This year has been a whirlwind to say the least, with everyone’s lives being impacted in big ways. Beyond the pandemic, wildfires, protests, hurricanes, and US politics, marketers were brought to the brink with the drama surrounding Apple’s release of iOS 14 and the massive implications on ad tracking data it almost brought. Looking across the pond, landmark rulings on GDPR compliance brought big change to cookie consent, the impact of which has yet to be fully realized. And several privacy changes to popular web browsers further erode marketers’ data pools (while empowering consumers to better control their personal data). Amidst all this change, you wouldn’t be alone if you were left scratching your head and asking, “What’s a marketer to do?”

Data Privacy Changes in 2020: What They Mean

These privacy-related changes may have snuck by under the radar for most, with a possible exception for the battle between Facebook and Apple over users’ data. So to catch everyone up, here’s what’s happened in data privacy in the last few months of 2020.

Apple’s iOS 14 Privacy Features

Apple made big changes to iOS 14 that will drastically limit the ability of app developers to collect data. In the App Store, you’ll see disclosures outlining specific data being collected and how it’s used. And starting sometime in 2021, users will need to opt in to tracking their activity across apps, websites, and devices. For now, marketers won’t be seeing many changes to data sets until the feature is fully implemented next year.

GDPR and TCF v2.0

Courts in Europe ruled that the widely-adopted rules around GDPR cookie consent were not enough, forcing advertisers and marketers to comply with the Transparency and Consent Framework (TCF) v2.0. You likely saw the first consequences of these changes as updated Terms and Conditions in Google products. Third party cookie consent solutions, along with Google, then got to work implementing a new framework within Google Analytics and Google Ads that will accommodate users’ consent choices. While this ruling is a major victory for consumer data privacy advocates, it will ultimately lead to big gaps in attribution data for advertisers and marketers as more sites and apps move to comply.

Browsers, Extensions, and VPNs: Data Privacy Goes Mainstream

Safari and Firefox have each made big changes in 2020 that move to give consumers more control over their data, including aggressively blocking third-party cookies and tamping cross-site and redirect tracking. Browser extensions like DuckDuckGo and 1Blocker go even further, actively blocking ads and pixels that quietly send gobs of data to advertisers. Several up-and-coming privacy-first browsers like Brave and Firefox Focus take an even stronger approach, strictly limiting cookies and cross-site data sharing (think Facebook and LinkedIn pixels). And the increased popularity of consumer-level VPNs like ExpressVPN and NordVPN improve security of browsing sessions while throwing off IP-based tracking methods.

So What’s a Marketer to Do?

Big advertisers have scrambled to move tags server-side, sidestepping several client-based data privacy efforts. This will allow certain types of data to still be gathered and processed regardless of browser and extension privacy settings. But this is not without limitations. There are *lots* of caveats as to what data can still be collected and when. And the shift from client-side to server-side tagging is a fairly complex technical feat that will require retooling of your current implementation.

That still leaves the issue of GDPR opt-in frameworks required by app stores and GDPR. To address this, Google and third-party cookie consent services are leveraging data aggregation and predictive analytics to fill the gaps when users opt out of tracking. Without attribution tracking, marketers won’t know which of their digital ads are driving conversions. These solutions will use attribution data from users that have opted in to tracking via cookies and extrapolate it over aggregated conversion data from users that opted out. While it’s far from perfect, marketers will have semi-reliable data to help them make informed decisions about ad spend. And this solution, like server-side tagging, requires quite a bit of work to implement, along with continuing fees for cookie consent services.

With attribution data mostly “intact,” there will be a noticeable gap in targeting capabilities on platforms like Facebook, as they rely on cross-site/app/device tracking to build profiles for individual consumers; there’s no good (or legal) way to get around opt-in requirements imposed by GDPR and App Store changes. Marketers will see limited ad targeting options based on interest, sites visited, etc., potentially reducing the efficiency of their campaigns—and the costs to run those campaigns.

Make the Shift Now to Privacy-First Marketing

All these data privacy changes are good things for consumers, but to marketers, it feels like the rug is getting pulled out from under us. The pandemic forced marketers to rethink how we’re reaching new audiences, placing even more importance on digital connection in a socially-distanced world. And just as we’re getting that figured out, the data we rely on to effectively target consumers is steadily eroding. That’s why marketers need to shift to a privacy-first mindset.

Apple delaying implementation of its biggest privacy changes into 2021 gave us a major reprieve from the rapid changes of 2020. Don’t squander this time—rather, use it to begin gathering your own user data:

• Build your own lists

• Leverage progressive profiling to build out your datasets

• Be intentional about the data you gather throughout the user journey

• Get creative with campaign-specific landing pages to bridge the attribution data gap

We have an opportunity to come together and help one another adapt to this inevitable shift toward privacy-first marketing. So what are you going to contribute to the conversation? Share your ideas in the comments below!