Navigating the changing privacy laws in 2024 (a roadmap for digital marketers)
By: Krishal Ramesh
March 25, 2024 | Reading Time: 13 mins
In 2024, the marketing landscape is more like a fast-moving freeway than a leisurely drive. With new privacy laws rolling out across Canada, the US and the EU, digital marketers must stay ahead of the curve. Just like road safety standards protect drivers and passengers, data privacy safeguards your customers and your brand’s integrity. That’s why website data privacy is not optional, it’s essential. Failure to follow the rules of the data privacy roads can lead to hefty fines that can significantly hinder your business.
In this blog, we’ll map out the latest shifts in privacy laws and arm you with strategies and tools to enrich your data practices safely and effectively. Buckle up; it’s time to learn the rules of the privacy road!
TD;LR: Fast lane key takeaways
- State-Specific Privacy Laws in the US: A significant shift towards state-specific privacy regulations is happening, with 11 states having enacted laws that enhance consumer rights and impose new obligations on businesses.
- Canadian Privacy Law Overhaul: Canada is undergoing major changes with the implementation of new laws in Quebec, and an expected signed federal privacy bill, both aiming to tighten rules and align with global privacy standards.
- EU Privacy Regulation Updates: The EU continues to lead in data protection by expanding regulations with new acts affecting online marketing and data handling practices.
- Impact of Legislative Changes on Marketing: Marketers must adapt to these evolving privacy landscapes by enhancing content moderation, ensuring transparency, and developing compliant engagement strategies.
- What Marketers Should Know About Phasing Out Third-Party Cookies: The decline of third-party cookies demands a shift towards first-party data collection and alternative targeting strategies, emphasizing privacy and user consent.
- High-Level Compliance Tips: Marketers should prioritize transparency, update privacy policies, secure data transfer, manage data responsibly, and invest in privacy training for their teams.
- Creative Data Collection Methods: Adopt creative strategies such as loyalty programs, surveys, social media interactions, and community building to gather valuable first-party data while respecting privacy laws.
- Tools and Strategies for First-Party Data Enrichment: Utilize tools like Hotjar and Clearbit for deeper insights into customer behaviour and preferences, despite the limits of new policies and changes to third-party cookies.
Privacy updates in the United States
State-specific laws sweep through the States
The US is experiencing a significant shift in data privacy regulations, marked by the introduction of state-specific laws rather than a singular federal framework. This trend towards state-led privacy initiatives includes enacting comprehensive data privacy laws in at least 11 states so far, each with its unique set of rules and compliance obligations. These laws generally emphasize enhancing consumer rights, including the right to access, correct, and delete personal information, and the requirement for businesses to obtain explicit consent for data collection and processing—a trend we’ll continue to see in other countries.
Keep up with US policy changes with our handy timeline
If your business operates across state lines, it may be difficult to keep up with all the changes. We’ve summarized the changes to state privacy laws and expected due dates in a handy timeline below:
Privacy updates in Canada
Canada is facing the most significant changes to its private sector privacy laws in decades. With laws like Quebec’s Bill 64 and the federal Bill C-27 coming into play, companies will have to follow stricter rules and could face bigger fines if they don’t. It’s a big move towards aligning with global privacy trends and tackling the digital era’s challenges head-on.
Québec’s privacy legislative reform is now in force (Bill 64, Law 25)
Having already begun in 2022, Québec has taken bold steps with the Act, respecting the protection of personal information in the private sector, significantly reformed by Bill 64, Law 25. With its enactment, Québec introduces stringent compliance requirements and an enforcement regime capable of imposing severe financial penalties for breaches, mirroring the E.U’s GDPR (discussed later in this blog). The final leg of deadlines is approaching September 2024.
Canada-wide Bill C-27
Federally, Canada is witnessing the advancement of Bill C-27 which would replace the Personal Information Protection and Electronic Documents Act (PIPEDA) with the new Consumer Privacy Protection Act (CPPA), alongside establishing an administrative tribunal and creating a statutory framework for AI regulation through the Artificial Intelligence and Data Act (AIDA).
