In recognition of International Data Privacy Day, The Drum asks more than a dozen data and media experts how the landscape of consumer data privacy and data-driven advertising will look a year from now.
Amid ongoing changes to Google’s plans to replace third-party cookies, Apple’s increasingly stringent (albeit questionably enforced) privacy policies, a growing wave of both proposed and adopted consumer data protection regulations, advancements in adtech and privacy lawsuits galore, there are more than a handful of key factors shaping our data privacy landscape today.
In honor of Data Privacy Day, we asked top data, privacy and media professionals how they predict things will shape up in the next year. What might our world look like on Data Privacy Day 2023?
Prediction 1: tougher regulation and enforcement
Arielle Garcia, chief privacy officer at UM Worldwide:
By Data Privacy Day 2023, we can expect more privacy controls for people – whether by way of growing state law requirements to honor Global Privacy Control or new privacy features developed by big tech. We can also expect new state laws and continued speculation about whether 2023 is the year that federal comprehensive privacy law will be passed.
As we can expect to see a growing amount of organizations that will be implementing or updating their mechanisms to manage privacy rights and consumer preference. We are also likely to see greater scrutiny around dark patterns. Finally, we can expect growing demand for algorithmic transparency, catalyzed in large part by the FTC.
Jessica Simpson, senior vice-president of global identity, data and tech consulting at Publicis Groupe:
I anticipate a great deal of change between now and Data Privacy Day 2023. Some trends we are watching include: state privacy developments and how this influences the clip by which federal legislation takes shape or if states effectively fall in line with the standards that California, Colorado and Virginia are starting to put forth. We are watching how these regional laws impact brands both fiscally and from a marketing standpoint. We are heavily leaning into partners in the consent management space that help with consent orchestration, interoperability of consent across platforms and obligation enforcement.
We’re also keeping abreast of how web3 and elements like decentralized identity, crypto identity and data ethics in the metaverse play out. And we have our eye on how cross-border data transfers will be handled and if clean room technologies that offer options like multiparty compute and encryption technologies help solve for these issues.
Caitlin Fennessy, chief knowledge officer and vice-president at the International Association of Privacy Professionals:
In 2022, privacy enforcement actions will light up the headlines based on the substance of their demands rather than their dollar value. Growing privacy enforcement has already served as a wake-up call for companies, but there is much more to come. Data protection laws around the world are complex and difficult to follow to a tee.
As a result, companies watch the courts and regulators closely to gauge expectations and risks. Their actions have led the adtech industry to rethink its cookie-based business model and big and small companies alike to challenge government demands for data. Multi-million-dollar fines have granted privacy professionals entry to board rooms globally; but it will be enforcement actions that demand changes in business practices, breakup data-based consolidation and force disgorgement of ill-gotten data and learning that lead to the biggest changes. We have seen some already. These are the enforcement risks that will appear on companies’ financial statements, that will be debated ahead of M&A deals and IPOs and that will extend prime-time television campaigns on privacy. Meanwhile, international data transfers will become ever-more complex, as countries veer toward data localization.
David Reckert, managing privacy counsel at LiveRamp:
The nuance and variety of privacy regulation across different states makes it difficult to leverage an external privacy expert to support the specific needs of companies and engage with product and engineering teams, specifically focusing on workflows to support new consumer rights requests.
At the same time, however, we’ll see more industry fluency with privacy regulation. In turn, this will open the door to more consumer trust, which all companies are looking for. Some examples of this include broader adoption of data localization and data minimization solutions; better understanding of what constitutes ’dark patterns’ – negative behavioral economics, anti-transparency – and how not to engage in them; and more attention to the areas where consumers are most concerned about sensitive data.
From large to small, we are also seeing an explosion of in-house privacy teams, as companies around the world recognize the need to hire and retain full-time privacy experts.
