Compliance-First vs Privacy-First: Why Aiming for Compliance Is a Failing Strategy

We are in the privacy-first era. People are tired of a privacy-last world where their data was captured, analyzed, used, and abused without their knowledge or consent. People are empowered now to control and choose how their data is used – and this empowerment is starting to pervade our behavior and government. For example:

In particular, the platforms that dominate our data in the digital age have stepped up their privacy-first policies in a big way.

Google is (finally) ending the third-party cookie in 2023. They are replacing it with a Privacy Sandbox. Although not a perfect solution, it is far better than the privacy-last policies they currently have. They have also implemented a lot of ways for consumers to get transparency and control over what data they share with Google and other brands.

Apple is leading the way with multiple privacy-protection features since App Tracking Transparency in iOS 14.5, which include:

  • Mail Privacy Protection protects your privacy by preventing email senders from learning about your Mail activity, your IP address or whether you’ve opened their email
  • Safari Intelligent Tracking Prevention now also prevents known trackers from profiling you using your IP address
  • App Privacy Report in Settings lets you see how often apps have accessed your location, photos, camera, microphone, contacts and more during the last seven days, as well as their network activity

As demand for privacy increases, so do the consequences of violating privacy. Not only are there fines from new laws, but brand perception and trust are at risk every time privacy is violated.  Trust is critical to everything a brand does, and according to the Edelman Trust Barometer it has become the second most important purchasing AND loyalty criteria while it is also at the lowest level recorded by their survey in over 20 years.

During the privacy-last era, consumer trust in brands was repeatedly broken when brands captured, sold, and abused data without consent – even though it was technically legal. To rebuild trust, brands need to change their strategies to be privacy-first instead of last.

What it means to be privacy-first

Becoming privacy-first means putting your customer desires for their data ahead of your own. It can be accomplished by following three principles.


Giving customers transparency means providing clarity on why data is needed, how it will be used, and how it will be managed.  When customers easily and instantly understand what data is needed for and why, they are more likely to share data and therefore start to build trust.  Ways to be more transparent include: using plain language privacy policies, stating what will be done with the data right now, giving customers information about where the data is stored and what they can do about it in the future, and delivering instant personalization with that data.


As browsers and operating systems give customers more options over how their data is shared and governments require choice in the form of opt-ins and cookie permissions, people are getting used to making informed privacy choices. Brands need to streamline these choices and make the experience of deciding when and how to share data more pleasant and intuitive. There is even a new term for personal data that is shared voluntarily and proactively with a brand – zero-party data.


Giving customers control means giving them the ability to change their choices at any time and to manage their own data. A  customer preference portal for example (image below) where people can access their data with a brand. Another would be enabling customers to turn off data-driven recommendations,AKA private browsing. Control is extremely critical for trust, because it removes the future concern around the various “what if’s” of a relationship. If you sign up for an email newsletter, you know you can always unsubscribe if it annoys you.  Giving people the same control over ANY brand experience requires giving them control over what data the brand has about them and their preferences.

Customer Personalization

Operating from these core principles instead of focusing on the bare minimum of compliance with privacy laws will make you privacy-first. Going privacy-first will keep you ahead of customer demands,which is more important in a digital-first world where the consumer can find any product in a few seconds and have it delivered in a few hours. Furthermore, it will help your business ultimately save money and grow faster.

Businesses grow with privacy

Going privacy-first will drive revenue because asking customers for their preferences directly and clearly gives you better data to drive personalization. 69% of consumers welcome personalization as long as it’s based on data they’ve shared with a business directly, not data brands have purchased elsewhere or obtained without user consent. 71% of consumers expect personalization, and it delivers 40% higher revenue for brands than non-personalized content according to McKinsey.

Additionally, it produces a better customer experience, and that increases the likelihood of a customer engaging with a brand, making a purchase, and staying loyal. Barbara Martin Coppola, Chief Digital Officer at IKEA, made a video that illustrates this idea perfectly.

Save money and reduce risk

Leading with privacy in your customer data strategy is also less expensive and more accurate than relying on analysis of behavioral first- or third-party data. Guessing what customers want via data analysis, intent detection, and applying AI or ML is expensive and will always have a significant chance of producing incorrect results.

I think by now we have all had an example of a creepy or unpleasant brand experience that came from incorrect assumptions. Steph Liu of Forrester cited an experience from a person who searched for information about their child’s auto-immune disorder, and then was served ads for funeral services the next day.

There is definitely a place for distilling insights based on customer behavior – Netflix, Google, Amazon and others have proven that. For critical information like customer needs, values, interests and other preferences; however, it is much better to simply ask than to make any assumptions.

In addition, building transparency, choice, and control into every data collection experience means you are building consent beyond what the law requires. This will reduce your costs to assess and manage compliance as well as your potential risk of a fine down the road.

Better for everyone today and in the future

Once privacy-first principles are more universally followed, it will pave the way for the next generation of data protection and privacy that the blockchain and web3 technologies enable. It’s easy to imagine a digital wallet where people can set global settings for how much data they share with which types of sites, how much they would expect in return for sharing data (in the form of various tokens), and allows them to instantly revoke all or part of their data from one central console.

During the #privacy-last era, #consumertrust in brands was repeatedly broken when brands captured, sold, and abused data without consent. To rebuild trust, brands need to change their strategies to be privacy-first instead of last. #respectdataClick to Tweet

When customers see that your brand is thinking of their needs before your own, that will instill trust and build a stronger relationship that will lead to loyalty and growth for the long-term. It also builds better experiences for all of us as customers, as the choice of whether or not to share data with brands becomes less stressful and more rewarding when the value we get out of it is clear and in our control.


Director of Product Marketing at Wyng