your MarTech stack can be crucial moving forward.
Many platforms are starting to adapt to cookieless measurement solutions. While we’ve seen tactics vary, some of the more common themes emerging across them are:
- Providing value in exchange for personal information (first-party data)
- Modeling conversion data to fill in gaps in the user journey
- Implementing server-side tagging to control & manage data
- Aggregating & anonymizing user data at scale to protect individual privacy
First Party Data
First-party data is one of the most critical components of success if your goal is to continue getting a comprehensive view of marketing performance, reporting on accurate data, making optimizations that improve campaigns, and/or feeding machine learning models to fill gaps in the user journey.
Some examples of first party data collection tools are:
- Customer Relationship Management (CRM) — e.g. Hubspot, etc.
- Customer Data Platform (CDP) — e.g. Looker, etc.
- Content Management System (CMS) — e.g. WordPress, etc.
Google and other platforms are continually working on new ways to expand audience targeting capabilities using first party data. For example through Data Import, User-ID, Customer Match, and more.
Review Google’s five tips for creating value with first-party data.
Tagging Infrastructure
If you’re not currently leveraging a tag manager such as Google Tag Manager (GTM), it’s beneficial to start so you can take advantage of the following key features:
- Consent mode (beta): With this feature, Google’s tags will dynamically adapt and only utilize measurement tools for the specific purposes that a user has given consent for.
- Set this up to enable tags to behave according to the current status of user opt-in consent.
Source: Google Marketing Platform
- Server-side tagging: Using GTM’s server side container, you’ll enable the collection of higher quality data as well as be granted the ability to control what is being sent to 3rd-party sites, and more.
- Set this up to load tags directly from the server environment (aka server-side) instead of running on the site visitors browser (aka client-side).
|
BENEFIT |
SERVER-SIDE (FIRST-PARTY) |
CLIENT-SIDE (BROWSER) |
|
Durability |
High |
Low |
|
Control & Customization |
High |
Moderate |
|
Implementation Effort |
High |
Low |
Note: For Google Marketing Platform users, Floodlight tags are also considered a durable solution.
Google Analytics 4 (GA4)
If you currently leverage Universal Analytics (UA), consider moving towards GA4, the new version, sooner vs later.
GA4 was designed with machine learning and privacy at its core for long-term scalability in this new environment. For example, the following features enable a more flexible approach to measurement:
- Google Signals: If enabled, it can be used to uniquely identify users who have logged into Google and opted into Ad Personalization.
- Conversion Modelling: Google’s machine learning fills in conversion gaps due to users opting out of tracking, disallowing / clearing cookies, and so on.
- Advanced Data Control: Gain more flexibility about which pieces of user data to delete without losing all associated historical information (unlike UA!)
Adapt Your Marketing
Determine & Solve For Impact Across Channels
With all of this impending change, it’s important to:
- Benchmark (and document) historical data: For the sake of future comparisons due to potential data loss — ensure your team is aligned on what’s changing, when, and what it means for analyzing performance going forward.
- Implement cookieless measurement solutions: Develop a good understanding of all of the new ways platforms are measuring conversions and other metrics — prepare developers and technology managers for potential tracking updates across existing channels:
The Bottom-Line: From this history, it’s clear that cookies and device identifiers will continue to decrease over time. This will ultimately affect the ability to directly measure conversions, reach audiences through remarketing, monitor ad fraud and manage frequency caps across many of the existing platforms we leverage today.
Google Ads
What’s Changing:
Moving forward, Google Ads will be unable to directly measure conversions when website cookies with ad clicks are no longer available.
Examples of when cookies might not be available are cross-device conversions, conversions that occur on browsers that are no longer storing cookies, or if a user clears their cookies.
Source: Google Ads
In cases where cookies aren’t available, Google Ads will use machine learning and historical data to “scale” the number of conversions and amount of conversion revenue that cannot be directly measured to close these measurement gaps and provide advertisers with a more comprehensive view of performance.
