In this blog


Since its launch in 1993, the worldwide web has transformed our lives in ways that no one could have imagined. Privacy was just as relevant then as it is today and in 1995, the Data Protection Directive was put in place to provide guidelines to safeguard our identities and stipulate how personal data was to be used by companies with an online presence. 

But a lot has changed in the past 27 years. And as expected the need for additional regulation to enforce privacy has become increasingly important. As a result, marketers are continuing to adjust to the changes around every aspect of marketing… attribution, segmentation, targeting, measurement, etc. 

And change, as far as regulation goes, is still in the air. Kickstarted by the data consent initiatives - GDPR (General Data Protection Regulation) in Europe and followed by CCPA (California Consumer Privacy Act) in California (and many more) to Apple's controversial iOS 14 updates to the soon-to-be sunset of the third-party cookie; the evolution of the customer data profile is still taking shape.

As the third-party data shakeup unfolds and customer data privacy becomes priority number 1, marketers are scrambling to understand what it all means and more importantly, how it will affect their growth and marketing plans in the future. Let's look at how the third-party data landscape has changed and how retailers can utilize 1st party data to achieve their marketing objectives.

GDPR and other data protection acts

In May of 2018, the General Data Protection Regulation (GDRP) went into effect to replace the 1995 Data Protection Directive and was soon followed by other data protection acts (many at the state level). The most important takeaway from these regulations is that they govern the way in which companies can use, process, and store personal data. For individuals, the bottom line is you have:

  • The right to be informed of what your data is used for.
  • The right to access that data at any time.
  • The right to rectify it.
  • The right to erase it or be forgotten.
  • The right to restrict the processing of that data.
  • The right to limit data portability.
  • The right to object and rights in relation to automated decision-making and profiling.

The way companies used your data in 1995 has changed drastically to the way it's being used today, and recent legislation is finally catching up with technology. Many states (California being the first) have started to enact regulations similar to GDPR.


Since 1994 the cookie has been a key component in tracking web-behavior. It's a small text file stored by the browser that a website can write data to, specific to a device or user. Initially, it was designed to improve the users' experience on a website, but its use has expanded, especially with the introduction of the third-party cookie. There are two types of cookies:

First Party Cookies - designed to help website owners improve their services and customer experience, these cookies are controlled by the website you visit to help remember things if you leave the site mid-session. These things are the items in your cart, items you viewed, and other user experience preferences. 

Third-Party Cookies - designed for third-party advertisers, these are the cookies that can be accessed on any website that utilizes third-party ad servers. They allow advertisers to track users across the internet and target advertising wherever that user goes.

A LOT of marketing capabilities are powered by third-party cookies. These are the cookies that are going away. Some browsers such as Firefox, and Safari have already blocked third-party cookies. Google has been the holdout, but they announced last year that Chrome (the most widely used web browser) will be deprecating third-party cookies in early 2023 making it the final widely used web browser to end support and officially killing off the third-party cookie.

Apple privacy updates

Last year a long-anticipated change in Apple's iOS was released that made user privacy a focal point. Before this, marketers could use several tools to track user data from an app and then utilize this data alongside other third-party (like the cookies mentioned above) sources to identify users and target them with advertisements (and more importantly sell this information to other companies looking to do the same). 

Prior to this change the rules to declare any sort of third-party tracking were pretty loose. But, with this change the concept of privacy was front and center as app developers were now required to disclose what they were tracking on the app page and give the user the ability to opt-in or out upon firing up the app. 

And then there were iOS 15 and MacOS Monterey updates that included email tracking. This invisible tracking pixel is included on advertising platforms to keep marketers from knowing when a user opens a marketing email that was sent to them. When a user then clicks a link in the email it can also mask the IP address so the online activity cannot be tracked or capture location information.

Along with a handful of other privacy features (including the limited ability for voice and video recording), Apple users can also review privacy reports for their apps and review and/or change permissions that an app has been granted along with visibility into third-party domains that the app is communicating with.


While there have been quite a few updates to third-party data policies over the last few years the question we should really be asking ourselves is why did it take so long? In under 30 years personally identifiable information has gone from being contained via physical artifacts to becoming completely digital. Today it's almost impossible to not leave a trail threaded across the internet. I recently utilized an identity tracking service to just see what I could find about myself online. Not only was I surprised by the length of the thread, but also the depth and historical detail. Ironically, many of us today (knowingly and unknowingly) post all kinds of artifacts to social media and the internet that could easily be detrimental to the integrity of one's privacy. So, the fact that regulation is helping save us from ourselves (or advertisers anyways) is a plus. Privacy rights are here to stay. And it's a good thing.