Customer Privacy in Digital Marketing: All you need to know!

8 Nov


Written by

Sara Jabbari




Customer Privacy in Digital Marketing: All you need to know!
Dark mode
Dark mode
Switch to light mode
Switch to dark mode

According to the Economist, customer data is the most important business asset in the world. And this is no surprise as data when properly utilized can help businesses to better understand their customers so they can create digital marketing strategies that allow them to effectively promote products and services to their target customers. But how can businesses that rely on digital marketing effectively collect and use customer data while complying with consumer data regulations? Discover how Digital Asset Management can help you properly balance customer privacy and data-driven marketing in this article.

While customer privacy is beneficial for businesses to collect as much customer data as possible, customers do not feel the same way. According to a 2021 survey conducted by KPMG, 78% of the respondents expressed fears about how their data is being collected and 40% say they don’t trust companies to use the data ethically. 30% of the respondents said they won’t share their data with businesses no matter the circumstance.

It is also not only customers who have a key interest in how businesses use the data they collect. Data breaches and the increased demand from consumers to have more control over their data and privacy online have led to governments developing regulations that protect consumer data.

The question now is – how can businesses that rely on digital marketing effectively collect and use customer data while complying with consumer data regulations? And since customers are becoming more aware of the issues that come with offering their information online, the way you handle customer privacy can differentiate you from your competitors and even become a business advantage.

So in this article, we look at what customer privacy is, the laws surrounding it, and how brands can balance customer privacy while using digital marketing.

Let’s get started.

What is customer privacy?

Customer or consumer privacy refers to how companies collect, manage, protect, and use the personal information and various data they collect from customers who interact with them online. This data includes contact information, usernames, passwords, website behaviors, purchase history, web browsing cookies, financial information, etc.

Understanding customer privacy regulations

In May 2018, General Data Protection Regulation (GDPR), a law on data protection and privacy was implemented in the European Union and the European Economic Area. The GDPR has six data protection principles.

Here is a summary of each principle:

1. Lawfulness, transparency, and fairness

According to the GDPR, the collection of data from subjects is deemed lawful only when you first receive their consent. You also have to be transparent with subjects on what you plan to use the data for. And for fairness purposes, whatever reason you gave for collecting the data must match what you use it for.

2. Purpose limitation

You should only collect personal data for a specific, explicit, and legitimate purpose. And it must be clearly stated what that purpose is. If you want to use the data collected for any other reason than what you earlier specified, you need to collect further consent from the subject.

3. Data minimization

Article 5, clause 1c of the GDPR document states that data collected should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. In other words, you should only collect the minimum amount of data you need for a specific purpose.

4. Accuracy

GDPR states that each data collected must be accurate and up to date. And that every necessary step must be taken to ensure that inaccurate data is erased or corrected without delay.

5. Storage limitation

GDPR regulation expects personal data to be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed…” In other words, you should delete the personal data of consumers when it's no longer necessary.

6. Integrity and confidentiality

Personal data should be protected against unauthorized individuals, accidental loss, and destruction using appropriate organizational and technical measures.

The purpose of GDPR is to regulate how organizations collect, store, share, and delete data. And failing to comply with these regulations can lead to huge fines of up to 10 million euros.

Outside of Europe, governments have also enacted customer data privacy regulations. In January 2020, the United States implemented the California Consumer Privacy Act (CCPA). It allows residents to know which data businesses are collecting about them and even prevent the sales of their data. Following suit, Brazil also implemented the Lei Geral de Proteção de Dados, or LGPD (General Data Protection Law) in August 2020.

As you run digital marketing campaigns and collect data from customers, you need to understand these regulations so you don't breach any of them.

How customer privacy regulations affect digital marketing

New customer privacy regulations put a limit on the way digital marketers use customer data to create personalized advertising, shopping, and content experiences for customers. In fact, one in five marketers reports that privacy compliance is one of the main concerns they have when creating digital marketing campaigns. Another 73 percent of marketers worry that privacy regulations will negatively impact their analytics efforts.

Also, due to these regulations, we’ve seen big brands like Apple, Firefox, and Google introduce privacy changes that have affected the avenues marketers used to collect data in the past.

Let’s look at some of the changes made by some of these big brands.