Caitriona Fitzgerald, deputy director at the Electronic Privacy Information Center:
By Data Privacy Day 2023, I expect that policymakers will act on what has become very clear over the past few years: corporate surveillance has real harms and can no longer be allowed to continue unregulated. I expect we will see limits on the amount of personal data companies can collect about us and how they can use that data. There is an urgent need to act.
Prediction 2: fewer ID solutions, more consumer control
Subhag Oak, senior vice-president of data and intelligence at Amobee:
Over the next 12 months we can expect to see an influx of cookieless solutions – like Google’s recent release of Topics API – being released across the ecosystem as earning and building customer trust has become ever so important as it directly impacts brand perceptions. As the overall industry is still processing the implications of data restrictions like cookie deprecation and identity solutions, the landscape is ever-evolving.
Fiona Davis, chief operating officer at Captify:
Big tech’s solutions, like Google’s Topics, will meet new privacy requirements, but will fall short of advertiser needs. Combined with antitrust legislation and negative consumer sentiment, this creates an opportunity for open web solutions to step in and fill the void, championing more independent publishers and eating into big tech’s share of the pie.
In addition to this, we will see a shakeout in the ID space. Some IDs will develop a defensible regulatory position, but many IDs – specifically the ones that effectively equate to fingerprinting – will face legal challenges that will render them unusable.
Kevin Wang, senior vice-president of product at Braze:
Google’s updates to its cookie replacement strategy just reinforces the need for marketers to shift their strategies toward using first-party and zero-party data. I believe Google sees the writing on the wall as the use of third-party tracking continues to decline in importance. As the value of third-party data declines, experiences driven by first-party data will become more important as they draw more marketing spend.
Budgets will shift to categories that make sense for consumers and regulatory trends, rather than disappear. For instance, recent Braze research indicates that 96% of surveyed marketers plan to increase their marketing budgets, 42% plan to boost how many channels they use to communicate with customers and 38% of surveyed companies plan to place a heavier emphasis on zero-party and first-party data in order to continue to target and engage audiences.
Kevin Whitcher, vice-president of product at DISQO:
While the industry is understandably nervous about the fate of digital media and advertising, this is a chance to create a better future. Consumer-centric thinking is required as ad and martech strive to innovate new technologies and methodologies. As the industry looks to move beyond cookies, I think we’ll see a greater reliance on zero-party data, which is a concept where consumers voluntarily and proactively share data in a fair and transparent way. In this model, publishers or vendors act as stewards of consumer data, asking for permission before leveraging it and ensuring customers understand how that data will be used.
Prediction 3: less loose talk, more concrete strategies:
David Temkin, senior director of product management, ads privacy and user trust at Google:
Over the past several years the advertising industry has engaged in important conversations about how to best build a privacy-safe future – and some of the innovations we’ve seen come from those debates have been very encouraging in this mission.
By this time next year I expect to see those thoughtful debates translate into concrete strategies that are out in the world, being tested and reviewed – whether it’s first-party data strategies rooted in user consent, increased user controls which seek to answer regulatory calls for transparency and consent or greater implementation of privacy-safe APIs like the ones being developed in Google’s Privacy Sandbox.
Anthony Katsur, chief executive officer at the Interactive Advertising Bureau Tech Lab:
Prediction 4: it’s contextual’s time to shine
Tony Marlow, chief marketing officer at Integral Ad Science:
By this time next year, the shift to contextual targeting will define our industry, especially as data privacy concerns and demands for greater transparency on the use of personal data remain high among consumers. The time to plan for a cookieless world is here, right now. Precision contextual solutions… have proven to be extremely effective and they also provide consumers with ads that are relevant to the content that they are viewing, without putting their personal information at stake.
Ken Weiner, chief technology officer at GumGum:
By this time next year, I anticipate that contextual targeting will have moved into a more primary role, as it will be the only reliable way of targeting audiences without the use of any personal data, at scale. Solutions like the universal ID and Google Topics – or ‘FLoC 2.0’ – that are being floated around now will still need to use personal data insights and have the potential to be subjected to emerging data privacy regulations and will require users to opt-in and accept tracking.