Data Privacy & Building Trust: The Way Forward in the Cookieless Future

Between momentus data privacy legislation like the GDPR and the CCPA coming into effect, Apple deprecating the IDFA, and the COVID-19 pandemic changing, well, everything, the last few years have been a time for change and evolution in the privacy space. Businesses are realizing they need to change their data practices, as consumers become more concerned about the collection of their personal data and how it is being used.

How will businesses adapt to stricter data privacy legislation and continue to build trust with their customers?

Data Privacy History – Then, Now and the Future

To understand where data privacy is headed, we need to go back in time to see where we’ve been. In 1991, the internet went public and the world changed. By 1994, the first browser cookie was created by Netscape and by 1997 the Electronic Privacy Information Center released a review that found only 17 of the top 100 websites had a privacy policy – an unfathomable thought in today’s world!
Advancements in technology were quickly accelerating by 2009 — the year AE was founded! Mobile apps had just been invented and social media was rapidly growing. Since then, the internet has only become more integral to our daily lives. With this habitual change came a huge increase in the amount of data we create and the amount of data collected. It makes sense that the majority of consumers are more concerned about the safety of our personal data in 2022.
As people have become more privacy-conscious, governments around the world have responded to demands by enacting legislation to protect individual’s data privacy rights. A recent report by Gartner states that “by 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations”.

Let’s have a look at some of the most significant privacy legislation around the world today.

While centered on the European Union (EU), the GDPR will have a global impact.


Remember when you started seeing cookie banners on every website? That’s because of the General Data Protection Regulation (GDPR). A defining event in the last decade for privacy legislation, the GDPR was passed in 2018. It protects the data of individuals located in the European Economic Area (EEA), and applies to any business that handles their personal data. That means that even if a company is located outside of the European Union (EU), they are required to comply with the GDPR if they handle data from EU customers. The GDPR therefore has had an impact on marketers globally.

There are two cornerstones to the GDPR: explicit consent and the right to be forgotten. Under the GDPR, individuals must be informed of the data collected, how that data will be used, and any checkbox on a signup form must be un-checked as default. Individuals must check the box to indicate they agree with the terms. This is explicit consent. The right to be forgotten means that individuals have a right to have their account and all collected personal information deleted.
A woman sitting and looking at her tablet while smiling. There is an email notification icon above her.


Email marketing was changed by the introduction of Canada’s Anti-Spam Legislation (CASL) in 2014. Gone were the days of a spam-filled inbox as the new legislation posed fines of up to $10 million for businesses that send unwanted commercial electronic messages to Canadians. CASL has been a resounding success for both consumers and businesses. Canadians are protected from spam, and the open rate of commercial emails has increased.


Data privacy legislation in Canada is under review currently. The Canadian government is aiming to modernize Canada’s privacy laws with the proposed Digital Charter Implementation Act (DCIA), which follows in the footsteps of the GDPR by addressing meaningful consent and the right to be forgotten.


United States

The most notable data privacy legislation in the US is the California Consumer Privacy Act (CCPA) which came into effect in 2020. Similar to the GDPR, any company that handles the personal data of individuals in California must comply with the CCPA. CCPA gives Californians the right to know what personal data is being collected and whether it is sold or disclosed. Californians can also say no to the sale of their data as well as access it and request for it to be deleted.

In 2021, Colorado and Virginia enacted data privacy laws following in the footsteps of the CCPA. Many more states have data privacy laws currently under review, notably New York’s Privacy Act which is slated to be the most strict data privacy legislation in the US.  


A defining event in the last decade for privacy legislation, the GDPR was passed in 2018. It protects the data of individuals located in the European Economic Area (EEA), and applies to any business that handles their personal data.

An iphone showing a user's App Privacy settings.

Privacy and the Private Sector

Not only is data legislation evolving as governments recognize their citizens’ demands for privacy, but private companies are taking notice as well. In spring of 2021, Apple released an update to iOS which turned off default sharing of Identifier for Advertisers, a device-level identifier that allowed advertisers to track individuals’ interactions with mobile advertising campaigns. A subsequent iOS update gave users more control over their email privacy, including the ability to hide whether they had opened an email from the sender.

Another on-going change is with third-party cookies. Firefox and Safari browsers have already put an end to third-party cookies by blocking them by default. In turn, Google announced that they would be following suit in 2022, however recently pushed the phase-out to 2023.

What does the future of data privacy look like? We are already taking steps into the cookieless world, and trends show that consumers will continue to demand privacy protection. But what does that mean for marketers that rely on customer data to make decisions?


The Privacy Paradox

While more and more consumers are saying “no” to having their data tracked, studies show that they still want personalization. A study by Accenture found that 91% of consumers say they’re more likely to shop with brands that provide relevant offers and recommendations.

That’s the privacy paradox: people want a rich online experience with personalized content and offers, but don’t feel comfortable sharing the data that would allow brands to create that experience.

Illustration showing the privacy paradox and the solution: get users permission to access first-party data for personalization.
Businesses know that capturing and analyzing Personally Identifiable Information (PII)  is incredibly important in their marketing. But for consumers, balancing the benefits of having their data tracked, with the fear of companies misusing their data is a difficult task — there really is a dark side and a light side to data!

Marrying Data Privacy and Trust: The Digital Handshake

How do businesses and marketers reconcile the Privacy Paradox? Introducing: the Digital Handshake.

The Digital Handshake is what we, at AE, call the mutually beneficial exchange between brands and their customers. In exchange for their valuable data, brands reward customers with personalized content. The Digital Handshake embodies the same principles as the GDPR, primarily context and consent. Before collecting customer’s data, they are explicitly informed what data will be collected and what value they will receive in return.

A cellphone screen showing two people shaking hands. One hand is labelled "brand", the other "human". There is an arrow from the human to the brand that says "behavioral data" and the opposite way that says "personalization"
Through transparency and accountability, the Digital Handshake helps you to build trust, and to form strong, loyal relationships with your customers. This is the new age of consumer data: forming useful relationships and serving your customer better and more creatively. 
If you want to get ahead of the curve and emerge as a leader in the world of data privacy, it’s time to start thinking from a privacy and consumer-first mindset. You have an opportunity to leverage first-party data with transparency, increase engagement by getting creative with how you capture opt-ins and use your customers’ data to deliver personalization.


The Digital Handshake is what we, at AE, call the mutually beneficial exchange between brands and their customers. In exchange for their valuable data, brands reward customers with personalized content.

AE Makes Data Privacy Compliance and Building Trust Easy

my data my choice powered by appreciation engine
Appreciation Engine was built with privacy in mind. We’re constantly making changes and updates, not only in order to stay ahead of the curve with regards to data privacy legislation, but because we truly believe in the importance of privacy and trust. In fact, trust is one of our five core values: we know our clients trust us with their customer’s personal data and we take this very seriously. We also created My Data My Choice, a site dedicated to informing consumers about their data privacy rights.


AE makes it easy for our customers to maintain data privacy compliance and build trust with their users. Explicit consent is collected at the point of registration (AE Connect, our social login), customers have access to and control over their data through AE’s Privacy Center, and since customer data is compiled in a single profile in AE, it’s easy to delete the entirety of a customer’s data if they request it.


Learn More about Privacy and Trust


It can be difficult to navigate the waters of data privacy, but we’re here to help. We’ve created some resources for consumers and businesses to better understand data privacy, consent and trust. Check them out for more information:


At AE, we are committed to helping our customers respect their users’ privacy. We’ll help you protect your business and your users’ data privacy.