Top of page

Data Privacy – A Deep Dive (Part 2): A 9Rooftops 3-Part Series

Evan Fung - Director of Analytics

As Director of Analytics, Evan Fung helps 9Rooftops’ clients compile critical website user data that enables businesses to enhance their business strategies. His comprehensive approach to analytics focuses on branding and sales goals.

Evan’s “Data Privacy – A Deep Dive” is a three-part series on the complex, sometimes controversial, analytics ecosystem. First, Evan’s analytics deep-dive delves into the long, often forgotten, analytics history. Later, he discusses the more modern, familiar analytics headlines.

Contact Evan and the team at 9Rooftops for an analytics audit today.

Part 2 – Data Privacy & Modern Controversies

Modern Data Privacy Controversies

In part 1 of our 9Rooftops’ “Data Privacy – A Deep Dive” Series, we explored the often misunderstood and unknown history of modern analytics. In part 2, we’ll dive into a number of more familiar analytics controversies. Many of these instances captured national media attention and influenced legislative change.

Let’s begin with one of the most well-known, potentially most influential analytics controversies in history.

Recent Catalysts

While there has been a longstanding history regarding data privacy, the concept and the concerns therein arguably first came into the general public’s lexicon as a result of Edward Snowden and later Cambridge Analytica.

Edward Snowden and the NSA (2013)
  • Employed at Booz AllenHamilton, a contractor for the National Security Agency
  • Snowden’s whistleblower status came when he publicly disclosed information about NSA surveillance programs:
  • Collected information on phone records of millions of Verizon customers daily
  • Had a program called PRISM that gave the NSA direct access to servers at Google, Facebook, Apple and Microsoft
Facebook – Cambridge Analytica Scandal (2018)
  • In April 2010, Facebook launched Open Graph to third-party apps, allowing external developers to reach out to Facebook users and request permission to access their personal data, as well as their friends’ data.
  • Aleksandr Kogan and his company Global Science Research created an app called “thisisyourdigitallife” in 2013. The app prompted users to answer questions for a psychological profile.
  • Report that 50 million Facebook profiles were harvested for Cambridge Analytica in a major data scandal. This number was later revised to as many as 87 million.


One of the most significant efforts to regulate data privacy in recent years is the GDPR, which passed in the wake of the Snowden incident. It has changed the way we think about data ownership, security and privacy, as well as the ethics surrounding the exchange of online information.

General Data Protection Regulation (GDPR)
  • Regulation on data protection and privacy in the European Union (EU) and the European Economic Area (EEA); adopted in 2016 and became enforceable in 2018
  • GDPR’s primary aims are (1) to raise the bar for obtaining personal user data by requiring explicit and informed consent and (2) expand on and enforce user rights around data:
  • the right to be forgotten; have data deleted at the user’s request
  • the right to see or rectify
  • the right to request/download
  • the right to be notified of leaks
  • the right to object to certain processing of data
  • While the GDPR only directly applies to EU citizens’ data in theory, the global nature of the internet means that nearly every online service across the globe has felt its effects.
  • The regulation became a model for many national laws outside the EU, including Chile, Japan, Brazil, South Korea, Argentina and Kenya.
  • The regulation has resulted in significant changes for US users as companies adapt. The California Consumer Privacy Act (CCPA), enacted in June 2018 and effective January 2020, has many similarities with the GDPR.

More Connected Than Ever​

The continued evolution and increasingly stringent protocols surrounding data privacy are no surprise when considering our growing relationship with connected devices and, as a result, the increasing amount of personal data being collected and shared.

What’s Happening Now?

Shifting Consumer Opinions

Consumer sentiment has shifted, with people showing an increasingly negative outlook toward their data privacy.

  • 64% of consumers said their concern or awareness about data privacy has increased over the past 12 months
  • 61% of people were concerned about the internet eroding their personal privacy in 2019, increasing from 56% in 2013
  • 70% of adults say their personal data is less secure than it was five years ago

And it is not just their attitudes that have changed — their concerns with data privacy have driven consumers to take action to limit the amount of personal data available in recent years:

  • 77% changed privacy settings
  • 67% changed or did not accept cookies
  • 65% declined terms of agreement
  • 56% deleted an app from a mobile device
  • 35% removed a social media account

Consumer Distrust

Due to scandals like Cambridge Analytica, the Edward Snowden saga and the myriad data leaks that have occurred in recent years, consumer trust has reached a low point.

  • Less than half (45%) of global consumers trust organizations to protect the privacy of their personal data
  • 80% of global consumers say they would stop doing business with an organization that misused their data
  • 84% of global consumers fearing their personal data is not secure
  • 81% of US adults say the potential risks of data collection outweigh any potential benefits

Consumers’ growing distrust around data privacy & protection coincides with their growing distrust of advertising/advertisers.
Display advertising:

  • Only 36% of consumers approve of display ads on websites, when they understand how the ads are targeted based on their personal data

Social media

  • Over 80% of Americans are concerned about how much personal data is shared with social media and advertisers
  • Just 41% of respondents to a US survey said they trust Facebook, 43% for Twitter and 46% for Instagram
  • Globally, 23% of Facebook users say they have considered leaving the platform — driven in part by concerns about data privacy

Death of the Third-Party Cookie

Cookies — the small blocks of data created by websites and stored in browsers — have allowed brands and advertisers to track website visitors, improve UX and collect data for ad targeting purposes. The so-called death of the cookie has been a common topic in recent years, and we are fast approaching the end.

