Advertising in the User Privacy Era

Magdalena Bober

Browsing the Internet was a relatively private experience until the invention of cookies. Since then, the advertising industry has made user tracking a commonplace occurrence. Fueled by under-the-table data gathering practices, tech giants and advertising companies have used user data to the limit.

However, targeted ads are not hard to notice. And when the consumers realized they were being followed by ads, they demanded to have their privacy back. So, digital advertising in that form could no longer exist. 

Let’s take a look at the most recent changes in user privacy regulations and their impact on the ad tech industry. 

In 2011, The Wall Street Journal published an article on the loss of online privacy. They asked experts from various areas related to privacy, Internet research, and journalism to share their opinions on how much people should care about privacy. The answers were not uniform.

While privacy is something not to be taken lightly, the loss of privacy is an integral part of joining a social network. As the services gaining in popularity in the 2010s, such as Google+, Twitter (X), or Facebook, were focused on connecting people, and thus, allowing them to publicize personal information, the loss of privacy was imminent and often willingly given. 

The experts noted that, unfortunately, the cost of free content is consumer data. Sharing personal data on Facebook is not wrong or irresponsible in itself. It’s the way such companies use it. Quite often, it’s not about what users share in their messages and posts, it’s what they click on, what sites they visit simultaneously, and what their geolocation is. This is the data that digital advertising companies collect and use to serve ads.

This is also the real danger of online spaces. The data is collected without people’s explicit consent.

At that time, the experts decided that the unintended consequences of introducing stricter online privacy acts (such as more paywalls, less free content, and devaluation of online media) outweigh the benefits. Nonetheless, the public disagreed, expressing the need for more privacy and less targeted advertising.

Fast forward ten years into the future and most popular Internet browsers have made a stand against tracking. There were many regulations and events that led to browsers limiting ad targeting and giving users more control over their data. Apple was the first company to enable ad blocking, thus limiting the outreach of advertisers relying on Safari revenue. 

This is how browsers currently handle user data, third-party cookies, and tracking cookies.

Apple’s Safari is blocking all third-party cookies by default. In short, no advertisers can follow Safari users around gathering data on their browsing habits. Additionally, users can disallow first-party cookies from being shared across sites, and login IDs can’t be used by ad trackers for digital fingerprinting. Apple continues to be a pioneer of data privacy standards.

Mozilla follows closely behind. In Mozilla Firefox 89, both the regular and private browsing modes have something called Total Cookie Protection. This technology not only covers well-known trackers but just about anything designed to follow users across the web. The only exception is allowing cookies that enable cross-site login or similar functionality. Overall, Mozilla keeps a high standard of consumer privacy. 

Advertising is responsible for over 80% of Google’s revenue. This is also why Google Chrome is not blocking third-party cookies by default. Google’s Privacy Sandbox, announced in 2019, was the first step towards prioritizing user privacy. However, Google isn’t so keen on limiting tracking. The company only plans to phase out third-party cookies by 2023. The lengthy (in comparison to other browsers) time window for the procedure allows Google to come up with alternative methods of targeted marketing and data collection, however, the Privacy Sandbox timeline keeps facing delays.

While Google, being the market leader in online advertising for over a decade, remains adamant about keeping cookies alive, other browsers have already entered a new privacy-focused era. Digital advertising is not going away, nonetheless, it’s no longer that easy to serve well-targeted ads.  

Cookies have been the backbone of digital advertising for the past 25 years. And although the collective decision to phase out cookies was not a surprise, it did cause a stir in the market. The consequences ranged from loss of revenue for the big players in the industry to inconsequential panic among affiliate marketers practicing media buying at small to medium ad networks.

Overall, agencies, brands, and media buyers had to battle some of the following:

  • Third-party cookie-based ad trackers could no longer work (as third-party cookies were blocked by default).
  • Google Analytics has lost accuracy (due to shortened life of a first-party cookie). 
  • It became more difficult to serve relevant ads and personalized content (because of more types of cookies being blocked by default). 
  • Conversion attribution became a challenge (as cookies could no longer freely follow users around the web).

Who was actually affected by the move towards consumer privacy?

According to an article by Digiday, real-time bidding platforms, as well as cookie-reliant advertising methods, were the ones facing the biggest consequences. Real-time bidding, due to its nature, is not GDPR compliant. Hence, those looking for a brand-safe way of advertising would opt for a different method. 

Cookie-based targeting, on the other hand, has been progressively restricted by browsers and platforms alike. With Apple leading the way, third-party cookies have been eliminated from iOS devices and other browsers following in Apple’s footsteps. Companies that relied on targeting and tracking their sales via third parties have experienced significant losses.

Google has published a report on the effect of disabling third-party cookies on publisher revenue. According to the experiment and the subsequent analysis:

While a handful of publishers have a small revenue loss (<10%), the majority of publishers have losses of 50% or more, with some losing over 75% of their revenue.

How much do consumers really care about privacy?

Let’s not forget that the potential losses depend entirely on how much consumers really care about their privacy. While third-party cookies are blocked by default there is always the possibility to enable them. Similarly, there are consent popups on most websites that offer users the possibility to choose what cookies they want to accept. 