Once signed into law, it will regulate the collection, use, and disclosure of personal information in Canada on the federal level and apply to private-sector organizations. It’s important for businesses operating in Canada to get familiar with the draft bill’s requirements as it is currently undergoing study by the House of Commons and likely to be signed this year.
What are the key differences between the two?
Bill C-27 and Quebec’s Bill 64 both aim to modernize privacy laws, enhancing consumer protections and penalties for data misuse. Check out the table for a comparative look at both laws and key points to keep in mind if you’re conducting business across Canada, including Quebec:
Privacy updates in the European Union
Since its launch in 2018, the European Union’s General Data Protection Regulation (GDPR) has been changing the way the world thinks about privacy, making it clear that people should know what’s happening with their data, and have a say in it. Even if your business is based in the U.S. or Canada, if Europeans can sign up for anything on your site, you need to follow these rules. But here’s the kicker—with privacy laws starting to catch up in North America, getting your website GDPR-ready isn’t just about avoiding fines, it’s about preparing for the future and showing all your customers, no matter where they are, that you take their privacy seriously.
Expanding on this in 2024, the new DSA and DMA acts focus on creating fairer digital spaces and markets. Additionally, the EU-U.S. Data Privacy Framework and the EU AI Act address cross-border data movement and AI ethics. Here’s a quick overview of how each piece of legislation is changing the digital landscape:
Digital Services Act (DSA)
Marketers must adapt to the DSA’s emphasis on safer digital spaces by enhancing content moderation and transparency in online interactions. This means developing clearer communication guidelines and ensuring online platforms used for marketing are compliant, impacting customer engagement strategies.
Digital Markets Act (DMA)
The DMA reshapes marketing strategies regarding major tech entities (“gatekeepers”) like Google. It aims to block these platforms from setting unfair terms for businesses and users, fostering transparency and fairness in the online realm. This change demands marketers to rethink and diversify their digital approaches and may require innovation and ethical practices in digital marketing.
EU-U.S. Data Privacy Framework
The EU-U.S. Data Privacy Framework ensures safe transatlantic personal data transfer between the EU and the U.S., meeting strict privacy standards and addressing previous surveillance concerns. This reassures European citizens about their data security and maintains the significant economic ties between both regions. For marketers, this means adhering to stringent data handling and transfer rules, impacting international campaign strategies and customer data management practices.
EU AI Act
The EU AI Act is essentially new rules ensuring AI technology is used safely and transparently in Europe. It ranks AI systems by their risk to society, with strict guidelines for those posing significant risks, like affecting health or rights. It also sets out clearer rules for AI that are less risky. The goal? Making sure AI tech respects EU standards and values while fostering innovation and trust. As B2B marketing increasingly shifts towards more AI tools, marketers must be aware of these regulations to ensure their strategies are not only effective but also compliant.
Globally: the death of Google’s third-party cookies
Legislative actions like the State-specific Laws, Quebec’s Law 25 and GDPR have underscored the need for more stringent privacy measures, prompting Google to seek alternatives that better align with these evolving privacy expectations.
One of the biggest and most impactful changes that will affect marketers is the end of third-party cookies. These are problematic due to their ability to track users across multiple websites without explicit consent (a big no-no). They can build detailed profiles of users’ online activities, interests, and personal characteristics, potentially resulting in invasive and unwanted targeted advertising.
How can marketers phase out third-party cookies without sacrificing results?
Audit and adjust
Begin by auditing current marketing strategies that rely on third-party cookies and adjust towards more privacy-compliant practices. This includes identifying critical functionalities that will be impacted and exploring new metrics for measuring success.
Invest in first-party data
Building a robust first-party data collection strategy is crucial. This involves directly engaging with customers through owned channels to gather data, which can be used for personalized marketing while ensuring compliance with privacy laws.
Keep up with Google’s Privacy Sandbox technologies
Google’s Privacy Sandbox initiatives offer new, privacy-preserving technologies for targeted advertising and audience measurement. Familiarizing with and adopting these technologies early can provide a competitive edge.
