Skip to content
6 min

The privacy wars: How brands are hoping to engage with customers they can no longer easily reach

by Ben Magnuson April 20, 2021

The biggest development in regulating Data Privacy in 2021 did not come from a government but from an even more consequential player who has benefitted from loose restrictions on user data to date: Google.

In March, Alphabet (Google’s parent company) announced that it would no longer allow tracking technologies that track individuals across sites. With Google accounting for more than half of last year’s digital ad spending, this was a sea change.

But it was not just Google. Months before, Apple announced in 2020 that the launch of iOS 14 (later pushed back to later in 2021) would require apps to ask users to opt-in in order to track their behavior using unique advertising identifiers called IDFA.

With the biggest players in web advertising and mobile app advertising, respectively, restricting brands’ abilities to advertise to specific users, the AdTech and marketing industries have been forced to change their approaches.

Some will try to go around the regulations. Proctor & Gamble–a brand with huge online advertising spend–was reported by the Wall Street Journal to have partnered with a China Trade Group investing in fingerprinting technologies. This workaround uses artificial intelligence to stitch together disparate, public traits from user visits into a profile.

For those that don’t want to risk being cut out, the opportunity lies in a strategy the B2B and professional services industries have relied on for years: Inbound Marketing, or offering your audience value in exchange for their consent to use their data and further communicate with them.

Building out digital experiences that you own will still allow access to valuable audience data, but the battle over how and where that can be used is just starting.

In this article, we’ll cover the history, technology and opportunities around the recent changes in privacy and advertising:


First-party vs third-party context

The restrictions called for by Google were largely around the tracking of users across websites with third-party cookies.

When you arrive on a website, for example, cookies will be set by These cookies will be written onto the visitor’s browser to allow the site to perform multiple functions–from remembering log-ins to tracking the user for analytics. These are first-party cookies; they were all written by the sites and sub-sites the user explicitly requested.

Say these blog posts become extremely popular, and One North decides instead to become a publisher that monetizes itself through ads. These ads would be placed through an iframe on the page, which displays sets of ads through a fake site we will call

When a user in this scenario visits, the cookies are written to their browser as well as cookies from Glorgle. This is a third-party context. You didn’t visit this site, but it has written a cookie that allows it to track your behavior. And if you go to another website that utilizes Glorgle’s ads, Glorgle has tied your identity to two websites and is capable of building a profile to sell to companies to target you effectively.

This is the technology Google is now trying to end. But they had actually been resisting this for years, where competitors to its browser product had been trying to find an edge.


Browsers battle it out

Browser market share had started to stabilize after the introduction of smart phones and the decline of Internet Explorer. Chrome (via Google) had established itself as the dominant browser, with over 65 percent of the market, followed by Safari (via Apple) at 18 percent, IE/Edge (via Microsoft) at 6 percent, Firefox (via Mozilla) at 4 percent and Opera at 2 percent.

Breakdown of browser market share

Speed and bloat had been the defining differentiators for years, but privacy became the new bellwether, with each new update seeing stricter and stricter policies. One by one, browsers were introducing privacy features to help prevent cross-site tracking via third-party cookies and other means.

There was one notable exception, however, in Google Chrome.

Protections put in place by browers

This table via is an invaluable resource of browser protections compiled by Simo Ahava and shows the different mechanisms each browser has put in place to protect against cross-site tracking.

Finally, Google announced last year that Chrome would begin restricting third-party cookies and cross-site tracking on its leading browser, before advancing even further by refusing to allow the types of data collected from this technique to be used in its ad products.

For all its delay, this is much more effective. The browsers were in a game of whack-a-mole, reacting to the evermore sophisticated techniques to store trackers on users’ browsers. By cutting out the value of that data, Google has made a much stronger move to prevent this.


The new opportunity for building an audience

Third-party data made it easy to target a large, interested audience, but it was also often frustrating to the potential audience while leaving them vulnerable to malicious behavior and data leaks.

These restrictions place greater emphasis on first-party data, the kind companies can collect by enticing its audience to arrive on its own digital products such as websites and apps. Developing an actual relationship with more consent may even make the advertising more effective.

Bacardi ran an experiment last October, detailed in an article in the WSJ, using first-party data collected from its website.

“The campaign took 10,000 anonymized identities of people who had visited the gin brand’s distillery or website, and sent them offers like promotional emails or Instagram ads promising drink recipes and early access to new products.

The result was a click-through rate, which indicates how often ad exposures lead to clicks, around 9% higher than previous campaigns that relied on common but now endangered targeting methods, such as using data from third-party sources. The new campaign also saw a 14% increase in cost efficiency as measured by a cost-per-click metric.”

Clorox set a goal of acquiring first-party info for 100 million people by 2025.

This will pose a challenge for brands who have not created a digital space for its customers to interact. But they can draw inspiration from the B2B world. Through valuable content, newsletters and tools, they have sought to build a native audience that will be more receptive to attempts to reach out.

The re-emphasis of owned assets such as the websites or apps is a sharp U-turn after years of brand marketing and advertising splintering across the various social and ecommerce platforms. But for innovative marketers, it also offers something that had been missing in the trade-off for audience access: Complete control.


The AdTech battle is just beginning

Yes, the two biggest players in mobile and digital advertising just made their moves. But they may not have entirely been out of altruism or the belief in consumer privacy.

What this doesn’t affect for Google is its Paid Search ads, YouTube ads or Gmail, its mail service. Brands can still use their own data to target users on those platforms. And, conveniently, it throws a huge hurdle for its recent surging competitor Trade Desk, who had begun to eat into Google’s market share of digital advertising.

In response, Trade Desk has been banding together with other Ad firms to build out a large database of individual profiles based on anonymized information that the partner group can access and add more information to. It will allow clients of the firms to more easily use audience segments across the different data sets.

For Google’s side, they aren’t getting out of digital advertising on publisher sites.

Companies are still allowed to bring their own data to YouTube, Gmail and Paid Search. For display and video (DV360), however, they will be using Google’s new FLoC technology, “federated learning of cohorts.” Rather than a batch of explicit users, it will target pools of identities with similar characteristics. It sounds similar, but it is basically aggregated data vs individualized–especially in reporting.

Google is also exploring a tool (Fledge) that will allow companies certain types of retargeting capabilities by uploading its own first-party data to a dedicated ad server.

There is also the option of reaching out to publishers directly with the first-party data to target common users, which may take you back to the older days of the internet.

Whatever wins out, the days of easy access to a mass, relevant audience across the internet appear to be waning.


This was Part 3 of our series on Data Privacy and Analytics, which focuses on changes in guidelines and regulations, their effects on digital analytics and new ideas for maintaining compliance while still getting valuable information to better serve your audience. If you missed parts 1 and 2, see below for the links.


Photo Credit: Coni Wang | Unsplash

Ben Magnuson
Associate Director, Data Strategy

As Associate Director, Data Strategy at One North, Ben supports clients by applying a strong data focus to marketing initiatives across channels and tools. He starts by gaining an understanding of each client’s unique goals and tactics, and guides them toward a strategic analytics program. He focuses on the creation of a meaningful feedback loop to help support and steer decision-making.