In April 2021, Apple made yet another move to protect its customers. New pop-ups started to appear on Apple devices asking users if they consent to be tracked. Every business (app) that wanted to gather data for the purpose of advertising had to seek explicit permission. 

According to Reuters, some mobile advertising analysts believed that fewer than one in three users are likely to grant permission. Similarly, Facebook analysts assessed that the platform faces up to a 7% decline in second-quarter revenue if 80% of its users block the company from tracking them on iPhones.

The reality was bleaker than expected. As it turns out consumers do care about their privacy on the web and 96% of US users opted out of app tracking in the iOS 14.5 update, as reported by Flurry Analytics. As for Facebook, the consequences differed across the types of advertisers. E-commerce stores (using Shopify) were amongst the most severely affected. The shops lost their ability to retarget ads and track sales. While the average decrease in tracking accuracy amounted to 50%, in some cases it reached a loss of a staggering 90% of captured sales. 

What can brands do to mitigate the consequences of stricter privacy policies?

While the new privacy regulations have a significant impact on data privacy, they also force companies to look beyond the old methods of targeting. Personalizing ads based on the collected data needs to be replaced by other methods to stay fully compliant with the most recent regulations. 

The General Data Protection Regulation, for example, has made a small but significant change in how the consent was obtained. Before GDPR, businesses could assume they had user consent unless the user opted out. After the introduction of GDPR, it was no longer allowed to assume anything. The user had to clearly and willingly agree to be considered as ‘opted in’. 

The fines for non-compliance were as high as 20 million dollars (or up to 4% of their total global turnover of the next fiscal year, whichever is higher). Hence, targeted advertising had to be replaced by contextual advertising. As Digiday points out, there’s been an increase in the amount of contextual targeting even among companies who chose to still do personalized advertising.

Use contextual targeting

Contextual targeting is similar to keyword targeting with some additional parameters. This method is not about gathering data, however, it still belongs to the category of personalized advertising. Rather than following consumers around the web, contextual advertising networks (Google Ads, Terminus, The Trade Desk, Oracle’s Grapeshot, Zeropark) display the digital ads among relevant content and in a relevant location. 

While contextual advertising comes in many forms, or ad formats to be precise, in each case it is based on keywords. Each site is described by keywords and thus it’s categorized as containing a certain kind of content. Context-based ad formats require manual input from the publishers – the ad needs to be described and categorized (by keywords and negative keywords) in such a way as to ensure as exact placement pairing as possible.

In the case of NewProgrammatic, ads would be displayed based on what the user is searching for. Upon entering a keyword in the search bar, an ad for a brand with relevant content or a shop that has a particular product would be displayed.

So, as opposed to cookie targeting, the user would not be followed and the ad would not be based on their previous action but on something that’s relevant to them at the moment. If they’re browsing reviews of Nike running shoes, they will be presented with an ad for a shop with Nike running shoes. No data on that user will be gained, saved, or stored anywhere.

Focus on first-party data

Although personalization of digital advertising has been based mainly on third-party data, first-party data provides an equal, if not better, data infrastructure. What’s most important is that first-party cookies are always consented to. Websites don’t save login data or preferences unless a user specifically asks them to. 

Hence, many companies are seeing first-party relationships as instrumental in navigating the new era of privacy. For example, in Germany, 20 companies created a unified consumer login product where consumers would be able to decide exactly what data and with whom they’re willing to share. Platforms that gather data through surveys, saving preferences, or coupon incentives are still able to personalize content and ads while staying in the clear. 

To expand on the previous section, the future of advertising lies in context and consent. Third-party tracking had to go because it was a shady practice that became abused for the purpose of online marketing. While making data collection transparent was a good first step, it didn’t eliminate the illegal practices or workarounds (e.g. burying the ‘Decline All’ button two layers deep into a cookie consent pop-up). 

To comply with privacy laws and keep transparency trends, companies should establish a healthy line of communication. In fact, 71% of people prefer to share their data instead of paying a monetary fee when given an informed choice and a clear explanation. This user-oriented digital marketing approach is the only way to continue interest-based advertising while being fully compliant with GDPR and Internet privacy directives.

Here are some options for permission-based data collection strategies:

  • Rewarding users with virtual coins or points for agreeing to share data;
  • Creating feedback communities for those who want to share data and help improve the experience;
  • Asking for permission before sending promotional emails;
  • Assigning tokens that don’t identify the browser or the user;
  • Providing exclusive services and content for customers who opt-in to share data.


Data-driven advertising methods use a surveillance system (known as third-party cookie tracking) to gather data on consumers with a complete disregard for user privacy. Data protection policies enforced consent pop-ups which were frequently put to wrong use (and rendered ineffective). It was Apple’s Safari, followed by other browsers that changed the entire industry. 

Third-party web cookies along with other questionable data collection practices are on their last legs. Advertisers and publishers alike will have to apply different strategies to please customers without losing their ad revenue. Luckily, there are alternative, privacy-compliant methods that deliver ads based on context rather than data. 

Drive efficient sales to your brand with Commerce Media solutions

No cookies involved!

Learn more

Magdalena Bober

Zeropark Logo
Team Internet Logo