U.S. Data Privacy Is Changing: What Marketers Need to Know

Welcome to Our Privacy Series

Over the next three weeks, we’ll be diving into one of the most important and fast changing topics in marketing today: privacy. Here’s what you can expect:

1. The General Privacy Context in the US
2. A Deep Dive into the recent Honda Enforcement Case
3. Focus on General Privacy Control (GPC), an emerging browser-level privacy feature

Introduction

The privacy conversation in the United States is heating up. What was once seen as a concern limited to tech-savvy early adopters is now a pressing issue for any size business.

Marketers in particular are feeling the pressure from multiple sources. Regulators are rolling out new laws, tech platforms are closing loopholes, and consumers are demanding more control. The stakes are high, and brands that fail to adapt to risk are falling behind in efficiency and losing consumer trust.

Keep reading for an overview of the broad context of privacy in the US today and guidance on how marketers can get ahead of the curve.

‍

Part 1: Privacy is more and more part of marketers’ daily lives in the US

A) More regulations

The privacy movement in the US started initially when California’s Consumer Privacy Act (CCPA) went into effect in 2020. Since then, the federal government has yet to produce a comprehensive privacy law, leaving many states to take action into their own hands. Currently, there are more than 20 states that have enacted or are contemplating their own legislation related to privacy protection, transparency, and other related topics. While there are many similarities, each state introduces its own nuances. For example, Delaware prohibits the processing or sale of data for targeted advertising for consumers aged 13 to 18 without their consent in certain circumstances.

As more states implement their own laws, the question of enforcement is becoming increasingly important. Regulatory agencies are beginning to take action, setting the tone for what compliance looks like in practice. Recently, the California Privacy Protection Agency (CPPA) issued a major fine, ruling against Honda for failing to meet opt-out rules, among others. We’ll dive deeper into this landmark case in next week’s post. With active enforcement, businesses are now faced with an obligation to actively comply with all requirements.

B) New Technology updates

While Google Chrome’s decision to abandon its plan to phasethird-party cookies might suggest a return to business as usual, the broader landscape tells a different story. Major tech companies are placing restrictions, signaling a continued shift away from traditional, large-scale tracking methods. For example, Apple introduced ATT (App Tracking Transparency) in 2021, which vastly reduced the amount of data collected on iOS apps, and 3rd-party tracking is already mostly irrelevant on browsers such as Safari and Firefox.

It is expected that this trend will continue and that for every new workaround found, tech vendors will always find new ways to make sure privacy remains a top priority. The only sustainable way forward is to use privacy-conscious alternatives.

C) Consumers are more informed about privacy

According to Pew Research, 4 in 5 Americans are concerned about how companies use their personal data. This awareness is translating into action. In California alone, privacy complaints and class-action lawsuits are on the rise, for example The Trade Desk is facing a lawsuit that claims they have built a new form of tracking in order to circumvent privacy regulations.

Consumers are becoming more selective than ever, favoring brands that prioritize transparency and control. Marketers who ignore this trend not only risk compliance issues, but also their brand reputation.

Part 2: How Should Marketers Adapt to This New Era?

A) Staying Ahead

With no federal privacy law, the US privacy landscape is fragmented and complex. A scalable, efficient approach will be the key to success, especially for smaller companies which cannot afford to adapt to each individual state’s regulations. To achieve this, marketers should regularly monitor new regulations, and, especially if they notice a new ruling that may impact their business, consult with legal representatives who specialize in privacy. Additionally, collaborating with specialized marketing experts who understand the landscape can help implement necessary changes to ensure compliance.

B) Focusing on First-Party Data

As third-party data is becoming scarcer and scarcer, first-party data (information that you collect directly) has never been more critical. Building a lasting, resilient first-party data collection architecture is the key to quality first-party data. Most notably, marketers can adopt certain durable tools such as server-side tracking, Google’s first-party mode, and Meta’s Conversions API (CAPI). Additionally, it may be worthwhile to explore emerging alternatives for 3rd-party data like identity providers and Google’s Privacy Sandbox.

However, it is of the utmost importance that marketers avoid cover-ups that try to block platform oversight on their restrictions, as it can result in penalties or bans from the tech companies.

C) Building Trust with Customers

Based on our experience working with global clients and more than a decade of internal analysis on web analytics data, we know that customers who trust businesses with their data are more likely to engage, and more likely to stick around. So trust is invaluable in itself, but it can also bring additional data: zero-party data. Zero-party data is information your customers willingly give to you, and it is some of the most valuable data because it is truthful, and your customers actually want you to use it.

The best ways to earn your customers’ trust is to be transparent about what data you are collecting and why, and then offering clear privacy controls and simple opt-outs. This needs to be balanced against marketing opportunities and overall business strategy, but remember that regaining trust is harder than collecting new data.

Conclusion: Privacy in the US Is Here to Stay

We’re at the beginning of a long-term shift. While the US may be relatively new to the privacy landscape, the momentum is undeniable. Marketers can no longer treat privacy as an afterthought. To thrive, they must align their strategies with regulatory changes, technological updates, and consumer expectations.

What’s Next?

Next week, we’ll take a closer look at the Honda case, the second major enforcement action under Californian privacy law after the Sephora case (2022). We’ll touch on what happened, what it means for other businesses, and how you can avoid similar pitfalls. Stay tuned!