Building Trust by Respecting User Privacy

Alison Goldberg AUTHOR: Alison Goldberg
Mar 06, 2024
7 Min Read

Data privacy, as a concept, tends to make us want to put our heads in the sand. It encompasses so much across our organizations—marketing, legal, IT, and development—that it can often feel like a game of chicken. Who is going to cave, bring it up first, and become the de facto leader? Everyone’s time and money are precious and it feels like there are more immediate things to devote those resources to. We get it!

We’re here to tell you that for the good of your organization, privacy needs to be dealt with. You don’t have to do it alone—gather a team and break it into steps. Privacy is scary because it is new and it is evolving and will be for a while. Google and Meta don’t have it perfect yet, so it’s understandable if you don’t either. But if you start now, it will be a lot easier to keep up with these changes as they come. In 2024, we must become comfortable with unknowns and focus on what we do know now.

Dive Deeper

We discussed this topic in a livestream conversation on May 8—register to watch on-demand below.

Watch Now


Respecting your audiences’ data is paramount for three reasons: it’s the right thing to do, it’s increasingly the legal thing to do, and it’s what customers now expect.

We know that 76% of consumers say that companies that provide data security will encourage their loyalty.” Just as our audiences expect a seamless mobile checkout experience, they expect that their personal data will be safe with us. It’s a fair and reasonable expectation from customers and it is another avenue for organizations to grow their relationships with customers. When you take personal data privacy seriously, you show that you share values with your audiences and you don’t take the trust they are placing in you for granted.

We know that governments big and small are passing privacy regulations and we don’t expect this to slow down. The General Data Protection Regulation (GDPR)—which enforces among the strictest privacy rules in the world—has drastically changed digital privacy in the EU over the last five years. As of February 2024, thirteen U.S. States have passed their own data privacy laws, and they are each just a little bit different from one another.

We know that tech companies are making changes to their platforms to comply with these privacy laws. In response to these laws, Google Chrome (along with most other browsers) is deprecating third-party cookies. This change to third-party cookies means that users will have more control over who has access to their data (yay!). This change to third-party cookies also means that as advertisers, we will have less visibility into aggregate customer behavior. To combat this, Google, Meta, and virtually any other platform you can advertise on are rolling out ways to track and measure without relying on third-party browser cookies. This includes utilizing first-party data as in Google’s Enhanced Conversions and server-side tracking as in Meta’s Conversions API.

Your Audience’s Privacy is Your Responsibility

Regulation always requires interpretation and with major ad tech players refraining from taking responsibility, it falls to businesses to interpret what these changes truly mean for them. This change to data coming from your site directly, rather than via a third-party cookie, puts the onus on you to ensure you are treating privacy correctly. We feel our job is to help distill what the platforms are doing, so you can make the best decisions for your organization.


First off: take a moment to breathe and then celebrate! Customer data privacy is a good thing for humanity. It just means we have to reassess how to build and engage audiences in new ways. Here’s how you can approach next steps with customer data privacy to ensure your policy works for your organization:

Set a Company Ethos: A Privacy Policy is Non-Negotiable

If you have a website, you need to have a privacy policy. Full stop. There are several free options to help you generate the beginnings of a privacy policy and we would recommend starting there. Privacy policies are living documents, they can, will, and should change over time.

Taskforce, Assemble!

As Velma Kelly once said, [you] simply cannot do it alone! Enlist your colleagues to come together and tackle this as a team. Privacy touches so many parts of your organization, you need to make decisions together. If legal and IT take the lead, marketing priorities could be left out resulting in the loss of crucial data for success.

Take Stock

Look at the platforms you use for ticketing, advertising, communicating—anything that might touch your customers’ data. Once you know which platforms interact with customer data, you can make sure your privacy policy informs customers of those interactions.

Upgrade Tracking

The new tools from advertising platforms are meant to help us continue to run effective campaigns and see accurate results. Consider implementing Enhanced Conversions and Advanced Matching (we can help!). Keep an eye out for more information this year about Meta’s Conversions API (CAPI) and Google’s Consent Mode. We’re staying up to date about these tools so we can help them help you.

Ensure You Have Consent

It has quickly become standard and expected for a website to have not only a banner that alerts visitors to the use of cookies but also one that allows audiences to select their tracking preferences. In the last year, we’ve seen several cautionary tales of organizations’ consent management practices. From breaking all website tracking to not blocking tracking based on customers’ selections, consent management is not a straightforward endeavor.

Consent banners can sometimes be deployed via plugins or tools built into certain CMSs; however, a Consent Management Platform (CMP) will give you the most flexibility. CMPs are the wave of the future in user data privacy management. They enable you to connect any tracking on your site to user preferences, and most allow you to tailor your consent policy to users’ geolocation allowing you to comply with local regulations while maintaining as much data integrity as possible. Implementing a solution and ensuring it works as expected will require collaboration from legal, marketing, and IT. CI can be a thought partner for your organization about how to enact measures to follow regulations while mitigating the impacts on measurement in advertising and analytics. We can also help with your CMP implementation to ensure that it adheres to best practices, follows your requirements, and connects the choices customers make to tracking so their choices are respected.

Use Geo-Location

Take a look at your CRM and see where the bulk of your audiences live. If you have a large amount of customers in one of the thirteen states with privacy regulations, let that state’s regulation be your starting point. Keep in mind that most data privacy regulations base the jurisdiction on where the customer is located rather than where the organization is based.

Call for Help

Be sure to consult legal counsel to make sure your privacy policy appropriately protects your organization and is compliant with relevant regulations. CI will never be able to offer legal advice, however, our expertise in marketing, analytics, and the arts industry positions us to act as an interpreter to help you advocate for your marketing priorities. We can also help implement your CMP and other privacy-first measurement tools (like Enhanced Conversions, CAPI, etc) so you and your users are getting the best out of them.


We will be creating and sharing more content around privacy for the industry soon. In the meantime, hear more from me and Ally Duffey Cubilette on privacy on CI to Eye Podcast and save the date for our CI Deep Dive into this 2024 Digital Priority on May 8.


We’re not sleuths, but we can help solve the mystery of privacy by offering strategic guidance for your organization! If you need help starting these privacy conversions or just feel lost, contact us and we’ll gladly see how we can help.