Internet Privacy Is Changing – Here’s What You Need To Know

education

Mar 21

Blog_ Internet Privacy Is Changing (1).png

The internet privacy landscape is changing and there have been some recent announcements by Apple and Google that will affect consumers and advertisers in significant ways.

In short, there are more consumer privacy protections on the way that will improve transparency and promote the ethical handling of data, while changing how marketers everywhere will need to approach digital advertising in order to avoid the steep fines associated with non-compliance.

In order to understand what’s happening now, we need to understand the catalysts of the privacy revolution – GDPR and CCPA. Whether you’re a consumer or an advertiser, here’s a condensed version of what kicked off the privacy-first revolution, an explanation of Apple and Google’s recent announcements, and suggested next steps for advertisers.

The Catalysts: GDPR and CCPA

General Data Protection Regulation (GDPR)

For those of you not familiar with the privacy landscape of the internet, you might be wondering what exactly was the catalyst that kicked off heightened scrutiny of data handling practices? Well, wonder no more as I am here to reward your quest for knowledge with answers.

Here at Stallion Marketing Inc., we believe the General Data Protection Regulation, also known as GDPR, was the inflection point that signalled a privacy-first internet and the impending doom of cookies and third-party tracking. If you’re not sure about what cookies, first-party or third-party data is, read my previous blog post titled First-Party and Third-Party Cookies & Data Explained.

In 2018, when GDPR came into effect, it introduced protections specifically for European Union (EU) citizens. If you’re not up for the riveting read, the GDPR is based on the right to privacy, which is in Article 8 of the 1950 European Convention on Human Rights. The abridged version of that Article is that everyone (who is an EU citizen) has the right to respect for their private and family life, their home, and their correspondence.

The EU enforces those rights through legislation that went into effect on May 25, 2018 – legislation which outlines the scope, fines, and key definitions that are relevant for anyone whether you are a consumer or a business.

So what exactly is in the GDPR? According to Ben Wolford, Editor in Chief of GDPR.EU:

It applies to anyone who processes personal data of EU citizens or residents, or if you offer goods or services to such people no matter whether you are in the EU or not.
There are two tiers of fines with a max of €20 million or 4% of global revenues from the preceding financial year.
There are key definitions for terms such as but not limited to: personal data, data processing, data controller, data subject, data processor, and others that are relevant for consumers and advertisers.

If you are not into some solo “light” reading, it is strongly suggested that you go over the full 88-page document with some friends, and these friends must be lawyers. With the GDPR as a precedent, the State of California introduced the California Consumer Privacy Act of 2018 which outlined similar protections specifically for residents of California.

California Consumer Privacy Act (CCPA)

On August 14, 2020 the California Consumer Privacy Act of 2018 (CCPA) Regulations came into effect with many similarities to GDPR. It secured new privacy rights for California consumers including:

The right to know about the personal information a business collects about them and how it is used and shared;
The right to delete personal information collected from them (with some exceptions);
The right to opt-out of the sale of their personal information; and
The right to non-discrimination for exercising their CCPA rights.

For even more light reading, of course with legal friends, the Attorney General of California's website is a great resource and covers everything from scope to key definitions and compliance applicable to both businesses and data brokers. Where are we now in this privacy revolution?

The Current State: Apple and Google’s Privacy-First Push

Apple’s App Tracking Transparency Explained

“Starting with the beta versions of iOS 14.5, iPadOS 14.5, and tvOS 14.5, you’ll be required to ask users for their permission to track them across apps and websites owned by other companies”
– Apple

Apple’s upcoming App Tracking Transparency feature, set to launch in “early spring” of 2021, will require developers to ask users for their permission to track them across apps and websites in the form of a very obvious pop-up that you may or may not have already seen if you own an iPhone.

But this shouldn’t come as a surprise considering Apple has been making major shifts since March 2020 when they released an update to its Safari Intelligent Tracking Prevention (ITP). ITP was initially released in 2017 and is the privacy feature that allows Apple’s Safari web browser to block cookies and prevent advertisers from snooping on your web habits. With the March 2020 update, Safari now blocks all third-party cookies by default. While ITP focused on the browser, App Tracking Transparency focuses on apps and websites that use your device (not just your browser) to track you.

According to Apple, tracking refers to “the act of linking user or device data collected from your app with user or device data collected from other companies’ (third party) apps, websites, or offline properties for targeted advertising or advertising measurement purposes. Tracking also refers to sharing user or device data with data brokers”.

