With the massive fines from violating GDPR looming, marketers are adding millions of dollars in liability to agencies in the face of data breaches and violations. The California Consumer Privacy Act and rising consumer concerns over data privacy are also on the horizon.

Non-EU-based brands should take steps now to retool their privacy strategies. One of the simplest (yet most visible) ways to clearly communicate brands’ privacy practices is to provide cookie notices on their homepages. Despite consumers’ desire for transparency, only 16% of brands analyzed in Gartner L2’s report on data and targeting included cookie notices on their homepages, up from a meager 6% last year.

EU-based brands, which have been held to the GDPR regulatory standard since May, have made more drastic improvements, jumping from 24% to 53% adoption of cookie notices year over year. Brands based in North America, on the other hand, are lagging behind—only 5% of brands in Gartner L2’s study have adopted them, compared to 3% last year. A third of beauty and travel brands have adopted cookies notices, while none of the analyzed brands from activewear, big box, or department stores have.


The typical cookies notice merely lets the user know that the site collects cookies and provides a link to the brand’s cookie policy. Best-in-class brand H&M, however, notifies site visitors they are able to refuse cookies within the notice itself, which provides a link with instructions on how to do so. By welcoming site-goers with a clear option to reject cookies, H&M positions itself as a brand that cares about its users’ privacy rights.

To steer clear from the troubled waters EU-based brands are currently in, brands based in North America would be smart to look ahead and prep their strategies before the privacy regulations make their way across the Atlantic.

Daily Insights in Your Inbox