14th Floor, Roppongi T-Cube,
3-1-1 Roppongi, Minato-ku,
Tokyo 106-0032 Japan View on Google Map


Future Prospects of Privacy Regulations and Actions Companies Should Take


The time has come for companies to rethink their raison d’etre, starting from what message they really want to convey through advertising. Digital marketing, which has flourished along with the Internet, is now at a crossroads. This is because of technological and legal restrictions on acquiring and using personal data, most notably cookies. This change forces all businesses that employ digital marketing to make a significant decision.

Growing awareness of protecting human rights concerning personal data

Products that users have checked out on the company’s site are also posted as advertisements on other companies’ sites to encourage purchase. Or the company’s services are proposed based on the user’s search history and location information. These have been some typical examples of how digital marketing works. But the days of such techniques are counting. Apple already banned third-party cookies in its “Safari” browser in March 2020, and Google is expected to follow suit with its “Chrome” browser in 2023.

A cookie is a technology that identifies the individual browser accessing your site. A third-party cookie works the same way, except it is a kind of cookie passed to you by an external entity, a third party.

Digital marketing companies have been trying to understand users’ individual behavior by combining their own cookies, called first-party cookies, and multiple third-party cookies. But that approach will soon be deprecated.

First and third party cookies.

One of the reasons Apple and Google made these decisions that seemingly tie themselves up is the growing distrust against US-based platforms, especially in Europe. These BigTech platformers have made our lives more convenient, but many are uncomfortable seeing them collect and use personal data to profit in a monopolistic manner. Europe has long been a human rights-conscious region, and the rise of platformers provoked widely and deeply entrenched notions such as “my data is mine” and “digital privacy is a part of human rights.”

Companies are required to act in an ethical manner

In line with these changes in user awareness, the laws and regulations of various countries have also changed. Rules regarding the handling of personal information are becoming stricter and stricter every year.

The most prominent case is in Europe, where the General Data Protection Regulation (GDPR) came into effect in 2018. It was enacted as a special law to the EU Data Protection Directive (Cookie Directive), which came into force in 1995 and provided stricter protection for personal data and privacy. A similar trend is taking place in the United States. In California, where Silicon Valley is located, the California Consumer Privacy Act (CCPA) came into effect in 2020.

GDPR, CCPA, Personal Data Protection Act.

In Japan, the Revised Personal Information Protection Law will go into effect in April 2022. After the enforcement, information that has no association with an individual by itself, such as cookies, search history, and location information, will also be subject to regulation, in addition to personal information such as name and address, if used to associate with an individual.

The nature of this tightened regulation is the same as GDPR and CCPA, but an incident in Japan triggered the move. In 2019, a business that matches individual users with companies provided its clients with proprietary scores calculated from cookies and browsing history obtained without the users’ permission. Although the scores provided by the company did not include any personal information, it turned out that the clients who received the score could easily identify individuals from the data using a specific technique. Therefore, although not illegal, it was considered an inappropriate service that deviated from the law’s intent, and the offending business received a recommendation from the Personal Information Protection Committee of the Cabinet Office.

Even in Japan, where awareness of human rights is not as high as in the West, such use of data made many users feel “uncomfortable” that their data and history could be exploited in unexpected ways. As a result, the Personal Information Protection Law was revised to regulate the corporate excesses in light of these users’ feelings.

There is no clear answer about what kind of use is acceptable to users and what is not. It is as if there is a yardstick but no scale. As a result, companies can get under fire easier than they think, in unexpected ways.

Users checking corporate data protection.

In the post-cookie era, businesses should stop looking for loopholes and relying on personal data

With the changes in laws and regulations and the heightened awareness of privacy among platformers and users, it is time for companies that have handled personal data for their business in the past to rethink how they manage it.

First, cookies acquired from third parties are expected to lose their usefulness due to Google and Apple. If you want to continue using cookies for marketing, the rules require you to obtain users’ permission to acquire and use them. Not only that, care must be taken in how you get consent. If you tried to get permission in a way not transparent to the user, you might be criticized for such a stance, even if it is not in violation of the law. Furthermore, following the lead of Europe and the U.S., Japan is likely to tighten regulations on the use of cookies and other personal data further in the future.

