Bri Gibson, Marketing Manager, Aker Ink
Scott Bennett, Partner, Coppersmith Brockelman


New data privacy laws and cookie bans have altered the digital marketing landscape as we know it, and these changes will continue to affect how companies target online audiences in the coming years. With identity theft and fraud rates at an all-time high, it’s understandable that 67% of internet users are more concerned with their privacy than they’ve ever been, according to a 2021 Statista survey. However, gathering third-party data has historically been integral to helping businesses understand user behavior and tailor their ad content accordingly.

So, do new privacy laws and restrictions mean your site visitors will become a total mystery, and targeted ads and personalized web experiences will soon be obsolete? Not necessarily. With smart strategies for collecting first-party data, businesses can navigate upcoming roadblocks.

Learning the basics of data privacy and cookies will help your company create a new plan for targeting as the web moves away from third-party platforms.


Current Status of Federal, State and International Data Privacy and Cookie Laws

Businesses that use cookies must navigate a patchwork of consumer privacy laws. Websites accessible to users in Europe, for example, must comply with a pair of European privacy laws – the General Data Privacy Protection (GDPR) and the ePrivacy Directive – that restrict the use of cookies and require websites to obtain users’ express consent when gathering data.

In the United States, multiple states have now already implemented — or considered implementing — their own consumer privacy laws. California went first, enacting the California Consumer Privacy Act (CCPA) in 2020. Virginia and Colorado have since followed suit, both enacting privacy laws that will go into effect in 2023. Utah and Washington also appear close to passing their own privacy laws, and similar measures have been proposed in other states.

Each state privacy law deals with cookies differently, from requiring companies to explain their use of cookies in their privacy policies and allowing consumers to opt-out to requiring businesses to perform formal assessments of cookie-related privacy implications.

The existence of multiple state privacy laws with conflicting requirements has been a source of frustration for businesses. In response, a growing number of lawmakers and citizens alike have been vocal about increasing online protection through a federal privacy law.

The most recent federal privacy bill was proposed in 2021, drafted in an effort to enact blanket, uniform privacy rules and standards nationwide.  However, the bill failed due to disputes over whether the federal law would override state privacy laws and whether consumers should have the right to sue companies over privacy violations.

Whether a federal law will pass within the next few years is up for debate, but the public’s demand for privacy isn’t going anywhere.


The Future of Cookies

Digital cookies are a marketer’s best friend (next to freshly baked ones, of course,) helping businesses gather specific, targeted data about site visitors through third-party platforms.

The FTC defines cookies as information saved by web browsers that helps sites recognize a user’s device in the future. If or when the person returns to that site later, the site can read cookies to remember the previous visit and track their behavior over time. However, Google plans to phase out and ban cookies by 2023. Safari and Firefox already did so in 2020, but Google Chrome accounts for 65% of all web searches, as of January 2022.

Although this poses a big challenge for digital marketers, the tech companies’ ban only applies to third-party data cookies — so not all targeting hope is lost. First-party cookies are still fair game, and it’s important to understand the difference between the two.

  • Third-party cookies are created by domains outside of the website a user visits. These are usually added to devices by other parties, like JavaScript, that the website has made an agreement with. For example, a “Like” button on a website would store a cookie on a user’s computer. Facebook could then access that cookie to identify the user and track which websites they frequent.
  • First-party cookies are stored directly by the domain, allowing site owners to gather basic analytics data to create a better user experience. An example of this would be a website remembering login information and language settings, but not sharing the user’s information with other platforms. The downside here is that cross-site tracking isn’t possible, as all data is siloed by domain.


Post-Cookie Solutions

With limited tracking and reporting capability, businesses will need to think outside of the box to target their ads and gather comprehensive data. If your company currently relies heavily on third-party practices, now is the time to consider some alternatives.

  • Leverage First-Party Data: First-party data is a useful tool in retargeting, as it provides valuable information about those who interact with your business most. With a clear pop-up disclaiming the use of first-party cookies on your site, you can still learn basic demographic information about your users, as well as how they interact with your content.

First-party data may also be collected through surveys, customer feedback, social media insights and email lists. Although not as technologically advanced, these metrics can still give businesses a clear glimpse into their audience’s wants, needs and tendencies.

  • Contextual Advertising: Rather than behavioral advertising, which uses third-party data to track past web behavior for ad targeting, contextual advertising matches ads to specific users based on keywords. Both methods strive to put the right user in front of the right content at the right time, but they go about this a little differently.

Here’s an example. Say a user searched for a new couch last week. Now, ads for couches are popping up in his or her social media feeds and frequented websites. This is classic behavioral advertising, which largely depends on cross-site tracking. Contextual advertising, on the other hand, would recognize certain keywords from the user’s current search about couches, then display ads for couches in a relevant context, like a home-and-garden, furniture store or real estate marketplace’s website.

With strategic keywords and a bit of creativity, contextual advertising can be just as effective as behavioral advertising — and potentially even more so, considering the ad will relate to the website’s content.

  • Data Clean Rooms: There may be bans on collecting third-party data, but nothing is stopping tech giants from publishing their own first-party insights. In data clean rooms, companies like Amazon and Facebook share aggregated user data with advertisers. The advertiser then inputs their own first-party data into the same space to see how it aligns with the companies’ aggregated data. Although these rooms have strict controls, they allow marketers to compare inconsistencies between the two to fill in gaps among their audiences.
  • Google’s Privacy Sandbox: Essentially, this is Google’s initiative to move all user data into the browser rather than third-party platforms. The Privacy Sandbox will allow behavior tracking across websites to ensure relevant ads, but the data won’t be shared with advertisers as freely. Despite the limitations, this may be the future’s next best thing to third-party cookies.


Get Expert Guidance

The world of data privacy and cookies has become incredibly complex, but with the right strategies, creative companies can still effectively reach the right digital audience.

If you need guidance on creating a sound inbound marketing strategy, an experienced marketing team can help you generate results.

For more information about complying with data privacy laws, reach out to attorney Scott Bennett of Coppersmith Brockelman.