The release of iOS 14.5 introduced privacy and data sharing policies known as Apple App Tracking Transparency Framework (AATF). It significantly affects how marketers gather data from Apple users. This framework gives Apple users a choice on how to protect their privacy and information.

When users download an app from the App Store, they will see a pop-up asking if they want to grant the app permission to track their activity. The user can choose to either allow or ask the app not to track.

facebook tracking

This update from Apple has significantly affected businesses that rely on social media advertising. For example, Facebook tracks user activity using Facebook Pixels. Facebook pixels are pieces of code installed on a website or app that collects data that helps you track conversions from Facebook ads.  

With the data gathered by pixels and other tracking methods, you can get insight into the performance of your ads and how you can improve them. And before the iOS 14 update, advertisers could place as many pixels as they like on every page of their website to track all of the conversions on that page. But now, advertisers can only place eight-pixel objectives on a single domain. This has significantly reduced the amount of data that can be collected and reported on.

Keep in mind that this small number of allowed pixel tracking is for only users that give you permission to track their activity. Users who opt out won't be trackable. What this means is that as advertisers collect less data, advertising campaigns will be more expensive and less effective. It will also be difficult to personalize ads to specific users.

Here is an example of how ATTF affects advertising: If a user who denied Facebook permission to track them clicks on a link and then makes a purchase, neither Facebook nor your store will have any knowledge of what the user looked at or bought on your website.


In a 2021 blog post, Google announced that they will be charting a course towards a privacy-free web. In the post, Google announced that Chrome will completely phase out third-party cookies.

Advertisers use third-party cookies to track user activity on a website. When a user accesses a website, the website’s webmaster can share the cookies with advertisers. This will allow advertisers to better understand the websites consumers visit and what they do on these websites. And by linking third-party cookie data from different websites, advertisers can get a deep view of a user's entire online activity and show ads that will interest them. Examples of this third-party data include websites consumers frequently visit and purchases they’ve made in the past.  

And it is not only Google Chrome that is doing this. Other major web browsers like Safari, Edge, Firefox, and Brave are already phasing out third-party cookies.

These are just a few examples of how customer privacy is changing digital marketing and advertising methodologies.

But the good news is that even with the ban on third-party cookies and Apple’s restrictions on tracking, they are still effective data sources such as first-party cookies available to marketers. We will look at this in the next section.

How to balance customer privacy and data-driven marketing

Now that we have seen what customer privacy is, the regulations surrounding it, and how it is currently affecting the digital marketing landscape, let's look at how you can balance both customer privacy and digital marketing.

Start by embracing transparency

To build trust with consumers, marketers must be transparent about the data they gather. Numerous studies show that companies being transparent about how they use and protect consumer data reinforces their trust. A company that is considered untrustworthy by consumers will have a hard time collecting certain types of data, even when they offer value in return.

Here are some steps to make transparency a part of your business’ data and marketing strategies.

1. Disclose how you will use the data

Disclosing how you plan to use the data you collect will go a long way in building consumer trust. Let your customers know that their data will be used for legitimate and honest marketing strategies. For example, you can inform users that you collect their data so you can offer them personalized experiences. It's also a good idea to assure them that you will never sell their data to a third party. Almost no customer will stay with you when they find out that you are selling their data.

2. Allow users to opt in and out

Unlike the CCPA where users can choose to opt out when their data is collected without their consent, the GDPR requires companies to provide users with the ability to opt in by giving their explicit consent. So if your business is in the EU, failing to allow users to opt in and out can land you in trouble. So give your users the access to opt in and out to things like email campaigns.

3. Ask for only the information you need

Only ask for information that will be beneficial to your current marketing strategies and not what you might need later in the future. This is a great way to get your consumers to trust you.

Deliver value in exchange for data

Offering consumers value in exchange for their information is an effective way to collect customer data while being transparent.

You should also note that the willingness of consumers to offer up their data will depend on the type of data and how you plan to use it. Data can be broken down into three categories:

  • Self-reported data: This is the information that people can easily divulge about themselves like email addresses, age, gender, work, and educational history.
  • Digital exhaust: This includes data that businesses collect when consumers use mobile devices, web services, and other technologies. For example, browsing history and location data. Consumers value this kind of data more than self-reported data.
  • Profiling data: These are personal profiles of consumers used to make predictions on their behaviors and interests.