Without modeled conversions, advertisers may attribute conversions that should be credited to Google Ads to the wrong channels in instances where cookies are not available. There will also be holes in data about the customer journey path, limiting understanding of touchpoints that move consumers towards the point of conversion.
As of April 2021, advertisers using Consent Mode will now see modeled conversions in their Google Ads reports for all campaign types to account for gaps in tracking when the user has not permitted consent. Updates will be automatically rolled out to improve the accuracy of conversion measurement and attribution over time.
The Bottom-Line: With conversion modeling solutions, available tracking data informs Google’s machine learning algorithms so they can make use of historical trends to validate and educate measurement.
What You Can Do:
- Ensure you have a strong tagging infrastructure in place, to be able to model off as much high-quality data as possible.
- Advertisers should ensure they have implemented a first-party tag, like gTag.js or Google Tag Manager (GTM) and a Conversion linker tag on their site to continue to collect all observable data and build a foundation for modeling.
- If advertisers are NOT currently using gtag for Google Ads conversion tracking or GTM (comprehensive tool to manage conversion tags across publishers), then the next step is to move towards these tagging solutions for their privacy-preserving yet sustainable features.
Facebook Ads
What’s Changing:
For quite some time now, Facebook has made major updates to their network as a result of government regulations, losing court battles related to misinformation campaigns, mishandling its users’ personally identifiable information (PII), failing to monitor and penalize the abuse of targeting options for discriminatory ads / “click-bait” spam — the list goes on and on.
View a full timeline of Facebook’s data privacy history.
Facebook has been particularly vocal about their stance on tracking restrictions. After all, they’re estimating a potential loss of upwards of $3 billion annually in targeted advertising revenues as result. Although many have stated that in reality, the true business impact won’t yet be known for quite some time.
For Facebook Advertisers today, the most critical things to be aware of include:
- Limited Data Use feature (in compliance with CCPA regulations)
- Attribution defaulting to 7-days (down from the original 28-day option)
- Development of CAPI (a server-side Conversion API)
- Impact of iOS14 (Apple’s tracking prompts)
The Bottom-Line: Facebook’s long history of privacy issues and the continued push from the industry to protect user information has changed what’s possible in Facebook Ads — it’s critical to be aware of tracking restrictions and what strategies you can use to deal with data loss.
What You Can Do:
- Become an early adopter of Facebook’s CAPI to prepare for the evolving landscape.
- Review what can be sent with CAPI, and strategize which data points and sources (e.g. CRM, etc.) should be included
- Run tests early to compare performance against historical data to understand measurement impacts and to inform recommendations on how to evolve strategy.
- Continue to utilize Facebook Pixel as a compliment to Conversions API for full-funnel visibility and to understand the difference in data.
Apple
What’s Changing:
Apple has stated that starting with iOS 14.5 or above, users will now see a pop-up that explicitly says an app wants to track them.
Source: Apple
In alignment with Apple’s commitment to App Tracking Transparency, this means iOS device users will need to explicitly grant permission to all websites, mobile/apps, etc. with marketing or advertising tracking enabled before they can gather data and follow that users activity across the web.
Apple’s even released ad campaigns subliminally encouraging users NOT to opt in:
See Apple’s consumer-facing privacy resources like “A Day in the Life of Your Data”.
The Bottom-Line: Marketers will continue to see changes in how data on Apple device users is reported as more users opt in/out being tracked — keep a close eye on trends in data and ensure you’re in compliance with all current and future restrictions.
What You Can Do:
- Keep track of iOS device user trends. Create a dashboard to chart the impact of Apple’s iOS14 privacy update over time. This will also help you prioritize resources to make changes to your measurement strategy as needed based on what you’re seeing in your own data.
- Implement the App Tracking Transparency framework. If your app collects and shares end user data with other companies to follow users across apps and web sites, you’ll want to work with developers to update your Mobile App’s Measurement SDK for proper iOS device tracking.
- Leverage the context field in tracking prompts to describe to the user, in detail, what data you want to collect, why, and what you’ll use it for in order to encourage opt-ins.
- If you’re app is on the App Store, make sure your developers detail privacy information via “iOS 14 Nutrition Labels”.
