The Evolution of Privacy: A Timeline of Events Reshaping Identity-Based Tracking and Analytics

To prepare for the future, we must understand the past. This stays true in marketing, and it is particularly appropriate when it comes to digital tracking and analytics. D2C/ecommerce brands have often trusted their attribution and budget allocation decision-making on tracking people across the internet – but that has changed as privacy concerns and legislation have reshaped and limited what’s possible.

Marketers now live in a new world where we need to modernize traditional measurement models and not rely on digital tracking which, after all, has only been a quick bleep in the history of marketing.

But before we talk about the future, we need to fully comprehend what got us here – only then can we prepare and adjust for what is to come. This article will recap the key events that have changed how brands think about tracking and analytics, and the implications this comes with. 

I. Early days of data collection and tracking (1960s-1990s)

While still in their infancy, these milestones are the seeds of today’s issues – even if they’re 60 years apart:

  • The US Government collects data on American citizens (1960s)

In the 1960s, the US government began collecting data on American citizens for various purposes: law enforcement, tax collection, census data, etc. This is one of the first large-scale data collection movements in the States and set the stage for the future challenges around data and privacy.

  • The Internet goes public (1991)

The launch of the Internet to the public in 1991 revolutionized the way companies and governments could collect and analyze user data, which created a new era of questions around privacy.

  • The emergence of cookies and SSL (1994)

Netscape introduced cookies in 1994 and they became a double-edged sword: they helped create a better user experience by storing user preferences and actions, but they were also used to track user’s activities. Fast-forward to today and we’re actually nearing the death of the cookie – we will explore this later.

  • The European Data Protection Directive (1995)

The European Data Protection Directive set an early precedent for data privacy regulation and became the groundwork for more comprehensive regulations like the GDPR.

  • The rise of online advertising and privacy concerns (1996-1999)

With the Internet growing, companies saw the effectiveness of targeted advertising based on user data collected through cookies and other tracking technologies. Concerns around privacy started growing, and even the Electronic Privacy Information Center reviewed popular websites for potential privacy violations. 

II. The 2000s: The era of online expansion and growing privacy issues

The turn of the century marked a significant shift in the digital landscape. The Internet became more integrated in our daily lives, and privacy and data became disorienting topics.

  • Online credit card fraud and the launch of Google AdWords (2000)

The rapid growth of e-commerce in the early 2000s came with an increase in online credit card fraud. At the same time, Google AdWords was launched – another marketing channel that gathered and leveraged user data. 

  • Post-9/11 surveillance and data collection (2001)

In response to the 9/11 attacks, the US government enacted the Patriot Act, which expanded surveillance and data collection powers on American citizens to fight terrorism. While the privacy angle here is government-related, it added to the conversation around privacy.

  • The birth of social media platforms and their privacy implications (2003-2010)

Social media platforms like MySpace (2003) and Facebook (2004) were started during this period. These platforms collected vast amounts of user data – and questions about how it was used, stored, and shared started popping up, which would scale over the years.

  • Hacking incidents and the introduction of security standards (2004-2007)

High-profile hacking incidents like the breach of credit card processor CardSystems Solutions (2005), exposed the vulnerability of companies holding sensitive customer data. These incidents led to the release of the first unified security standard, the PCI DSS, hoping to reduce the risk of data breaches and fraud.

III. The 2010s: A turning point for data privacy and regulations

At the height of digital tracking and most marketers relying on it fully, regulations started becoming prominent. By the end of the decade, the game had changed.

  • High-profile data breaches and their consequences (2012-2017)

The 2010s had a surge in high-profile data breaches, such as the LinkedIn breach (2012), the Target data breach (2013), and the Equifax hack (2017). These incidents exposed the personal data of millions of users and continue to show the vulnerabilities in companies’ data protection practices.

  • The implementation of GDPR (2018)

In response to the growing concerns around data privacy, the European Union passed the General Data Protection Regulation in 2018. The GDPR established strict rules on the collection, processing, and storage of personal data. It also gave individuals greater control over their data and imposed hefty fines on organizations that failed to comply. 

  • The California Consumer Privacy Act (2018) 

The CCPA was a big milestone in data privacy legislation in the United States. It was designed to give California residents more control over their personal information and provide them with rights similar to Europeans under the GDPR. Consumers could now know what personal information a business collects about them, request their data to be deleted, and opt out of the sale of their personal information to third parties. This impacted brands too as they now had to comply with how they gathered, stored, and shared their data.

  • Facebook privacy scandals and HTTPS protocol (2018)

Facebook faced multiple privacy scandals, including the famous Cambridge Analytica, which revealed the unauthorized use of personal data for targeted political advertising. These scandals put the spotlight on social media platforms and grew the public support for stricter data privacy regulations. 

IV. Recent developments and the future of identity-based tracking (2021 onwards)

  • The impact of iOS 14.5, 15, and Apple’s App Tracking Transparency feature (2021)

Apple’s release of iOS 14.5 and 15 and the App Tracking Transparency feature significantly impacted the world of identity-based tracking. The ATT required apps to ask for user permission before tracking their activity across apps and websites. The increased transparency signaling made many users more cautious about sharing their data. This led to a reduced access to user information for advertisers and forced marketers to stop relying on digital tracking as its effectiveness dropped heavily.

  • Google’s delayed transition to a cookieless future (2021)

Google announced its decision to phase out third-party cookies by 2022, initially. However, in 2021, the company decided to delay the transition until 2024, giving marketers more time to prepare for a cookieless future. Google’s Vice President of Privacy Sandbox, Anthony Chavez, announced they’re extending the timeline to “the second half of 2024” so they can continue testing the Privacy Sandbox. The ongoing debate around privacy and personalization in advertising continues.

V. Implications for marketers and D2C/ecom brands

Okay, history class is over. You’re an ecom/D2C marketing executive, what does this all mean to you? 

Option 1 is complaining and wishing the good old days of digital tracking somehow come back. Would that be ideal and would that help marketers and brands? Absolutely. Does it seem likely? Definitely not. Privacy regulations are rising quickly and digital tracking will continue to be more and more broken. 

This has and will continue to crush many brands and marketers that relied on the vast customer information available – not just for tracking and analytics, but also for paid search and paid social targeting.

Option 2 is surviving by adapting and evolving as the way we market and measure/track our campaigns changes. Luckily, the history of marketing proves that we don’t need digital tracking – we only had it for 20-30 years anyway. 

Instead, the future of marketing lies in bringing back traditional tools like mix marketing modeling to optimize budget allocation in a post-cookie world – but leveraged in a modern way with the capabilities that we have now. 

This is what we’re working on at Recast, so if you’d like to learn more about how the marketers and brands of the future will thrive as digital tracking goes away, check out how we’re approaching it. 

About The Author