Five Privacy Must Do’s and Don’ts for the Advertising Industry

Google’s plans to phase out third-party cookies next year provide an opportunity for the ad industry to reshape their relationship with privacy compliance

By Emma Sheppard


August 2023

Advertising is in something of a state of flux. And data – how it’s collected, analysed, and applied – is at the heart of it all. At this year’s 70th Cannes Lions festival, the importance of privacy was a key theme industry professionals discussed again and again. “One notable recommendation was that we need to rewire the entire digital ecosystem for privacy and compliance,” one attendee said. “Between the regulatory environment, consumers’ rising privacy expectations and the need for greater transparency and auditability, we can’t have disparate systems in different channels.” 

The advertising and marketing industries have come under fire in recent years for their approach to privacy. Despite the scale that programmatic advertising has grown to, a recent study by MIT and University College London showed that only 12% of creative management platforms meet the legal minimum requirement for data compliance. In 2022, the Internet Advertising Bureau (IAB Europe) was found to have committed 12 GDPR breaches by the Belgian Data Protection Authority, putting a system that 800 adtech vendors use for real-time bidding into doubt. IAB Europe has appealed the judgement and is also in the process of putting into place an “action plan” with regards to its so-called Transparency and Consent Framework.

Google’s plans to phase out third-party cookies next year is also sparking a rethink about the industry’s relationship with personal data. In a recent poll, 41% of marketers say their biggest challenge will be tracking the right data and 44% think they’ll have to increase spending to achieve the same results. Gartner even goes so far as to predict 80% of marketers will abandon personalisation efforts entirely by 2025. 

With that in mind, here are five do’s and don’ts for advertising and marketing professionals looking to reset their relationship with privacy. 

1. Do get everyone involved

Privacy is often seen as the domain of the legal department (or expensive outside counsel), which tends to be brought in right before a new strategy is being rolled out. But privacy is for everyone and everyone has a role to play in keeping data safe. Make time for regular training that emphasises the importance of privacy. And appoint a team of enthusiastic privacy champions, representing every department, to keep privacy front of mind. 

2. Don’t be complicit in a leaky media supply chain

Advertisers often work with a wide range of intermediaries and vendors to track, profile and target customers. It’s a complex marketplace where hundreds of companies share personal data about millions of people instantly. But many do not have a secure legal basis to collect and process their data or are complicit in the unlawful collection and sharing by unauthorised third parties. Take the time to understand your data supply chain. Ask any new partner to complete a privacy and security audit. And make sure you both sign an adequate data processing agreement, regularly reviewing terms as the partnership develops.  

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

3. Do be open to privacy-friendly alternatives

With the move away from third-party cookies, the sector is on the lookout for an alternative. First-party (data from customer activity on a brands’ website or app) and zero-party data collection (data a customer explicitly shares via touchpoints such as surveys) is likely to increase. Zero-party data is actually seen as more accurate and reliable than cookies because brands can gather data on purchase intentions and other areas of interest. Contextual advertising (delivering ads based on the context of a website or app) and decentralised advertising platforms (targeting without collecting personal data) are also expected to become more commonplace as brands seek to understand the behavioural actions of users as a whole, rather than at a micro level. 

4. Do build privacy into your brand values

A real commitment to privacy builds trust – with the public, clients and investors. Increasingly such stakeholders are much more likely to do business with companies that treat sensitive data with care and respect. And as an industry, advertisers have an opportunity to shift their perception and think about the long-term benefits of building relationships and trust with their customers. That’s because, beyond just creating a good brand reputation, investment in good privacy practices also reduces the risk of breaches, eye-watering fines and a mass exodus of unhappy customers. Create a culture of privacy compliance where every decision about a new campaign or technology such as AI, is coupled with the question: ‘what does that mean for privacy?’ It will soon become second nature. 

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

5. Don’t give up

Privacy isn’t a project that will be ticked off overnight, or a policy that can be shoved into a drawer. It’s an ongoing programme that will grow and adapt as your company does, and as regulation changes. But with the right privacy culture, training programme and champions in place, advertisers and marketers can build a way of doing business that consistently protects customers’ privacy while using data responsibly to create the best brand experience possible.

More to watch and read