Of the three types of data, consumers are more worried about businesses having access to profiling data. But one way to put the consumers’ minds at ease and increase their willingness to share their data is to provide serious value.

Let's look at examples of brands that do this effectively.


Mint offers its customers excellent tradeoffs in exchange for their data. For instance, when a customer uses a credit card abroad and incurs foreign transaction fees, Mint helps the customer save money and avoid future card fees by referring them to a card that won’t charge them. With benefits like this, Mint customers don't mind using their service or sharing their data with them. Mint also let their customers know that they won't share their data with third-party services.


When customers go to Disney theme parks and hotels, they are given a MagicBand bracelet. The bracelet uses profiling data to enhance the customer experience. For instance, wearers can use the bracelet to unlock their hotel doors, get access to parks, and purchase merchandise and food. The profiling data gathered as the customers wear the bracelet is also used for target marketing. But Disney customers willingly offer up their data in exchange for convenience. Disney is also transparent about what they use the data for.

disney data policy

During the online registration process for MagicBand, Disney details its collection policies and highlights how they secure customer data.

While the examples above are from big businesses, they are simpler ways marketers in smaller companies can collect data. For example, let’s say that you want data on customer experience after making a purchase, you can send them a survey asking for specific information. In exchange for their answers, you can offer them a discount code on their next purchase. And since all the power lies in the hand of the customer, they can choose to share the data with you or refuse the offer.

Focus on first-party data

First-party data is the information that businesses collect directly from website visitors, customers, and social media followers. Unlike third-party data that is obtained from sources outside of your business, first-party data is effective because it is information you get directly from your audience. This makes the data more reliable for understanding your customers and allows for accurate predictions of future customer behavioral trends.

First-party data is also more accurate and cheaper than any other type of data. A study by Boston Consulting Group shows that marketers that use first-party data generate nearly double the revenue from their advertising efforts.

You can collect first-party data from your social media profiles, email subscribers, surveys, customer feedback, and the actions your customers have taken on your website or app. And by combining all these different sources of data, you will be able to better adapt your marketing strategies, optimize your ads, and personalize content to suit your audience while offering them a great customer experience across all touchpoints.

All of your customer’s first-party data is usually aggregated in applications like your CMS (Content Management System), CDP (Customer Data Platform), CRM (Customer Relationship Management) platforms, etc. So to ensure that you are effectively collecting, managing, and using all of your data, companies need to connect all these data sources to one single platform. This will give marketers a 360 view of their customers.

This is where a DAM (Digital Asset Management) comes into play.

A digital asset management platform like Wedia will act as an intermediary and allow you to integrate the technologies that make up your MarTech stack. Wedia allows you to fully integrate with your existing systems through API connectors and a natively headless architecture.

One of the benefits of Wedia is that it serves as a single source of truth and allows you to retrieve first-party data from all the technologies you use. Meaning you wouldn’t have to go through each platform individually to pull out data. For example, you can pull customer data from your CRM in order to deploy personalized content via your CMS directly from Wedia. Wedia will also supply media best suited for the campaign or audience you are targeting. Learn more about Wedia.

Plan your ad campaigns effectively

In this section, we will be using Facebook ad campaigns as our example.

Since the update of iOS 14.5, marketers have found it more difficult to collect enough data to run effective Facebook ad campaigns.  So here are some ways you can plan your campaigns around this update.

1. Target only Android users

This is one of the options marketers have.

Since Facebook can still track data on Android devices across the internet, it might be best to target only Android users. If you still want to target iOS users, segment your ads by the device.

facebook ads

2. Prioritize your most valuable events

Since Apple allows advertisers to only place eight-pixel objectives on a single domain, you need to select which pixel events are most valuable to your business objectives. Facebook will choose which events they think are most valuable to you, but you can change the selections or reorder them.

