Schedule a call

Ready to scale?

Pick the service you need and book a free Discovery Call.

We've spent millions on Facebook and Google scaling fledgling brands into eCommerce empires. Now it's YOUR turn.

Navigating Data Privacy Laws & Changes for Digital Advertisers in 2021

Last Updated April 28, 2021

In this post:

Navigating Data Privacy Practices for Digital Advertisers

The landscape of digital advertising is shifting as government legislation and corporate action change data privacy practices. While everyone who’s in digital advertising has undoubtedly heard of GDPR by now, that is only the tip of the iceberg of many changes that are being rolled out. If you’re using digital advertising channels in your marketing mix (like most people!), here’s what you need to know about digital privacy changes and how they’ll affect United States-based advertisers this year.

Spongebob nail-biting

GDPR: How European Privacy Law Ended Up Affecting U.S. Advertisers

The major shift in data privacy laws and practices began with the General Data Protection Regulation (GDPR). Although enacted by the European Union to protect its residents, the law affects many U.S. advertisers because it extends to any website that attracts EU visitors—regardless of where the site is based or whether it actively markets to EU residents.

Most digital advertisers have already witnessed the impact of GDPR, and even people outside of advertising have witnessed the law’s effects (although they may be unaware). It’s the reason why cookie notifications and opt-ins are virtually ubiquitous on websites today.

GDPR was enacted in April 2016 and took full effect in May 2018. This law requires all websites that attract EU visitors to disclose how the site collects, protects and uses visitors’ personal information. Visitors must consent to this use, which websites may obtain explicitly (e.g. “I agree” buttons) or implicitly (e.g. stating that continued use constitutes agreement).

While the U.S. has been somewhat slower to enact data privacy protections for website visitors, lawmakers and U.S.-based tech companies are starting to catch up. GDPR has been followed by both legislative and corporate across the pond.

CCPA: New Opt-Out Data Privacy Protections for Californians

The first legislative action was taken in California, which passed the California Consumer Privacy Act (CCPA) in 2018. The law took effect in January 2020. Although California’s aim was similar to that of the EU, the CCPA has a couple points of distinction.

The CCPA targets larger websites and companies, which makes sense considering some of the world’s largest tech giants are based in Silicon Valley. The law specifically applies to companies that meet any of the following three criteria:

  • $25 million or more in gross annual revenues
  • 50,000 individuals, households or devices’ data are processed
  • 50% or more of sales come from sale of personal data

Small businesses that don’t meet any of these criteria need not worry about the CCPA at this point. 

Something else that sets CCPA apart from its European counterpart is that it's an opt-out law. Whereas the GDPR requires visitors’ consent, the CCPA only requires that visitors are given the option to delete or modify how their data is used. While websites must make users aware of how data is used and allow for the deletion of personal information (without penalizing the visitor), actually asking for consent isn’t necessary.


CDPA: New Opt-In Data Privacy Laws for Virginia Residents

The East Coast cousin of the CCPA, the Consumer Data Privacy Act was recently signed into law by Virginia’s governor. The law won’t go into full effect until January 2023, so we've all still got some time to prepare for the effects on advertisers. 

Virginia’s CDPA grants Virginia residents certain data privacy protections, just as the CCPA and GDPR do for their residents. Virginia’s version is best understood by comparing it to these other two.

Virginia’s CDPA takes a more restrictive approach to defining what websites must comply with the law than California’s CCPA does. The CDPA doesn’t have a revenue requirement, so the number of accounts stored and the sales ratio are the only criteria that determine whether a business must comply. 

Additionally, Virginia carved out commercial settings and employment where businesses collect personal information. While these settings generally fall under the CCPA’s requirements, the CDPA doesn’t require businesses to obtain consent in these situations.

When Virginia’s CDPA does apply to a situation, the law is more akin to the GDPR than the CCPA. Specifically, it’s an opt-in regulation where businesses must get website visitors’ consent. Again, the GDPR is also opt-in but California's CCPA is opt-out.

iOS 14: Cross-App Tracking Transparency Takes a Hit

Apple is expected to roll out the next iOS update sometime this spring, and iOS 14 will bring a notable data privacy feature

In iOS 14, a prominent App Tracking Transparency feature will make it easy for users to turn off cross-app tracking. Advertisers will still be able to track users within their own apps, but building a more comprehensive profile by compiling multiple apps’ data won’t be possible if a user takes advantage of this feature.

