Dasha working on a website at her laptop with a coffee.

Privacy protection is a growing issue for legislators in many countries, and Canada is no exception. With digital platforms and tools able to collect more information than ever before, countries need to be sure that users’ data is being collected and used in an ethical and safe way. Currently, Canada is drafting a series of acts for protecting personal information and data, including the Consumer Privacy Protection Act (CPPA) to replace the PIPEDA. While it is still only in its second reading, it will likely be enacted this year with minor changes. User information and data are vital tools for marketers, so they need to understand this new privacy landscape. We explain how privacy regulation is becoming more prominent and what marketers need to know and consider.

A Surge in Data and Privacy Regulation

In recent years, there has been a wave of new digital privacy regulations with a slew of acronyms. One of the first major acts was the EU’s General Data Protection Regulation (GDPR) in 2018. Since then, many members of the EU also revised or are drafting their own privacy acts. Outside of Europe, Canada is just one of the many nations revising and updating their own digital privacy legislation. Australia is also drafting its own, while India is currently voting on the Digital Personal Data Protection Bill (PDPB). Brazil passed its own Brazilian Data Protection Law (LGPD) in 2019. In the U.S., numerous states have enacted and are currently drafting their own legislation.

Privacy Legislation in Other Provinces, States, and Countries

All those different acts are important for marketers and businesses. If operating and potentially collecting data from users internationally, they need to be sure they are following that nation’s privacy laws. That’s still something to consider even when working within Canada. Most places in Canada are subject to both federal and provincial law. While the federal government is still currently working its way through the legislative process for the Digital Charter Implementation Act, 2022, individual provinces like BC and Quebec have already passed and updated their own provincial legislation in anticipation. This is a similar situation for the EU, where each member can have its own privacy legislation in addition to the GDPR, e.g. Germany. It’s slightly different in the U.S., which has no overarching data protection and security law. Instead, individual states, such as CaliforniaVirginia, and Colorado have enacted their own privacy laws. 

Most of these data protection laws are being drafted with similar considerations for individual privacy. However, different countries and regions may have important differences or restrictions/allowances for certain industries. If a marketer is ever working with user information from these areas, it is best that they familiarize themselves with any specific requirements. 

Platform Regulations and Policy

These national, provincial, or stated requirements exist alongside any additional privacy policies set by other companies, such as Apple. Many of the platforms used for marketing, such as MetaGoogle, or Klaviyo also have their own policies about how data is collected and used. In turn, those platforms must also follow legislation, or else face serious fines. While breaches in these policies might not result in legal action for a business, they can result in their suspension or removal from the service. That can severely impact a company’s marketing opportunities as well as their and a marketer’s reputation.

What Does This New Privacy Landscape Mean for Marketing?

The CPPA is meant to protect users and ensure their right to control their information. If marketers are already treating user data with the care it deserves, then they will see little changes to their current strategies. However, there are some specifics of Canada’s new CPPA that marketers should remember:

  • Valid Consent: A primary concern of the CPPA is that users must provide valid consent for their information to be collected and used. This still includes the idea of “implied consent”, but only in instances where the information is necessary.
  • Plain language: One of the biggest facets of the CPPA is clear communication. Whenever requesting consent, a business will need to include a full explanation in “plain language” that details what, how, and why information is being collected, stored, and used. Thankfully, communication and writing in plain and clear language is a standard marketing expertise.
  • Revoking Consent: The CPPA will require that users can easily revoke their consent at any time and have their data disposed. Whether that information was collected via a website, through email, or on social media, marketers and data managers must be prepared to remove that information.
  • Explaining the Algorithms and AI: Since artificial intelligence and algorithms are becoming more advanced, the new CPPA will require organizations to be transparent about how user information is being used with algorithms and more complex learning models to generate content such as personalized messaging.

How the New Legislation Helps Marketers

Those new requirements might make data collection more difficult and affect your metrics. However, it will also help marketers navigate this new privacy landscape. Once legislation passes, the Privacy Commissioner of Canada will create a new accessible list of best practices. This already exists for previous acts, such as the Digital Privacy Act. These parse through the legislation to provide guidelines in clear and directed language for how marketers and organizations should follow the new legislation. This is valuable for marketers since it is a comprehensive list for their own reference. These best practices are also great support documentation to show clients what the requirements are and why.

The Changing Landscape of Privacy

This new legislation in Canada and other nations are creating a new privacy landscape. However, most of it will be familiar territory to marketers already following these best practices and collecting and using data information honestly and ethically. When the CPPA finalizes later this year, we will have a full sense of its requirements and specifications. For now, if you want to ensure your marketing and data collection is prepared for these oncoming requirements, contact our marketing team.

