Intro to Data Privacy: Frequently Asked Questions About Recent Changes From Apple and Google

Data Privacy | 7 Min Read 

Immediately after coming off the heels of 2020, 2021 once again turned the world of digital marketing on its head when Apple rolled out iOS 14.5 and Google announced their plans to phase out third-party cookies

Of course, these changes didn’t come all of a sudden. Since the cookie was invented in 1994, tracking has moved from knowing the bare minimum about consumers to knowing seemingly everything about them. In short, it feels a bit like stalking.

First, businesses had to navigate government regulations around GDPR and CCPA. Now, major technology companies have begun taking notice and incorporating the privacy features you’re hearing about today into their platforms.

But the bottom line is there’s a lot going on, and you probably have questions. 

Keep reading to discover:

Then, check out more information about what these data privacy changes mean for ecommerce marketers and what you can do about them.

Explore data privacy resources

What is data privacy and data privacy compliance?

Data privacy is the relationship consumers have with their online data. 

Meanwhile data privacy compliance is when businesses conform to regulations around data privacy that enforce people’s right to know who has access to their data and what that data consists of. 

Why is data privacy important?

Previously, advertisers could track users without their explicit consent, which has caused consumers to become wary of how much of their private information is publicly available and for sale.

Data privacy is important because it ensures consumers provide explicit consent to tracking, which advertisers and businesses haven’t always prioritized in the past. Instead, they were focused on buying and selling hyper-targeted, personalized, and high-converting ads.

For consumers, data privacy helps create more transparency into how their data is being collected and used, which creates a more equitable online experience that gives people a say in how much information businesses can collect on them.

Nope, I’m not talking about delicious baked goods. 

Cookies are small lines of code that identify and track users across the internet based on their device. For example, cookies can remember to keep you logged into a website or they can remember the language you chose to browse in if you leave and return.

Advertisers buy, sell, track, and share cookies in order to access this robust user data profile and subsequently target ads to individuals based on their preferences, behaviors, actions, and interests. This is why you might go to a new website for the first time and see ads for products you’ve looked at before or that are relevant to your online searches and behavior.

While cookies started out as a way for websites to remember user preferences and serve better experiences, they’ve evolved exponentially over time. Today, data brokers can sometimes own up to 5,000 characteristics about each individual user.

What is third-party data?

Third-party data is information that’s collected indirectly from a user. Often, this data comes from a variety of sources and platforms, and is then stitched together to create a full user profile that includes an individual’s preferences, behaviors, actions, and interests.

It’s important to note that third-party data is typically implicit and based on “hints” people leave as they peruse the internet, rather than declared or explicit information.

What is zero-party data?

Zero-party data is the information someone proactively gives to you, like their email address, phone number, or even their birthday. You can collect this information in a multitude of ways, including signup forms, surveys, and lead generation forms.

What is first-party data?

First-party data is the information you observe about someone who visits your owned properties, like what products they clicked on your website or if they added something to their cart. 

What is Customer-First Data?

Customer-First Data is data you collect directly from a prospect or customer, including both zero-party data or first-party data. 

You can use all Customer-First Data to create special and personalized communications with individual users.

What are GDPR and CCPA?

Think of GDPR and CCPA as an older, overprotective sibling. But instead of standing up against the school bully, they’re standing up against data privacy noncompliance.

The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are government-enforced regulations that specify how websites can handle the personal information of users in Europe and California, respectively. 

These regulations came as the cookie became increasingly used and abused, and consumers began to feel like there was too little transparency in knowing how advertisers were collecting, tracking, and using their personal information.

The GDPR first took effect in May 2018 and mandates that any website must first collect consent from any European residents in order to track them.

The CCPA is the first major US privacy legislation to be enforced, and went into effect in January 2020. The CCPA gives residents the ability to ask businesses to disclose or delete their third-party data, or they can opt out of third-party data tracking altogether.

How is Apple responding to the need for more data privacy?

