How To Join Privacy And Consent Into Your Marketing Strategy

Sophisticated marketers have a deep-rooted understanding as to the importance of weaving privacy and consent management into their overall marketing strategy.

This liberates their data by enabling access to a unified customer view which ensures the data across sources and profiles of a user’s data is:

  • Collected in a privacy-compliant way to minimise risk.
  • Well governed by the cross-functional organisation.
  • Accurate because it is normalised & resolves across user identities and technologies. 
  • Is well protected against data breaches. 
  • Correctly aligned to specific individual marketing consent preferences and choices. 

Historically, most digital marketers have had at their disposal a range of both first-party and third-party data sources across brands and technologies. However, significant changes to the advertising landscape have seen declining value in third-party data. 

Mckinsey estimates publisher ad revenue may decline as much as $10 billion because of the demise of the third-party cookie. This fall of the cross-site ID has put a greater impetus on first-party data collection and strategies for both brands and publishers. 

The ultimate challenge for any brand will be in governing user preferences and consent across their advertising and marketing while ensuring compliance with all major privacy regulations. Centralised end-to-end consent management capabilities allow business users to manage it at an individual level – and use these preferences to control what data gets stored and passed to other systems or partners.  It is imperative that appropriate data and tech governance is in place to support regulatory compliance and collect first-party data in a correct manner. 

There are two ways to collect user consent within a digital marketing capacity: 

  • Through a Consent Management Platform. Often linked to a tag management platform. This controls the cookies and local storage requirements of the site and includes any third-party platform’s (e.g., Facebook, Google analytics) lawful right to process personal data collected from the marketers’ owned and operated properties. 
  • Through forms and registrations. Generally collected through known user data (emails, phone numbers), Some of this data will be required to perform the contract with the customer and therefore the collection of this data will be considered as a legitimate interest, however generally speaking, marketing preferences data and sharing of data with marketing platforms will require consent for each purpose. 

The above methods need to be inherently linked to one view of the customer and their preferences: Linking transactional data to behavioural data (where allowed), providing clarity as to what purpose(s) the data will be used for, and to which partners the data will be shared.

Data Ownership: Future Proofing Your Stack 

The adtech/martech market is constantly adapting and the privacy groundswell surrounding the tracking of individuals across websites and apps is continuing to grow.

For all advertisers, new identity approaches must meet current and future privacy concerns. User consent, value exchange and transparency are likely to be key themes for both regulators and external forces that are not in the brands’ control (browser restrictions, ATT, device fragmentation, regulation). 

Advertisers must make considerably better use of their own 1st party data and controls across each stage of the process. Built with a privacy-by-design architecture it will become more important for organisations to harmonise data across all business departments and then democratise it for marketing. Building a clear customer data architecture with required data sources, transformation requirements and destinations for the processed data will be core to this strategy. 

The privacy changes have had (and continue to have) an impact on the measurement of campaigns. Prospects and acquisition campaigns will need to evolve as user-based attribution and off-site journeys as we know them to adapt. This will also have an impact on campaign frequency, sequential messaging, and post-view conversion tracking. Future tech alternatives with privacy-enhancing technologies will be much more restrictive than previous cookie-based solutions but also opens the opportunity to build multiple marketing frameworks and tools that will be required to meet privacy expectations. The focus therefore for marketers will be on ensuring that privacy is central to this journey to commercial sophistication, but also a clear understanding of the new technology limitations in measurement, planning, insight, and optimisation across channels. 

Customers should be given an informed choice as to how their data is processed and used, be that for analytical purposes or marketing communications and sharing of data. For the customer to trade their personal data, there should be a value exchange offered. This value-exchange can be built over time as the original prospect becomes a valued customer. Privacy must be at the heart of everything the brand does, it should be a priority, as well as everybody’s responsibility to govern and maintain.  Finally, due to the complexity of creating a single view of a customer, and the sheer amount of potential data to be collected, retrieved, updated, or deleted, a solid cloud-based backbone is required to import, manage, and maintain consumer privacy preferences in each case.

Privacy by Design Customer Data Architecture 

The privacy-by-design customer data architecture shows the complexity of managing both privacy at a data import level as well as when data is sent out to multiple marketing partners, vendors and data providers. While some organisations have undertaken the transformation layer via their own Business Data Platforms, others have chosen to procure a Customer Data Platform (CDP) to help govern privacy management across data sources. Either way, marketing is going to need to be capable of articulating their business case and requirements to both IT teams and Legal teams to successfully enact their marketing roadmap. 

Privacy by design data architecture

CDPs also provide identity resolution services which support the stitching together of multiple IDs through data sources, giving the organisation the means to act upon marketing preference changes within a range of technologies (programmatic buying, Email, personalisation, notifications, etc.). This identity management is key to knowing who the customer is as they traverse devices and environments for which to access content and creative messaging from Brand campaigns. 

Across the architecture there are many steps required to ensure privacy governance is upheld both as data is imported as well as exported. As customers have a right to change their consent and collection preferences at any time (e.g. right to be forgotten, or an unsubscribe) the CDP must have the capability to find and update these profiles through potentially billions of rows of data. 

While it is possible to maintain solid privacy management and governance from internal business data platforms, there is a heavy requirement to invest in resources to monitor, maintain and update the technology to support a privacy-by-design approach to customer data. The better the technology at identifying a user across a range of IDs (cookie, email, hashed email, Mobile ad ID, etc.), and the faster the platform can move data through the architecture, the greater the success of the platform at handling privacy and adhering to regulatory requirements. 


The privacy-era grounds will continue to grow. Marketing based on known users (persistent identifiers such as an email, or postal address) will likely come to the fore, as will:  

  • A combination of aggregated and individual data sets to be combined (e.g. geo-location), 
  • Browser-based or aggregated cohorts such as Privacy Sandbox API (browser-based approaches to attribution without exposing an ID) . 
  • Split tests and regression models 
  • Cross-site frequency analysis based on planning figures rather than post campaigns. 

With these shifts come new challenges. Without a privacy roadmap, these sudden changes through external market forces will put many digital marketing initiatives at risk. It is difficult to predict exactly how and when each advertiser should shift and adapt their tech and data strategy, but the most important aspect of any company is to educate themselves, be prepared and adaptive to change. This adaptive layer is critical to how a tech stack operates and requires equal as adaptive partners and technology vendors, many of which may well still be reliant on the third-party cookie, or on the edge of non-compliance for applicable regulation. 

We hope you enjoyed this article. We intimately understand the pain points of the modern marketer and have designed CvE to help solve your most complex challenges. Contact us to discover how we can help you upgrade your marketing sophistication.

News & Blog