Most recently, Google unveiled the Protectected Audience API, designed to enable remarketing and custom audience advertising without allowing third-party tracking of user browsing behaviour across sites. It’s like if a shop knows you like certain things because you’ve visited before, and the next time you pass by, they show you a sign with special deals just for you, without following you around everywhere else.
Diversify marketing strategies
Incorporating SEO, content marketing, and contextual advertising into the marketing mix can reduce reliance on third-party cookies. These strategies leverage the context of user interactions or the content being consumed, rather than tracking individual user behavior across sites.
Leverage Universal IDs
Universal IDs offer an alternative to third-party cookies by providing a privacy-compliant way to identify users across the web. These IDs are based on first-party data and consented user information, allowing for targeted advertising without infringing on privacy. By collaborating with platforms and partners that support Universal ID frameworks, marketers can maintain personalization and measurement capabilities in their campaigns.
Adopt predictive analytics
Predictive analytics and AI can help understand customer behaviours and preferences based on first-party data. This approach allows for the anticipation of customer needs and the delivery of relevant content and offers without relying on cross-site tracking.
Embrace content and contextual marketing
Shifting focus towards content marketing and contextual advertising can help reach audiences effectively. By creating valuable content and placing ads in relevant contexts, marketers can engage users without needing to track them across sites.
Prioritize privacy and transparency
Ensuring that marketing practices prioritize user privacy and transparency can build trust with the audience. Clear communication about data collection and usage, as well as easy-to-use privacy controls, can enhance customer relationships.
High-level tips to ensure your website is not illegal
While each geography and law has its specific nuances and requirements, there are still some general actions marketers should take right now to help them get ahead of compliance:
Be transparent and ask for permission
Let’s keep things clear and straightforward. When you collect data from your website visitors, tell them exactly how you’re going to use their information and ensure you are explicitly obtaining consent. This isn’t just about ticking boxes for legality; it’s about building real trust with your audience.
Audit your data
Think of it as spring cleaning for your company’s data. Dive into what information you’re collecting and why. If it’s not serving a clear purpose, it’s time to let it go. This step is all about minimizing risks and keeping only what’s necessary.
Update your privacy policy
Your privacy policy isn’t just a legal requirement; it’s a promise to your customers. Keep it visible, up-to-date, and honest. For WordPress users, there are handy GDPR features that can help keep you in line without the headache.
Implement HTTPS
Security isn’t just for the tech-savvy. By moving your site to HTTPS, you’re putting up a guardrail for your visitor’s data. It’s like locking the front door to your digital house.
Optimize contact forms
Ensure your forms are clear about what you’re asking for and why. No hidden agendas. People should know exactly what they’re signing up for and feel comfortable doing so.
Cookie notices
We’ve all seen them—those little pop-ups about cookies. Contrary to popular belief, they’re not there to annoy you. They’re there to give visitors control over their privacy. Make sure yours is clear and seeks consent.
Clearly communicate changes
Whether it’s a new update to your privacy policy or a data breach, communication is key. Keep your users informed about what’s happening with their data. In the example below, we love how Pandora (the music streaming service) went the extra mile to inform its users of the key highlights from their updated policies, instead of hiding it behind a hyperlink.
Manage analytics and tracking
Be mindful of how you’re tracking visitor behaviour on your site. Make sure you’re doing it responsibly and transparently, informing visitors about data collection practices and offering options for consent.
Audit CRM strategies
Conduct comprehensive reviews of your CRM and marketing strategies. Examine every data collection point and ensure transparency and legality in data handling practices.
Enable data purging
Adapt your systems and websites to allow customers to request the deletion of their data. This new right under most laws requires marketers to have flexible and efficient data management systems in place to accommodate these requests on the fly.
Invest in training
Provide your team with the necessary training on data privacy to foster a culture of compliance and awareness. Understanding the nuances of the relevant policies and laws is crucial for avoiding potential fines and building trust with your audience.
Creative ways to collect data moving forward
Despite the challenges posed by new privacy regulations, the future of personal data collection is not as bleak as it may seem. In fact, these changes challenge marketers to tap into their inherent creativity to find innovative methods for understanding their audiences. Below, we explore several strategies and ideas to help marketers craft a fuller picture of their target audiences:
As a general rule, when collecting data, make sure you’re playing by the rules set by privacy laws depending on where you or your customers are.
