Since we last took a look at privacy in November,  two major legislative initiatives have come down the pike that will increasing put the onus on brands to think of their privacy policies as a form of marketing. Brands must ensure that they do a better job than their competitors by delivering user-friendly, transparent privacy policies.

Long in coming, the European Union’s General Data Protection Regulation (GDPR) became enforceable on May 25 and has seen a resultant floor of privacy updates across many EU brand websites, particularly among retailers. California also recently passed the Consumer Privacy Act of 2018, which, although not due for implementation till 2020, is set to dramatically change how businesses handle data in the US’s biggest state.  

At the center of both of these laws is a fundamental shift in how consumer data is stored and collected by brands. The onus of data usage notification is being shifted onto marketers, while consumers are getting a wider range of options to understand how their data is being used and easy mechanisms to opt out of any usage they deem questionable.


While concerns about online privacy have ebbed and flowed over the years, we seem to be at a high watermark: 73% of US consumers are concerned about how their personal data is being collected and used by internet companies, according to a recent survey by Recon Analytics. Unsurprisingly, big tech firms including Facebook, Google, IBM, and Microsoft have responded to both initiatives by aggressively lobbying for the creation of some sort of federal privacy law, built upon a more industry-friendly privacy benchmark..

Into these churning waters of shifting policies, evolving consumer attitudes, and business lobbying for the status quo, leader brands approach digital privacy by adhering to the spirit of current laws, rather than the letter. They clearly explain how they use collected data and what benefits accrue to the customer.

When last we looked, brands deploying such effective privacy strategies were as rare as hen’s teeth. While 82% of leader brands succinctly explain the way they use collected data to tailor advertising within their privacy policies, the majority of brands fell short, with 92% of studied brands failing to supply a prominent and concise privacy and cookies notification.

Preliminary results from our upcoming Data & Targeting report point to a mixed bag in terms of brands evolving their privacy assets in the best way possible. Driven by GDPR, EU brands have improved their cookie notification process. Over 56% of EU-based sites have a privacy/cookies collection banner on their site homepage. But this trend has failed to translate to the US, where only 5% of brands have such a homepage notification.

While some EU- and US-based marketers are doing privacy right, the majority of brands must thoughtfully re-tool not only their data privacy disclaimers, but their entire approach to data collection and notification, or else risk losing the trust and attention of portions of their addressable market in this sea of change. When it comes to privacy, the only defense is an aggressive offense.

Daily Insights in Your Inbox