2021’s Data Privacy Milestones
2021 will be remembered as the year the private sector started getting serious about privacy, propelled primarily not by legislation but rather ecosystem-shattering moves by Big Tech gatekeepers such as Google and Apple, who are taking steps to remove the 3rd party cookie from Chrome, and in the case of Apple, the ability of applications to track you outside of their environment.
The changes to tracking on iOS devices and the on-again, off-again dialogue surrounding Google’s depreciation of the third-party cookie marked a passing of the privacy baton from the government to Big Tech. The tech giants are now running the anchor leg of this race, and it's picking up steam.
But which policy shifts really were game-changers, whose interest did the changes serve, and how will the data privacy landscape evolve in 2022?
Here are the big moves from 2021.
Three Themes From Privacy in 2021
1. Big Tech laid down the law:
Big Tech pushed companies to do more to integrate privacy and consumer involvement into the data supply chain in the past 12 months than government regulators have accomplished in years.
By far and away, the most significant contributor to this was Apple, which showed it could put mobile marketing in a chokehold by forcing consumers to opt into tracking across apps on iOS devices. The implementation of Advanced Ad Tracking (ATT) led to opt-in rates below 13% and perhaps as low as 4%, depending on whom you ask.
Measurement firms, social platforms, location companies, and anyone doing growth marketing that relies on the mobile ID from Apple all felt the sting from these changes due to the loss of both supply and signals. With estimates of the big boys in Tech having lost over $10b alone due to this change, expect this to continue into 2022.
Similarly, even though Google delayed the death of third-party cookies on Chrome until 2023, the change will inevitably come and has already had a massive impact on business, driving companies to scramble in search of alternative IDs and calling the future of the open web into question. Here is the math. There are approx. 2b websites in the world today. Chrome has approx. 65% of the browser market. No 3rd party cookie on Chrome eliminates tracking on 65% (#revenue) on these 2b websites. If you thought Apple was bad, just wait until the cookie disappears. More on this in the 2022 predictions piece next month.
2. The US is behind on privacy, but the void is being filled.
California, Colorado, Virginia, and Nevada now have data privacy laws, and some ten other states are considering legislation. In addition, even though Congress will struggle to pass anything, elected representatives on both sides of the aisle are coming out with more aggressive proposals, including bans on targeted advertising without explicit user consent.
The upshot is that, even though the US lags behind Europe, Canada, and perhaps China (yes, China) on data privacy laws, a long-time void is starting to get filled with state-level restrictions. At minimum, you can expect other states in 2022 to adopt similar measures to those already passed by Virginia, Colorado, and others. The cascade of state privacy laws will boost the national data privacy narrative and create additional headwinds for any company operating in the data space.
At the very least, regulatory changes will force businesses, especially data and martech companies, to ensure they can tell consumers what data they’re collecting and with whom they’re sharing it. The legislation will also raise the stakes of breaches (of which there were many in 2021) and force companies to allow consumers to opt out of data collection and storage. While this may seem intuitive from a consumer perspective, it's important to note that the US data market became the largest globally by specifically NOT asking for consent and NOT having the type of legislation outlined above. To suggest 2022 will be ‘status quo’ (as many in the industry naively promote) would be a failure to acknowledge the rapid changes that have taken place in the past year.
3. Cookie alternatives are hitting snags.
The first half of 2021 generated a lot of buzz about cookie alternatives: new ways to track consumers across the digital sphere, such as universal IDs promoted by The Trade Desk, Liveramp, Lotame, and Google - who had their share of pushback around their Federated Learning of Cohorts (FLoCs).
The conversation about the loss of the cookie moved the email back to the front of the conversation (welcome back to 1995). Still, it failed to acknowledge its inherent flaws, such as how does an email, which is deterministic and more privacy-invasive than its cookie brethren, solve privacy moving forward? Hint — it doesn’t.
The knee-jerk reaction to defaulting to the email is symptomatic of the industry’s failure to acknowledge that the gap isn’t replacing the cookie but rather solving privacy. Embracing the email means kicking the privacy issue down the road to be dealt with later.
The email’s insufficiency as a replacement for the cookie is already becoming evident. UID 2.0, the universal identifier formerly owned by The Trade Desk, hit a roadblock in Europe; FLoCs has faced questions about just how good it is for privacy (and whether it even works), forcing Google to go back to the drawing board and let’s not forget that anyone under the age of 25 doesn’t even use email. Add in that there is no ‘Universal’ ID but rather a land-grab of +100 companies all promoting their solution as the ‘best-in-class,’ and you have a mess that is adding confusion to the market, not solving it. There is still no definite answer for how tracking and ad targeting — which finances much of the open internet — will go on in the post-cookie era, but to say it’s precarious would be an understatement.
There is a fixation on the cookie and its eventual demise in the market. The challenge with this myopic view is many fail to see all the other changes that have already taken place and are impacting the market today. Apple is restricting the mobile ID and tracking. Google is doing the same. Location data is even more precarious than the cookie or ID. Add in the pending loss of the cookie in ‘23, and Apple is now implementing Mail Privacy Protection which eliminates tracking pixels from emails, and you can see the strategy. No data will leak from an Apple or Google device in the future. As Darwin outlined over 100 years ago:
‘It’s not the strongest of the species that survive, nor the most intelligent that survives. It’s the one that is most adaptable to change.”
Adapt or die.
See you in 2022.
Founder/CEO - Reklaim
Neil Sweeney