Safari and Firefox

Both browsers first communicated their intent to block third-party cookies in 2013, with Safari making the move to block cookies by default in 2017, followed shortly by Firefox in 2018.

Google Privacy Sandbox

Google revealed its “Privacy Sandbox” in August 2019, an initiative focused on personalizing ads while preserving user privacy. As part of that initiative, in January 2020, Google announced that it hoped to block third-party cookies from its Chrome browser by 2022. This timeline was updated in late June 2021, extending the phase-out to 2023. A little over a year later in late July 2022, the date was pushed back further to the second half of 2024.

This is a big deal.

As of February 2021, Chrome topped the list of web browsers with a global market share eclipsed 63%, while Safari and Firefox came in at a distant second and third with ~19% and ~4%, respectively. With over 86% of cookies set to disappear in 2024, brands and advertisers must prepare for a post-cookie world.

Differing Opinions​

While most everyone agrees that a cookie-less future awaits and that privacy rules will change, there is little agreement as to what that future should look like. The biggest players — Apple, Facebook, and Google — have separate visions which are in many ways at odds with one another.


Apple has largely taken a pro-privacy stance and is often lauded as the most privacy-sensitive among the tech giants. After all, unlike Google and Facebook, Apple’s core business model is built around selling hardware and services — not advertising.

iOS 14.5 – App Tracking Transparency

Apple’s iOS 14.5, released in April 2021, brought a host of changes, including the enforcement of a new policy called App Tracking Transparency.

Advertisers have long been able to utilize IDFA (Identifier for Advertisers) to track users’ activity across apps for data collection and ad targeting purposes. Now with App Tracking Transparency, iPhone, iPad and Apple TV apps are required to request users’ permission to use techniques like IDFA. The choice is presented front & center to users with a standardized prompt created by Apple.

Early data from Flurry Analytics shows that only 4% of US users and 12% of global users have agreed to be tracked, following the update.

Upcoming Privacy Features

At the recent WWDC21, Apple further signaled the company’s commitment to privacy with several new privacy features on the horizon:

  • Private Relay – service that hides user IP addresses
  • Mail Privacy Protection – eliminates tracking pixels from emails on the Mail app
  • App Privacy Report – allows users to see how apps use functions like location and camera, as well as see to whom apps share data

Facebook has lobbied for a middle ground when it comes to privacy and personalization — unsurprising given that 98% of Facebook’s revenue stems from advertising.

In fact, Facebook held an event in May 2021 — a roundtable discussion titled “The future of digital advertising: can personalization & privacy coexist?”

At the heart of Facebook’s argument is the belief that emerging technologies will enable a “best of both worlds,” in which users can maintain data privacy, while brands will continue to be able to target communications at relevant audiences. The three main innovations offered up by Facebook as parts of the solution:

Secure Multi-Party Computation (SMPC) – an evolution of data modeling, in which two or more companies can combine to analyze data without ever having the data change hands.

Blind Signature – a type of digital signature that conceals the identity of the message contents and the sender. The signatures are unique and can inform Facebook about a click or purchase, which in turn is conveyed to the marketer.

On-Device Learning – process that would allow personal data to be analyzed by a user’s device, without ever being shared externally

Facebook vs. Apple

Perhaps the harshest critic of Apple’s iOS 14.5 was Facebook, who went so far as to take out full-page ads claiming that the change would hurt not only Facebook but also destroy small business around the world.

During its roundtable event, a Facebook representative said “Some [parties] are engaging in a collaborative fashion; others are not … What kind of future do we want for the web? Because I don’t want to see a world where only the largest, with the biggest access to data, will survive.”

California Data Privacy Law (CCPA)

The California Data Privacy Law, or CCPA, is a “right to know” regulation protecting California residents’ data privacy. At least, that’s the goal.

The regulation requires that businesses give consumers explicit notices regarding their rights to data privacy. A web user in California has the right to know how and where their personal data is used. They also have the right to fully delete their personal information (mostly). They can opt out of having their information sold.

While all of this privacy protection is good for consumers, for businesses, they create laborious, difficult technical impositions. The CCPA provides a working example of data privacy regulations helping consumers, but potentially exhausting businesses.


Google’s privacy ethos is built around the company’s decision to move away from identifiers like third-party cookies, while at the same time promoting their vision of the future in the form of its Privacy Sandbox initiative.

During a recent Google Ads Marketing Livestream, Jerry Dischler, VP/GM of Google’s Ads business said, “Once third-party cookies are phased out, we will not build alternative identifiers to track individuals as they browse across the web. And we won’t use those identifiers in our products.

“Third-party cookies and other proposed identifiers that some in the industry are advocating for do not meet the rising expectations consumers have when it comes to privacy. They will not stand up to rapidly evolving regulatory restrictions. They simply cannot be relied on in the long term.”

Dischler also promoted Google’s Privacy Sandbox initiative, encouraging companies to participate and to engage with prospective solutions, like the Federated Learning of Cohorts (FLoC)–which has since been replaced with Google Topics.

Missed Part 1? Read it here.

Ready for Part 3? Read it here.


Got a Data Privacy Plan? Need Analytics Services that Unleash Your Brand's Potential?

This is not an advertisement, and solely reflects the views and opinions of the author. This website and its commentaries are not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content.