Turning off cross-app tracking is actually already a feature in iOS 13 (and previous versions), but users must go into Settings to do so. As digital advertisers know, making it more obvious and easier for users to take an action will result in many more of them doing it. A lot of devices will likely have cross-app tracking turned off soon after the update rolls out.

Google Chrome: Anticipating the Removal of Third Party Cookies

Google announced in 2020 that it would permanently remove third party cookies from Chrome. Mozilla Firefox and Safari have already done this, but Google’s action will be much more far-reaching because Chrome has approximately 2 billion active installs.

Google will still allow first party cookies, but third party ones will be gone for good. The effect of this will be much like iOS 14’s cross-app tracking feature. Digital advertisers will still be able to gather data via cookies from their own websites, but developing a more robust profile from multiple sites’ information will be much more difficult. Getting a fuller picture of consumers won't necessarily be impossible, though. Google itself may still compile data across websites as visitors use the company's browser.

How Advertisers Can Prepare for the New Data Privacy Landscape

These are currently the most notable changes in data privacy, but more will inevitably come in the future. We can't predict what will happen (unfortunately), but we do know advertisers will have to stay on their toes to figure out smart ways to keep reaching audiences.

Confused girl

Stay current with the changes, and always keep your digital advertising best practices updated so your advertising efforts perform without being totally compromised by updates from tech companies or lawmakers.

Ready to scale your profits sustainably?

TJ Jones -  CoFounder EmberTribe (1)

T.J. Jones

CoFounder EmberTribe

TJ will help you uncover some of the best growth opportunities for your brand in the First Call.


With over 10 years of experience and 80 million in ad spend under our belts, we know how to guide businesses from fizzle to sizzle.

Seth Bunch-1
"Embertribe has been incredible to work with. Not only are they knowledgeable and the best at their craft but they care about you and your business. Highly recommend!"

Seth Bunch

Founder of Xylem Woodworks

Portrait Lisa FusionBelts
"I tried one company before you guys but you guys are better. And you're all good looking too."

Lisa Vigliorolo

Founder of Fusion Belts

1199958010828334 - Embertribe (Internal Marketing) - 500x500 - SP - 45.01
"EmberTribe has been an incredible ally in our growth strategy. In a short period of time they were able to scale up our ad budget 200%, while decreasing the unit cost for each additional sign up. We see them as an extension of our internal marketing team, which, for a fast growing company, gives us tremendous leverage when building out and scaling new user channels."

Duncan Street

Co-founder, Qeepsake

1199958010828334 - Embertribe (Internal Marketing) - 500x500 - SP - 49.01
“One of the things I love most about working with EmberTribe which has been a standout from working with other companies is that there's a level of ownership that the team has in what we're doing that you really feel like they care."

Cody Barbo

Cofounder, Trust & Will

1199958010828334 - Embertribe (Internal Marketing) - 500x500 - SP - 57.01
"All around great team...The EmberTribe team really answered my technical questions without hesitation...Helped me understand where my business was lacking. It's hard to find companies nowadays that really go above and beyond."

Joey Hettler

Media and Marketing Coordinator at Altis

Grow Faster, Smarter with EmberTribe

If you are stuck on the half a million yearly revenue plateau, you need a growth agency that will get to know your business, audiences, and growth opportunities like the backs of their hands—and let you in on everything they learn. 

No secrets, no bull. Just making sparks fly together.

✅ Focused on revenue

Look elsewhere if you're looking for a new logo or brand identity via 200-page slide decks. Those marketing disciplines have their place, but they're not our focus. We've doubled down on growing sales and injecting our clients with cash flow.

✅ We move fast

The typical agency model moves slowly: endless meetings, thousands of email threads, lots of talk, but little action. EmberTribe is different. We know what it takes to grow fledgling brands into formidable empires: a hell of a lot of execution.

✅ Trusted by the best

We've been recognized by Facebook and Google as one of the top agencies in the world. We're a mentor to startups within Techstars, Y Combinator and regularly consult with programs at MIT and Harvard Business School. Now it's time to add you to our Tribe.

Okay, let's do this!

Book Discovery Call

You May Also Like

These Stories on Google