The state of data monitoring and confidentiality in 2020 January 2020 was a turning point. ACCP came into effect, Google Chrome became the last browser to commit to a cookie-free future and, after months of analysts sounding the alarm digital marketers have thought about a vision of the future that looks quite different from today. This article is not a complete history of consumer privacy or a technical thesis on web tracking, although I will link to some good ones in the following paragraphs. Instead, this is the state of affairs in our industry, an assessment of where the search marketers find themselves in the current data tangle and privacy and where we can expect it to go from here. It is also a call to action. It is far from hyperbole to suggest that the future of digital and search marketing will be greatly defined by the actions and inactions of this current calendar year. Why is 2020 so important? Assume with some confidence that your business or customers find the following valuable, and consider how they might be affected as the associated trends unfold this year. The effectiveness of the campaign will lose clarity as the effectiveness of retargeting decreases and audience alignment becomes blurred. The customer experience will weaken as marketers lose control of frequency caps and creative sequencing. Despite the setbacks, I do not intend to imply that better regulation is a misstep for the consumers or the businesses we serve. Marketing is at its best when all of its stakeholders benefit and at worst when an imbalance erodes mutual value and trust. But the inevitable way to go, regardless of the destination, promises to be long and uncomfortable unless the marketers are educated and contribute to the conversation. This means that the first step is to understand the basics. A Brief Technical History of Web Tracking (for the Generalist) Research marketers know more than most about web tracking. We know enough to make people clear at dinners – "No, your Wear OS watch is not spying on you" – and follow conferences like SMX when a speaker makes reference to the potentially morbid future of data management platforms. Yet most of us would not feel confident in front of a whiteboard explaining how cookies store data or advising our board of directors on CCPA compliance. It's okay. We have other superpowers, beautiful brilliants who have their own merit. Yet the events of 2020 will define our role as marketers and our value to consumers. We find ourselves in the midst of a privacy debate, and we need to feel empowered to participate with an understanding of the key concepts. What is a cookie? A cookie stores the information that is transmitted between the browser and the server to ensure consistency when users navigate through pages and sites. Consistency is a key word. For example, this consistency can be beneficial to consumers, as in the example of a shopping cart. Online shoppers add a product to the cart and, when they browse the site, the product stays in the cart. They can even go to a competitor's site to compare prices and, when they return, the product is still in the cart. This consistency allows them to shop more easily, navigate an authenticated part of a site and exist in a modern multi-browser and multi-device digital world. Consistency can also benefit marketers. Can you imagine what would happen to conversion rates if users had to authenticate multiple times per visit? The pace of online shopping would become a crawl, Amazon would self-burn and the Blockbuster video would rise like a phoenix. But this consistency can violate confidence. Some cookies are deleted when you close your browser. Others may accumulate data over months or years, aggregating information across many sites, sessions, purchases and consumption of content. Comparison of Proprietary and Third Party Cookies It is important for marketers to understand that proprietary and third party cookies are written, read and stored in the same way. Simo Ahava does an excellent job by developing this concept in his open-source project which reading is absolutely recommended. Here is an exerpt. It is common in the jargon of the Web to speak of first-party cookies and third-party cookies. This is a bit inappropriate. Cookies are information stored on the user's computer. There is no distinction between the first and the third in the way these cookies are classified and stored on the computer. What matters is the context of access. The difference is the top-level domain to which the cookie refers. A cookie owner references and interacts with the domain and its subdomains. searchengineland.com searchengineland.com / staff events. searchengineland.com A third party cookie references and interacts with several domain cookies. searchengineland.com events.marketingland.com garberson.org/images Marketing Land has a useful explainer, aptly called WTF is a cookie anyway? If you are more of a visual learner, here is a super simplistic explanation of cookies from The Guardian . Both date from 2014, so they are not up to date, but the basics are still the basics. Other important web tracking concepts Persistent cookies and session cookies refer to duration. Session cookies expire at the end of the session when the browser is closed. Persistent cookies do not. Data duration will prove to be an important concept in the regulatory sections. Cookies are not the only way to track consumers online. The fingerprint which uses dozens of browser and device settings as unique identifiers, has caught the attention of platform providers, including an assault announced in the news. ; announcement of Google's private sandbox . . Privacy Sandbox is Google's attempt to set a new standard for targeted advertising with an emphasis on user privacy. In other words, Google's advertising products and the Chrome browser hope to maintain pleasant privacy levels without the aggressive limitations of proprietary cookies displayed by other major browsers like Safari and Firefox. Storage is a broad concept. Often this applies to the storage of cookies and to how browsers can restrict the storage of cookies, but there are other ways to store information. LocalStorage uses Javascript to store information in browsers. It appeared that alternative storage approaches offered hope to web analysts and marketers affected by the loss of cookies until recent browser updates make these tactics immediately obsolete. Drivers: How We Got Here It would be convenient to start this story with an event, like a first fallen domino, which changed the course of modern data privacy and contributed to the world we see in 2020 For example, if you ask a historian about the First World War, there are many who point to a day in Sarajevo. One minute, Archduke Ferdinand Ol was enjoying the sun in his convertible, the next minute his day got worse. It's hard to find that with tracking and data confidentiality. [Facebook'spathtomonetizationhascertainlyplayedaroleFacedwithmarketskepticismaboutthesocialmediabusinessmodelFacebookfoundawaytopaybyopeningthedatagates Although unfair to give Facebook all the credit or the blame, the company certainly supported the narrative that the data became the new oil. An iconic article by the economist established several parallels with oil, notably the consolidated and oligopolistic tendencies of the old oil giants. "Giants' surveillance systems cover the whole economy: Google can see what