Here is how to select which pixel event you want to monitor:

  • Open Ads Manager and go to Events Manager
  • Click on Data Source icon on the left-hand side of the screen and select the pixel you want to use
  • Click on the Aggregate Event Measure tab. You will find it below the Event activity chart
aggregated event measurement
  • Click Configure web events and tap Next.
  • Then select the domain you want to configure events for and verify it.
  • After verifying the domain, click Edit events
  • Select your pixel conversions under Pixel/Custom conversion
  • Choose the event you want to configure under Event name.
  • Follow the same steps to add other pixel events before clicking Apply.

You can drag and drop your events from the lowest to the highest priority.

You must ensure that you choose the events that are most important to you because if a user completes multiple events on your website, Facebook will only report on the event you prioritized. And if you have ad sets for events that you didn’t include in your eight-pixel events, Facebook will pause those ad sets.

3. Verify your domain

It's important that you verify your domain with Facebook. In a blog post, Facebook said that businesses have to verify their domains to ensure that the data gathered by pixels accurately gets delivered to Facebook. During the verification process, you will be given a code to put on your domain.

facebook verify domain

4. Enable conversions API

Facebook introduced conversions API as an alternative solution to help supplement the data they get from a website or app. And since the API doesn’t use cookies, there are no restrictions on data collection.

Instead of tracking data from the browser, conversions API uses the website’s server to track what users do when they visit a website. The server monitors the actions that the users take like adding to a cart or making a purchase and sends the information back to Facebook.

5. Use manual tracking and ad retargeting

Instead of using Facebook to track conversions on your website, use your website’s tracking system. Track where your website visitors are coming from and what they do on the site. While this strategy is less intuitive, it allows you to track for conversion objectives outside of your campaign. For example, you can track how much traffic ads are generating to your website.

You can also use the data you collected manually to boost your retargeting efforts. For instance, collect the names and email addresses of users via a landing page and upload that information to Facebook. You can use this list to create a custom audience that Facebook can use for ad retargeting.

Use other metrics to measure the effectiveness of your campaigns

Instead of relying only on third-party cookies and ad data, marketers can still use other metrics to measure whether their marketing campaigns are working.

Examples of these metrics are clicks, unsubscribes, click-through rates, cost per lead (CPL), cost per acquisition (CPA), etc. For instance, knowing how much it costs you to acquire each customer will help you determine whether your current marketing approach is effective. Also, a low click-through rate or high unsubscribe rate will mean that your audience is not connecting with your marketing messages.

All these metrics are useful in helping marketers properly adjust their marketing efforts.

Test and learn

Before launching any marketing campaign, it's important that you first understand your customer behavior. And one way you can get insight into your audience without relying on third-party cookies is to monitor the journey of your current customers. By monitoring the pathway of your customers from the awareness stage to when they become loyal customers, you will better understand who your customers are, why and how they interact with your business, and the areas you can work on to improve the customer experience. When you understand your audience, it becomes much easier to create effective marketing campaigns. Learn how to build a customer journey map.

Another strategy is to create small sample campaigns before launching the main campaign. For instance, if you think your main audience for a product is men over 30, you can launch two campaigns to test your hypothesis. The first sample campaign will target men over 30 and the second one will be untargeted. This experiment will help you see if your hypothesis is correct. This method works because digital marketers won’t require the personal information of customers to use it.

Analyze your rich media

Along with analyzing your ad campaigns, it is also crucial that you measure the performance of your rich media like photos, vidoes, flyers, etc. You need insights into how your audience interacts and engages with your visuals at every touchpoint of the customer journey. This data will help you optimize the ROI of the media you create.

Enterprise DAM platforms like Wedia have an analytics dashboard that will help you make informed decisions on the performance of your media assets across different websites. By combining customer and customer journey data with data related to marketing visuals (format, colors, lifestyle images vs. product pack shots etc.), DAM helps marketers create and use cohorts to optimize which content will work best for a given campaign, channel, or even device type. Discover all of Wedia’s solutions now.


Customer privacy developments like a cookieless free web and Apple’s restriction on tracking make it more difficult for marketers to track user behavior online. To stay ahead of the curve, marketers have to change the way they track and use customer data.

The strategies and solutions in this article will help marketers balance customer privacy and data-driven marketing. You will be able to understand your audience better and track the performance of their campaigns without infringing on customer privacy or breaking any regulations.

Ready to get started?

Articles you may find interesting

Get more marketing tips
& news straight to your inbox