Managing first party data risk

First-party data is increasingly important to advertisers preparing for what may or may not be a cookieless future.

Post Main Image

First party data and the changing marketing landscape

First-party data is increasingly important to advertisers preparing for what may or may not be a cookieless future. The term “first-party data” refers to information collected by advertisers through their direct relationships with consumers. The rise of first-party data parallels the slow demise of the third-party advertising cookie. While first-party data can offer greater personalization and addressability, it can also bring privacy risks. In short, when companies bring data in-house, the risk comes with it.

First-party data gained widespread adoption to adapt to the much-publicized “death” of third-party advertising cookies. Third-party cookies have formed the backbone of the Internet’s advertising ecosystem since the late 1990s. For years they have been under assault, perhaps first noticeably starting in 2009 with amendments to the EU’s E Privacy Directive that brought us the “cookie banners” asking for permission to set cookies on many websites. The cookie ecosystem has been under attack from other angles as well, including greater consumer awareness and resistance to being tracked and the fact that many people now access the Internet across multiple devices instead of a single computer.  

This year, 2024, was widely expected to bring the “death” of the third-party advertising cookie. After years of delay, Google announced in January that Chrome, the globally dominant browser, would end support for third party cookies later in the year. However, Google changed course in July and the cookie will stay. Despite this, the cookie is losing its status as the key player in the digital advertising space. While the third-party cookie may linger for a bit longer, it is no longer as powerful as it once was. Advertisers have noted a loss of “fidelity” based on cookies for various reasons, including browser limits on cookies and more individuals opting out of sharing for advertising. Some of the most common suggestions to future-proof advertising programs revolve around first-party data.  

With first-party data comes responsibility

Using first-party data enables companies to rely on their relationships with individuals instead of simply tracking devices. Companies can often still collect, use, or share personal data; provided conditions around transparency, choice, and other requirements are met. Other newer approaches like “clean rooms” allow companies to share the value of their first-party data without actually sharing the data. These changes have some benefits for protecting privacy but also risk; instead of relying on specialized providers in the digital advertising space, every company hoping to access the value of its first-party data must now also be in the personal data management business.

Reliance on first-party data will include extra responsibility to ensure that it is collected, retained, used, shared, and eventually deleted in a compliant fashion. Companies must provide transparency consistent with applicable laws, including disclosing with whom the data is shared. Companies must provide data subject rights to access or delete data or opt out of its sharing (usually called “DSARs”), with additional requirement for sensitive data. Regulators are empowered to require proof that companies handle data in a compliant fashion, and savvy counterparties seeking to sell or buy data will require proof that it has been collected in a compliant fashion, with appropriate transparency and opt outs, and that potential partners offer compliant DSARs.

Data governance starts with knowing your data

Whereas companies could previously rely on a few specialized providers in the digital advertising field, the shift to first-party data means that many more companies will now be responsible for robust privacy compliance programs; including the ability prove to regulators, counterparties, or consumers that they are in fact compliant. Data governance and data provenance are more important than ever. Companies must be able to show that any ongoing use of data is consistent with its purpose at collection, or that new consent has been given. This means tracking the user experience from before the point of collection until deletion.

We believe managing your data starts with mapping it and good data flow mapping underpins all privacy and data governance efforts. Our founders have worked in the field of privacy and data governance for years and understand first-hand the challenges real companies face in mapping and understanding their data. Atlas 6 incorporates lessons learned from our experience and is designed to be flexible enough to support you wherever you are on your data governance journey.