Posted on: June 17, 2021 | 3 min read

The Concerns of 3rd Party Data on Consumer Privacy – Why your Business Needs to Consider How Data is Used and Shared

A few weeks ago, Apple released its new feature: App Tracking Transparency, which has been a source of controversy across different audiences.

Prior to the launch of this feature, developers could track user data within an app. Advertisers could then use this data along with other data sources to identify user preferences and target advertisements. However, the new update requires developers and ad companies to ask for explicit permission before they can track the user’s activity across apps and websites.

In November 2020, Californians voted the California Privacy Rights Act (CPRA) into law, which restricts businesses from sharing personal information for cross-context behavioral advertising. Because CPRA goes into effect on January 1st, 2023, major technology companies will require users’ explicit permission to share and use data generated from digital interactions. Google recently announced that in 2022 it would eliminate third-party cookies from its Chrome browser and stop selling ads based on individuals’ browsing activity across multiple websites.

The reason for the concern for many businesses is new “opt-in” requirements affect behavior tracking across sales and marketing cycles. If people “opt-out” of tracking their behavior on apps and websites, some services will have to find new ways to fund their businesses instead of selling consumer data. These businesses will no longer rely on third-party data for targeted advertising. Nonetheless, companies will still be able to make use of first-party data for retargeting and measuring marketing performance on their owned and operated properties.

3 Tips to Get Started with Data Privacy

As states like Colorado, Arizona, and Florida join California in data privacy regulations, it’s important for businesses to take the appropriate steps to prepare. Below are three tips to get started.

  1. Connect with internal teams to learn the current methods the business is tracking personally identifiable data.
    1. Ask questions like:
      1. Do we receive, buy, sell, or share personally identifiable information? If yes, how many consumers are affected?
      2. Does our data architecture have encryption and password-protected steps place for bad actors?
      3. What types of disclaimers are present when customers opt into receiving communication from us?
  2. Search legislation by the state for all active laws that may affect your business.
    1. For many regulations, companies do not need to be based in the state or have a physical presence to be covered.
  3. Act, or react to legislation to avoid major risk.
    1. Leveraging data privacy experts is the easiest way to get started in understanding the regulations themselves and seeing what steps are needed to avoid penalties. At CCG, we cover not only the information architecture but the people and processes that go with it.

Learn more about the difference between Data Privacy and Data Security with our blog, here, and get started with a Data Privacy assessment by connecting with an expert at

Written by CCG, an organization in Tampa, Florida, that helps companies become more insights-driven, solve complex challenges and accelerate growth through industry-specific data and analytics solutions.

Topic(s): Strategy
Return to Blog Home