Previously, Apple could track and share your data across other apps and websites through an Identifier for Advertisers (IDFA), or a unique identifier that Apple generates and assigns to every device. 

This IDFA tracks people’s online behavior and provides advertisers with data they can use to serve consumers relevant ads based on their browsing history.

But with the iOS 14.5 update, which affects all Apple devices, apps now have to ask to collect and share your data, and consumers can opt out at any time. 

I could tell you myself that the opt-in language isn’t exactly enticing, but Chris Meade, chief marketing officer and co-founder of CROSSSNET, said it best: “The messaging for the prompt that asks people to opt into tracking on these channels isn’t easy to understand. Opting in should allow us to see better ads that are more relevant. If I wasn’t familiar with digital marketing, I’d click ‘No’ 100 percent of the time because I don’t want anybody tracking me and following me.”

How do Apple’s most recent iOS 15 updates affect me?

Apple’s most recent iOS 15 announcement is unrelated to third-party cookie tracking. You can learn more about the possible implications of iOS 15 to your business.

How is Google responding to the need for more data privacy?

Google plans to phase out third-party cookies (3PC) in 2023. Instead of 3PC, Google will test Federated Learning of Cohorts (FLoC), which track groups of people based on their common interests, as opposed to tracking individuals based on their online behaviors. 

Do data privacy laws mean my ads won’t work?

Not exactly. You’ll still be able to advertise to users, but you won’t be able to personalize the content as effectively as you have previously.

With paid social media advertising, for example, you’ll only be able to use third-party data to target users who opt in to tracking. If you can’t access as much rich data about individuals, it will likely make your ad targeting more challenging and less efficient.

When Google phases out third-party cookies, you’ll have to use Federated Learning of Cohorts (FLoC), which means third-party prospecting and retargeting through display ads could be less effective.

Plus, attribution windows on advertising platforms may be shorter, causing a lower return on ad spend (ROAS).

Will paid advertising strategies deliver higher costs and lower results?

Yes, cost per impressions (CPM) and cost per click (CPC) are increasing, which is effectively inflating customer acquisition costs (CACs) on third-party platforms. 

Meanwhile, there may be a lower return on ad spend (ROAS) because the attribution windows on advertising platforms may be shorter, causing lower activity attribution.

Can data privacy regulations help businesses in the long run?

Yes, data privacy regulations can help businesses in the long run because they prioritize the end user. 

Because of these data privacy changes, businesses must now collect and use Customer-First Data in order to communicate with consumers in a personalized and hyper-targeted way since third-party data will be less effective. This means explicitly asking people to collect their personal data, receiving consent, respecting their privacy, and ultimately creating experiences consumers want to engage with.

All-in-all, this creates a better customer experience and makes your brand one that people want to interact with and come back to.

What can I do to combat the data privacy changes in my marketing?

Glad you asked! Even though you may not begin to see the ramifications of data privacy changes until 2023, such as Google’s 3PC phase-out, now is the time to prepare your marketing strategy and shift to a customer-first mindset. Not to mention, you may have already noticed the effects of the iOS 14.5 update.

Fortunately, there are plenty of resources available to help you navigate this new, privacy-first world.

Explore these data privacy resources if you’re wondering where to start or what to do next.

Back to Blog Home
Get email marketing insights delivered straight to your inbox.
*By entering your email address and clicking Subscribe, you consent to receive marketing emails (such as newsletters, blog posts, webinars, event invitations and new product updates) from Klaviyo from time to time. You can unsubscribe at any time by clicking on the “Unsubscribe” link at the bottom of our emails. For more information on how we process your personal information and what rights you have in this respect, please see our Privacy Policy.
Own your data.
Own your growth.
© 2022 Klaviyo. All rights reserved. Klaviyo and the Klaviyo logo are trademarks or registered trademarks of Klaviyo, Inc. or its affiliates.
Terms and Privacy Manage Cookies