The Continuing Battle Over Data

The Continuing Battle Over Data

DataDigital AdvertisingeCommerce

The Capital One Breach is just the latest in a long string of high-profile breaches that continue to plague companies collecting data online. Privacy advocates have spent years pushing for changes to online advertising and data storage. Some countries and companies are now finally making strides in the direction of protecting consumer data, but digital advertising may be the biggest casualty of the new rules.

So what changes have been made and what is being proposed?

Changing Regulations

Governments have begun to crack down on data collection due to the costly and problematic data breaches that have occurred with regularity in the past few years.

General Data Protection Regulation (GDPR)

Unless you’re brand new to the eCommerce scene, you’ve likely heard about GDPR. It’s the data privacy act that was passed in the European Union and went into effect in 2018. Well-known companies like Marriott and British Airways have already faced fines due to non-compliance with all GDPR rules and more fines are likely to come for Google, Facebook, and other big companies as they attempt to protect consumer data without losing valuable advertising information.

Plus, updates to GDPR are already being proposed. Over the next few years, companies will likely need to make additional changes to data policies and informed consent to continue using digital advertising at all in this region.

California Consumer Privacy Act (CCPA)

While GDPR exploded onto the scene, CCPA has been quietly being pushed through the California legislature despite serious opposition from major companies. With similar goals to GDPR, the aim of this act is to give control of data back to individual users. Though the impact will be less significant in the number of people affected, it could cause sweeping changes for any US business.

Because businesses will have to comply if they want to sell in California, it will be essential for all companies to know what is changing and when.

Here’s the important details:

  1. The act officially goes into effect on January 1, 2020. That means companies have very little time left to ensure compliance.
  2. The act states that consumers have the right to understand what data is being collected about them and whether a company will sell or share it.
  3. Additionally, consumers need to be able to opt out of selling information, access it if necessary, and have the ability to request data be deleted.
  4. The CCPA applies to businesses that operate in California and meet certain thresholds, including gross revenue in excess of $25 million or earning more than half of your revenue from selling consumer data.

Though this act only affects businesses operating in California, it may be adopted by other states or the federal government over time if successful. Compliance now may save headaches later on.

Changing Policies

Because of both consistent breaches and governments beginning to create oversight, businesses have begun implementing changes themselves to try to get consumer goodwill and stay ahead of regulations. This is especially true of the advertising duopoly (Facebook and Google).


From recent lawsuits against developers committing ad fraud to new privacy filters for consumer data, Facebook has been trying to change the narrative away from their Cambridge Analytica scandal. As part of this effort, the newest tool they have announced will allow consumers to “disconnect” data that is not collected directly from Facebook.

However, there are a few drawbacks. First, it can take days for the data to be removed from a person’s account. Second, the data won’t be deleted, but instead separated from the account. That means it still exists, it just won’t link directly to the consumer. And lastly, there’s no way of knowing when the tool will be available since it was blocked by a court order to aid in a civil case against Facebook.

For now, that means advertisers have no way of knowing when and how their campaigns will be affected by people choosing to opt-out of targeting data.


Similarly to Facebook, Google is trying to get ahead of the narrative by creating their own tools for handling data. They claim to be cracking down on device fingerprinting and other opaque tracking methods, but they still support cookies and are also disabling features of ad-blockers. They also removed the DoubleClick IDs feature (which helped with cross-device tracking) from their advertising offerings.

Because they have not announced all of their initiatives yet, it will be important for advertisers to pay attention as new changes are announced. It’s likely that nearly every advertising campaign will be affected by any changes Google makes since they are the leading digital advertising seller and own the most popular web browser.


All three of these companies have begun adding more privacy features to their browsers, making it easier for consumers to avoid intrusive advertising and excessive data collection. New features like cookie transparency, tracking blockers, and ad consent are being added to several browsers. As these companies offer more privacy, it pushes Google and Facebook to offer more privacy features as well.

Potential Effects of Changes

The real effects of all these changes will not be known for a long time. However, some ripple effects are already being seen in small ways and will likely continue to see changes as more regulations and policies shift toward privacy.

Digital Advertising

Obviously, the biggest changes will be seen in digital advertising. As companies, governments, and consumers fight over how to balance privacy and business needs, digital advertising is at the heart of the debate. Initially, we will likely see a rollback in micro-targeted advertising as discussions around informed consent continue. Will that last? Maybe. Maybe not.

For a while, advertisers will simply need to be able to roll with the changes. If you have a strong brand strategy that can work around these changes, you’ll be in an even better position to come out strong no matter the resolution to these debates. In the meantime, be prepared for a lot of changes as this fight is just getting started.


While eCommerce won’t see the direct effects of these data regulation and policy changes, the ripples will reach this industry as well. We can already see it happening with the new Strong Customer Authentication (SCA) requirements in PSD2. As more data is readily available on the internet, more protections for people online are likely to be enacted.

We’re also seeing a crackdown on companies that have data leaks. Ensuring that your customer data stays secure is going to be essential moving forward. Unfortunately, data is the lifeblood of most online businesses. Trying to walk the balance of only keeping necessary, secure information but still providing a simple, positive customer experience may be difficult. This will be another area where being flexible is going to be key to future success.

Data is not the only battle currently being fought online. To see the latest changes in the fight against fraud, check out our blog post on the topic.

Post Author: Jackie Long

Jackie Long

Blog Manager at NS8. With a varied background and over 5 years of content creation experience, Jackie works hard to provide a compelling range of informative articles.