Examples include, but are not limited to:

Displaying targeted ads based on third-party data (i.e. collected by other apps and website other than your own)
Sharing device location data or email lists with a data broker.
Sharing a list of emails, and/or identifiable IDs with a third-party advertising network that retargets those users in other apps or uses them to create similar audience lists
Placing third-party code in your app that combines user data from your app with user data from third-party apps to target ads or measure advertising efficiency, even if you don’t actually use the code for these purposes. An example would be using a Facebook pixel for analytics purposes. (Facebook already had a lot to say about this).

Tracking definitions exclude:

When user or device data from your app is linked to third-party data solely on the user’s device and is not sent off the device in a way that can identify the user or device.
When the data broker with whom you share data uses the data solely for fraud detection, fraud prevention, or security purposes, and solely on your behalf. For example, using a data broker solely to prevent credit card fraud.

App developers cannot require consumers to permit tracking in order to use the app’s full capabilities. As a consumer, if you select “Ask App not to Track,” the app developer will not be able to access your system advertising identifier (IDFA), which is a key component of tracking on Apple devices. Non-compliance of policies may result in app rejection from the app store amongst fines applicable by the laws that govern these regulations in the applicable jurisdiction.

For more information about this, read Apple’s User Privacy and Data Use policy.

Google Says Goodbye To Third-Party Tracking

Quite quickly after Apple’s announcement, Google made one too effectively signalling the end of third-party tracking as we know it and placing greater emphasis on first-party data, and the ethical handling of that data.

“Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.”
“As our industry has strived to deliver relevant ads to consumers across the web, it has created a proliferation of individual user data across thousands of companies, typically gathered through third-party cookies. This has led to an erosion of trust: In fact, 72% of people feel that almost all of what they do online is being tracked by advertisers, technology firms or other companies, and 81% say that the potential risks they face because of data collection outweigh the benefits, according to a study by Pew Research Center.”
– David Temkin, Director of Product Management, Ads Privacy and Trust, at Google.

If you’ve made it this far into the article, kudos to you! There was some really dense stuff earlier but you’re probably now at the edge of your seats, waiting with heightened anticipation to hear about what you should be doing with all this information. Let me satisfy your curiosity.

What Should You Do About This?

If you’re a consumer, that’s relatively easy – keep informed and be aware of your rights. Scrutinize the information requests from both apps and website, allowing only the type of tracking that you’re comfortable with. In essence, remain vigilant, and yes read those terms and conditions even if you may not want to.

If you are an advertiser, however, once these policies are enforced, consumer behaviour will also change and will likely result in some loss to the very detailed targeting, optimization, and reporting capabilities that marketers were previously used to.

As a marketer, here are a few things you should be doing in order to be well prepared for the impact of these recent announcements. By no means is this list exhaustive, nor does it constitute legal advice.

Stay informed. There are many free resources available on the internet that can point consumers in the right direction, but as a business, your best source of information should be your lawyers. it is important to understand which of these laws or regulations already apply or will apply to you and how to stay compliant in order to avoid fines that could cripple your operations.
Audit your business. Considering some of the laws mentioned here have been in effect since 2018, it is important to identify any gaps in compliance you may already have and close these gaps by working with the relevant cross-functional teams in your organization.
Comply. Compliance is mandatory for all businesses, but individuals, startups, and SMBs may not know where to start. Compliance is an ongoing process as the laws and regulations are constantly changing or being updated.
Collect First-Party Data. First-party data, which is the data that your app or website collects about its own consumers, will become the new currency of information. It is important that businesses ethically enhance their own stores of information and depend less on third-parties for this.

At Stallion Marketing Inc. we understand that the marketing landscape is changing and each business’ needs are unique. We encourage you to book a Discovery Call to explore privacy-focused strategic and tactical options for your business. We also encourage you to start thinking about measurement and attribution without cookies and through a privacy-first lens as this will be the new norm soon enough. At the very least, start using the new Google Analytics 4, which does not require cookies to measure activity and preserves consumer privacy.

To stay informed about our latest perspectives on relevant digital marketing and analytics topics, please sign up for our newsletter.

Data PrivacyCCPAApp Tracking TransparencyGoogle Analytics 4First-Party CookiesThird-Party Cookies

Hakim Garuba

I help individuals, startups, and businesses grow using data-driven approaches to scale their marketing efforts! I am a seasoned growth marketing professional with over a decade of experience in user acquisition, engagement, and retention marketing for B2B and D2C companies across different industries. I bring a wealth of strategic and tactical experience from my time working at Paramount, Square, Google, Nokia, and StackAdapt. I am passionate about music production, my two cats, and baking.