people are looking for, Facebook what they share, Amazon what they buy" , wrote the economist. "They own application stores and operating systems, and rent computing power …" This consolidation of data has contributed to an increase in frequency and impact leaks and data breaches . Like fish in a bucket, the evil actors knew where to look to reap the greatest rewards from their hacking efforts. It was only a matter of time until companies attempted to cross the fuzzy line of legality, introducing a new militarization of data that occurred in outside the deepest and darkest entrails of the Internet. Enter Cambridge Analytica . Two words that changed the way each web analyst presented himself to strangers. "I do analyzes but, you know, not in a scary way." Cambridge Analytica, the defunct data mining firm mixed with a political scandal, has thrown a frightening light on the granularity and uncontrolled accessibility of the data on the platform. Investigation reports have revealed to citizens around the world that their information can not only be used by advertising campaigns to sell widgets, but also by political campaigns to sell elections. For the first time in many homes, the effects of modern data privacy have become tangible and personal. Results: where we are today The state of data confidentiality in 2020 may perhaps be better understood by defining it in terms of drivers and destinations. Consumer drivers, like those mentioned in the previous section, sparked reactions from stakeholders. Some micro-level results, such as the actions taken by individual consumers, were predictable. For example, the hashtag #deletefacebook made its first appearance after the break in the history of Cambridge Analytica and investigations revealed that three-quarters of Americans have tightened their privacy settings Facebook or deleted the app on their phone. The most important results probably occur at the macro level, where a (re) action affects millions or hundreds of millions of people. We have seen some of this from consumers with the adoption of ad blockers . For publishers and businesses living and dying with ad printing, losing a quarter of your ad inventory due to ad blockers has been and is still devastating. Political Results Just weeks after Cambridge Analytica found its infamy in headlines, the European Union adopted GDPR to improve and defend standards privacy of its citizens, forcing digital privacy discussions in lounges and meeting rooms around the world. Let's use the following Google Trends table for "data confidentiality" in the United States to deepen five key results. The General Data Protection Regulation ( GDPR ) distributed more than 1 14 million fines to companies doing business in the ; EU since it became enforceable in May 2018. It has been called "Protection + Teeth" to the extent that the law provides for a variety of rights in data and life protection privacy of EU citizens while allowing a fine of up to 20 million euros or 4% of revenue, whichever hurts offenders the most. Months later, the United States welcomed the California Consumer Privacy Act ( CCPA ), which came into force in January 2020 – becoming enforceable in July. Like the GDPR, a central theme is transparency, as Californians have the right to understand what data is collected and how that data is shared or sold to third parties. CCPA is interesting for several reasons. California is material. The state accounts for a double-digit share of the U.S. population and gross domestic product. It is also not the first time that California's new digital data privacy law has influenced a national model. The state introduced the first data breach notification laws in 2003, and other states quickly followed suit. California is not alone with ACCP either. Two dozen US state governments have introduced digital tracking and data privacy bills, with at least a dozen laws pending. This includes the Nevada SB220 which became adopted and applicable within a few months in 2019. Business results The business responses have taken many forms, from ad blockers that I mentioned in the platform privacy updates. dissolution of advertising technology providers. I'll touch on some of these stories and trends in the next section, but for now, let's focus on the actions of a technology that promises to trigger exponential effects on search marketing: web browsers . The Safari browser introduces Intelligent Tracking Prevention ( ITP ) in 2017 to algorithmically limit cross-site tracking. Let us stop to dissect the last words of this sentence. Algorithmically = automated decisions that prioritize the scale over discernment Limit = block immediately or after a short period Cross-site monitoring = first and third part cookies ITP 1.0 wasn’t just a start. From there, the following iterations have reduced the duration of cookies, storage, and the role of first-party cookies for web analytics. Abigail Matchett explains the implications for users of Google Analytics. "All client side cookies (including proprietary trusted cookies such as Google Analytics) have been limited to seven days of storage. This may seem like a brief window since many users do not visit a website every week. However, with ITP 2.2 and ITP 2.3… all client side cookies are now limited to 24 hours of storage for Safari users… This means that if a user visits your site on Monday and returns on Wednesday, he will be granted a new _ga cookie by default. You are starting to see why this is such a big problem. Whether intended or not, these actions reinforce the use of quantitative measures rather than quality measures by obstructing attribution. There's a lot more than you can say on ITP, so if you're ready for a weekend read, I recommend this thorough technical evaluation of the effects of ITP. 2.1 on the analysis. If ITP caught the attention of marketing, Google It strengthened it by announcing that Chrome would stop supporting third-party cookies in two years, codifying for specialists in marketing that the loss of cookies was not a box to launch. "Cookies have always been unreliable ," Simo Ahava told me. "Being blind to recent changes in web browsers means that you have never critically examined the data before. We are entering a post-cookie world of web analytics." Where it goes The state of data tracking and confidentiality can take many paths from here. I describe some of the most plausible and then ask the other members of the analytical and digital space to propose their ideas and recommendations. Way A 2020: the lack of clarity leads to little change on the part of search marketing specialists This result seemed to be a real possibility in the first week of January, California having enacted ACCP while application deadlines were delayed. It was not yet known what application would look like later in year and it's a apparently, despite great promises, that tomorrow would look very much like today. This route seemed less likely after the second week of January. This brings us to the next section. Track B 2020: complex tracking limitations keep marketers on their heels Already in 2020, we saw ACCP take effect, Chrome put cookies in guard, the stocks of companies that rely on third-party cookies plummet, and the sacrifice of data providers who threatened consumer confidence. And it was only January.

2020 Path C: Correction because the fear of consumers diminishes in response to the action of industry The backlash of