One of the alternatives to using cookies is to adopt Google’s newly developed FLoC. The technology does not target individual users but groups of users with similar online behavior. However, since it does not identify individuals, it is expected that targeting will not be as accurate as it has been in the past. Furthermore, it is highly likely that this FLoC will eventually be subject to legal regulations and self-regulation by Google. The mechanism of giant platforms monopolizing personal data stays the same. Therefore, the interpretation of the law’s intent may expand to “data indicating membership in a particular user group is also part of human rights.” As long as companies continue to use personal data, they can’t escape from a situation of keeping up with changes in laws and regulations, platformers, and users.

The only way to put an end to this game is to make the decision not to use personal data. For example, one option is to adopt a statistical analysis called Marketing Mix Modeling (MMM). This method requires neither personal data nor large amounts of sample data and can analyze across multiple media and channels, such as TV commercials and OOH ads. It has been adopted by companies abroad since the 70s and has a good track record. By shifting to this MMM, there is no need to be oversensitive to changes in platforms and rules, no need to struggle with penalties and responses when you fail to comply, and no need to worry about being mistrusted by users in the first place. You can also escape from the platformer’s control. It may be a bit esoteric, but it is solid and clean in the long run. The sooner you move away from digital marketing that relies on personal data, the smoother and less expensive it will be.

Advantages and disadvantages of the cookie alternative.

The cookie issue is a management issue, not a marketing challenge

Until now, digital marketing has relied on obtaining personal data and then using it as a guide to chasing users around online. Such online technology has enabled marketers to practice one-to-one marketing that was traditionally difficult to do offline.

With this ability to easily quantify and understand the behavior of users, marketers have horned various ad-hoc techniques to benefit from. Some undoubtedly have worked and led to purchases. However, the success is remarkably narrow-scoped. These users may have purchased the product anyways without you chasing them around. Or others became fed up being followed and developed a negative impression of your company and left. It is time to see the big picture and reevaluate whether one-to-one digital marketing is still the best marketing approach.

Marketing is not all about getting people to buy something. It is about moving the hearts and minds of those you engage with and encouraging them to discover something new. Sometimes this discovery leads to an immediate purchase, and sometimes it does not. However, in the original spirit, marketing should embrace such gradation and accumulation of efforts to move people’s hearts and minds. Advertising should not be just an intrusive sales pitch.

Actions required of companies amidst the trend towards stricter personal data protection regulations.

At first glance, Apple’s and Google’s policy changes and the successive amendments to the law seem to reduce the degree of freedom in digital marketing significantly. However, from a different perspective, it can be seen as an opportunity to move away from excessive targeting and revisit your company’s purpose, starting with questioning what message you truly want to convey through advertising.

At the end of the day, it is rather a management issue and not a challenge your marketing department alone should deal with. Only a company that sees this issue seriously will be able to survive and be supported for a long time without making users feel “uncomfortable.” On the other hand, companies without such a perspective will be forced to exit the market.

Director, CFO and General Manager of Corporate Division, XICA Co., Ltd Masaru Sugiyama

Masaru Sugiyama

Director, CFO and General Manager of Corporate Division, XICA Co., Ltd.

After graduating from Waseda University in 2010, he joined Goldman Sachs, where he worked for ten years as an analyst in the Internet, Gaming, Broadcasting/Advertising, and Consumer Electronics sectors. In 2016, he became Vice President of Investment Research at Goldman Sachs. He joined XICA in June 2020 and currently serves as Director, CFO, and General Manager of the Corporate Division.

Takeshi Fukushima General Manager, Legal Department, Corporate Division, XICA Co., Ltd.

Takeshi Fukushima

General Manager, Legal Department, Corporate Division, XICA Co., Ltd.

Takeshi graduated from Waseda University School of Law in 2013, registered as an attorney in 2015, and is currently a member of Kollect Partners Law Office. As an attorney, he has assisted social businesses, securities compliance, business development support, and corporate crisis management. He joined XICA in July 2021 as the head of the legal department.

[Design] Noboru Tanaka

[Planning and Editing] Yuko Kawabata (XICA)


#Cookie #MMM #Privacy

Recommended for you