Loyalty programs and personalized offers
Implement loyalty programs that reward customers for sharing their preferences. This not only helps in understanding your customers better but also enhances their shopping experience through personalized offers.
Surveys and feedback mechanisms
Surveys allow direct collection of customer opinions and preferences. Embedding surveys in your digital platforms or sending them post-purchase can yield valuable insights while ensuring transparency and consent.
Social media interactions
Leverage your social media platforms to understand your audience better. Analyzing interactions, mentions, and engagement can provide data on customer preferences and behaviours. For example, hosting regular quizzes can allow you to discover your audience’s interests, characteristics, behaviours, and preferences. This data can then help you create custom experiences for your audience (such as custom landing pages) that further allow you to acquire more first-party data through forms.
Transaction data analysis
Monitoring customer transactions can reveal patterns and preferences, helping tailor marketing strategies. Ensure transparency by informing customers how transactional data will be used.
Content marketing and educational resources
Providing valuable content can encourage customers to share their information in exchange for access to more detailed resources or newsletters. PS. subscribe to our content hub for more great content like this!
Community building
Creating brand communities or forums can foster a sense of belonging among customers, encouraging them to share information and feedback willingly. Recently, Reddit has become increasingly popular for building communities around brands where users are free to share feedback, make suggestions and vote on the future of the product or service.
Analytics and web tracking
Utilize tools like Google Analytics to gather data on website visitor behaviour. Make sure to inform visitors about data collection practices and offer options for consent.
Critical tools to enrich your first-party data
While the tips above are good for kicking off your data collection, there’s more you can do to beef up the data you’re getting. Even with all the new rules and tighter controls, it’s still possible to dig deep into data and make smart choices for your business. We’ve been through it and came out the other side with some handy tools that amped up our digital marketing analytics and insights. Below are some of the tools we swear by and how they can give you a clearer picture of what your customers are all about.
Hotjar
Hotjar allows you to see how users interact with your site using heatmaps, session recordings, feedback polls, and surveys. It’s great for understanding user behaviour, identifying usability issues, and improving conversion rates. In the image below, Stryve’s website’s navigation can give us much deeper insight into our user behaviours thanks to Hotjar’s heat maps. We can see that our site visitors most often want to learn more about us, followed by the types of services we offer. This could potentially be used to inform new organic and paid marketing strategies.
Clearbit
Clearbit is like your business’s secret detective; it helps you understand who’s visiting your website and what they’re interested in. It takes the little bits of information your visitors leave, like an email address, and turns them into a full picture, telling you their job title, company, and even their industry. This means you can tailor your conversations and offers to match exactly what they need, making your marketing efforts more personalized and effective.
We love this tool because it offers real-time data enrichment to better understand your customers and anonymous site visitors. It integrates with CRMs and marketing platforms, providing demographic and firmographic insights for more targeted campaigns. It helps us understand who is interested in our services, and who we could help move along into our funnel. In the example below, Stryve can see what companies visited our website (and how frequently), as well as the website path that they arrived from.
The end of the road…uh, I mean blog!
As we navigate the evolving landscape of privacy laws in 2024, it’s clear that marketers across the globe must stay vigilant and informed to ensure compliance and protect consumer rights. The introduction of state-specific laws in the US, and significant reforms across Canada and the EU represent a global shift towards stricter data protection measures.
Adapting to these changes requires not only a thorough understanding of the new legal frameworks but also the implementation of strategies and tools that prioritize privacy while still enabling effective marketing practices. By investing in first-party data, exploring new technologies like Privacy Sandbox, and leveraging tools such as Hotjar and Clearbit, marketers can navigate this new era of privacy with confidence.
The future of marketing in the context of privacy law is undoubtedly challenging, but it also offers an opportunity for innovation and deeper customer relationships built on trust and transparency. As we move forward, marketers should embrace these changes not as obstacles, but as stepping stones towards a more ethical and customer-focused marketing landscape, where everyone benefits.