Executive Q&A: How Data Privacy Regulations Are Changing Marketing
The world of digital marketing and advertising is rapidly changing as data privacy laws restrict old practices for using consumer data. What can enterprises do as new regulations take a bite out of web cookies? We asked Karlsgate founder and CEO Brian Mullin for his advice.
- By James E. Powell
- September 13, 2021
As more state and national data privacy regulations come into force, traditional ways of capturing and using consumer data for marketing may become obsolete. We asked Brian Mullin, who has more than 30 years of experience in architecting software solutions for the marketing industry, how the evolving data privacy landscape will have an impact on enterprises in the near future.
Upside: How do new privacy laws affect the digital marketing and advertising worlds?
Brian Mullin: The world is rapidly changing. New electronic privacy laws are taking effect today, and more changes by 2023 will impact advertising as we know it because privacy compliance will stand in the way of traditional tracking of customer identities. Advertising agencies, publishers, and marketers are going to need to adapt and are already beginning to embrace change, especially over the next year.
Can you give a little history -- how did we get here?
Consumer identity, including financial, personal, social, and location-based information -- has been shared, traded, and used for the past 25 years through the use of Web cookies and other tracking technologies.
Today, processing personal data is a booming multibillion dollar business, yet due to the rapid deployment of new consumer privacy legislation, marketing the way we know it is about to get a major facelift.
How is underlying customer data occurring across the Web and/or social media?
Data resides in applets called cookies that were invented early on. Today, the process of elimination of third-party cookies by companies such as Google is underway. Personal identifiable information (PII) won't be visible or useable.
This creates new imperatives for first party data strategies, done securely. With a farewell to cookies, the General Data Protection Regulation (GDPR) laws already firmly in place in Europe, and looming U.S. privacy laws on the horizon, marketers are being driven to the brink of change, forced to entirely transform the way they do business.
Digital advertising in a fluid and changing regulatory environment is new ground -- not only for marketers but also legal teams scrambling to comply with on-the-fly legislation. Marketers will be pressured by legal teams and presented with a new terrain to negotiate. They will steadily adapt by finding secure alternatives.
Where does identity management and security come into play?
Improved clarity on restrictions and enforcement norms will aid advertising and marketing activities. Platforms, data processors, and data-sharing arrangements will all come into better alignment with regulations or disappear from the market. Safer, more-compliant mechanisms will be given fertile ground to innovate and grow.
As identity management shifts to first-party data, and specifically to authentic data owners, the onus will shift to organizations that have a legitimate relationship with the data subject and data elements that support legitimate interests. This transformation will forever change the way businesses collect, manage, and market identities. This starts with prioritizing the protection of first-party customer data.
How will security and cryptography play a role?
Protecting the exchange of data between parties will be critical to ensure that privacy and consent can be properly managed. Any weakness in the data security mechanisms of sharing data will lead to risk of breach or identity theft. Advanced cryptography is the first line of defense, but data owners should be aware of the limitations of encryption and hashing techniques.
Cryptographic options in common use today can still lead to re-identification of personal data and should be phased out. Far better is to employ a data connectivity network (DCN), which can unify all data-sharing activities under a single set of policies and technology.
A DCN that supports identity sharing via crypto-identity can enable zero-trust interactions through cryptographic orchestration. By preventing re-identification, data owners have more control of the stewardship and custody of their data assets.
Can we get a rundown of the new privacy laws and changes going into effect soon?
In early July, Colorado's governor signed into law the Colorado Privacy Act (CPA), making Colorado the third state to pass comprehensive consumer privacy legislation, following California and Virginia. The CPA will go into effect in mid-2023. This provides consumers with a universal mechanism to easily opt out of the sale of their personal data or its use for targeted advertising.
In July, Google extended the phase calendar for the elimination of browser support of web cookies to the end of 2023. This is only additional "borrowed time" for the industry to adjust.
Apple's plans for using IDFA (Advertising Identifier Declarations) are also continuing the transformation.
James E. Powell is the editorial director of TDWI, including research reports, the Business Intelligence Journal, and Upside newsletter. You can contact him
via email here.