Major data privacy changes- What you need to know
The data landscape rapidly changes and shifts, but a flurry of recent announcements will shaken the core of how we measure and track customers.
What is happening?
Basically, until now we’ve been living in the wild west of data, but after a wave of data scandals a new sheriff has come to town. And this sheriff is changing all of the rules. The new priority for data is privacy first, marketers second. These new rules are coming through legislation, and the gods of the internet. We’ll explore what’s happening in both groups, and what happens next.
It all started with GDPR, but now consumer data legislation is popping up around the globe. In the US, the California Consumer Privacy Act just officially passed (and will go into effect in 2020); meanwhile, similar regulations are developing in Brazil and India as well.
What do these laws entail?
General Data Protection Regulation (GDPR)-
GDPR is a law passed by the EU in 2016, and began enforcement in 2018. The stated goals of the law are to: harmonize data privacy laws across Europe, protect and empower all EU citizens data privacy, and reshape the way organizations across the region approach data privacy. It does this by levying heavy fines against any business that is found in violation of the regulations. This applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.
California Consumer Privacy Act (CCPA)-
The CCPA will allow consumers to force companies to tell them what personal information they have collected. It also lets consumers force companies to delete that data or to forbid them from sharing it with third parties. This law aims to target larger businesses, and only applies to businesses that earn more than $25 million in gross revenue, businesses with data on more than 50,000 consumers, or firms that make more than 50% of their revenue selling consumer data (I.E. data brokers).
While this law only applies to customers who live in the state of California, 17 other states are currently exploring similar legislation. It’s likely that most companies will just adopt these practices across the board.
Both Google Analytics and Adobe Analytics use a default 30-day conversion window, allowing you to see the impact of every touch that impacted a conversion in that time frame. Those attribution models on Safari browsers will now only collect data on the last seven days prior to conversion, deleting any data collected before that point.
For remarketing, marketers now only have seven days to programmatically target Safari visitors. After that, their data will be deleted, along with the ability to retarget them.
Other effects from this change include: cross-device visitor tracking becoming unreliable, and a dramatic uptick in unique visitor counts. Visitors who span multiple devices and have a buying journey more than seven days will look like new visitors when they finally return, skewing the data. Additionally, since they now look like new visitors every seven days, new visitor counts will skyrocket.
Mozilla rolled out similar features to its popular internet browser, Firefox, earlier this year. They recently rolled out an “Enhanced Tracking Protection” feature, which blocks all third-party cookies by default. They also began blocking over 2,500 tracking domains, many of which control multiple cookies, and plan to “update and improve this list over time”.
Chrome will add a browser extension that will showcase the names of the AdTech providers on each page and the personalization factors associated with each cookie. They also plan to provide user-level cookie control for third-party cookies.
What can we do?
First party cookies
Moving from third-party tracking cookies to first-party cookies will help protect against these updates and changes.
Most of the changes implemented by the tech companies target third-party cookies, but none of them target first-party cookies yet. This allows you to continue tracking your customer journey without interference.
This change also provides a number of fringe benefits, including: ownership of the data, reduced likelihood of blocking, and better storage and utilization opportunities.
Owning your data insulates you from changes or updates to any future terms and conditions. It also allows you to store the data indefinitely.
In order to implement this, you’ll need to develop the cookies and have a data-warehouse to store the information collected.
It should be noted with this solution that since you own the data, you assume 100% responsibility for it. This includes compliance with the privacy laws previously discussed, as well as the protection of the data.
Tracking pixels have managed to avoid much scrutiny yet, and therefore they have escaped the proverbial regulatory hammer so far.
Pixels transmit their data directly to a server, rather than storing data in the browser. This makes the pixel extremely useful, as the user cannot delete the data by clearing their cache.
As regulation ramps up, we predict that most tracking will transition from cookies to pixels, and the data produced by these pixels will move to large data-warehouses for storage. Similar to a first-party cookie, the data gathered from pixels will become the responsibility of the pixel owner.
What comes next?
It is clear that the old way of collecting data is officially dead. Privacy and consumer protections are here to stay.
The solutions that we presented here only serve to fix the issues created by these updates to browsers, they will not help avoid any of the new legal regulations. The internet is entering a new age, and every company will have to grow and adapt to this new ecosystem.
If you’re freaked out by all of the changes hitting the data landscape, we can help. Book your complimentary data strategy session with a Praxis Metrics data expert who can walk you through these changes.