Apple Privacy Policy Affects Small Business'

Pumpkin Spice season approaches, and that means the next iOS is right around the corner. Just like the last couple updates, Apple has announced a repertoire of new privacy features for iOS 16 to help protect users’ privacy. Android 13 released just yesterday with some new privacy features as well but for now is still behind Apple. Data protection is important for users, but how does it affect the metrics you collect for effective of your marketing?

Data Collection and Privacy

The data you receive from consumers, users, and your audience is incredibly informative. Information like what products someone views or what pages someone visits, allows you to tailor your promotions or content to their interests. It lets you communicate effectively and efficiently. It shows you what marketing is working and what is not. All of that can help your company grow. That data and the metrics they create are incredibly important for your business, but for users, that data is also precious. It is something they trust you with, and they do not want that trust and their privacy breached. 

Data privacy has become an increasing concern on the internet. In a KPMG survey from last year, 86% of users were concerned about their data’s privacy. That worry is valid. The past month saw a dozen security violations with large corporations. A mother and daughter were recently shocked and angered when Facebook gave Nebraska police their private message logs. User information is not just a shopping cart or wishlist. It also includes more sensitive, personal information like messages, emails, addresses, and credit cards that users are regularly providing businesses. In turn, many nations and the European Union have passed legislation that restricts when, how, and what kind of data companies can collect. The FTC in the US announced just five days ago that it would be “cracking down on commercial surveillance and lax data security practices.” Software developers and device manufacturers like Apple have also been increasing the default privacy protections they provide. This is great for users’ security but affects the kind of information you can collect and how. 

Apple Privacy – Mail Privacy Protection

Last year, Apple released Mail Privacy Protection (MPP) as part of iOS 15. MPP hides users’ IP addresses so senders cannot see their location, related internet activity, or even whether they opened the email. That’s all potentially valuable information for a business or marketing team. Android lacks a similar feature, but in Canada, over 57% of people are using iPhones. In email tracking services, MPP can also falsely inflate your open rates. Any inbox with MPP active will be recognized in the tracker. However, MPP can open an email without the user ever actually opening and seeing the email for themselves. Unfortunately, a tracker cannot tell the difference whether this was an MPP “open” or your recipient’s. 

Those false positives lead to bloated open rates and a false, larger discrepancy in open-to-click rates. Most email services will allow you to ignore MPP opens, and it is best to do so. They are simply not a reliable or informative data set. Remember, MPP only affects open rates. Your click rates will still be accurate. Focusing on those clicks will allow you to keep track of your engaged audience and ensure your catering to their interests and preferences.

MPP will still deny other information that may valuable, such as location and other internet activity. The goal then, is conversion rates: getting recipients to visit your site, where they can provide you with more information. 

The End of Third-Party Data

The information users provide to your site when they access and use it is first-party data or cookies. This is any information you gather from your customers directly. For the past while, internet advertising has relied primarily on third-party cookies. Third-party data works through websites sharing information between one another. This is how Google Ads and Meta Business (Facebook and Instagram advertising) work. They use a user’s wider internet activity to target them with appropriate ads according to their browsing history. This is why if you put something in your cart on one site, you might suddenly start seeing ads for that very product elsewhere or even everywhere.

More recently, marketing has started moving away from third-party cookies. Some internet browsers have started blocking these trackers by default, like Mozilla Firefox and Safari (remember that 57% market share of Canadian phones?) Apple and Android have similarly been allowing users to block tracking in apps. Notably Google Chrome, which 65% of people worldwide use, still allows third-party trackers. Google has said they will also be blocking them for the past two years, but last month again delayed those plans to 2024. Third-party ads are still an important part of Google Ads, which makes up 80% of the company’s revenue. Similarly, Facebook advertising is a staggering 98% of Meta’s revenue. Those same ads have also been especially important for small businesses. The move away from third-party ad targeting is and will more severely affect smaller businesses that have relied on them to grow and reach potential customers and clients. They will need to invest into new marketing efforts.

Leaving Third-Party Data Behind

So, while third-party cookies will still work for targeting Chrome users, companies should also focus their marketing on first-party data. Your emails and websites can still gather valuable information about your audience and customers as the world moves away from third-party data. As a result, marketing should focus on converting customers. Creative marketing on social media is a productive method for attracting and expanding an audience and convincing potential customers to visit your website. Effective email automations will have customers regularly returning. Fun, survey quizzes with a bonus discount code are a great incentive for customers to provide you with more detailed information.

Rosewood Can Help 

Currently third-party tracking can still prove beneficial for small businesses, but they will see increasing decline in ROI in this sector as Apple and other companies increase dedication to privacy. Rosewood recommends every business start investing into first-party data collection with effective social media, tailored email automations, and creative content that drives conversion rates. 

Rosewood’s web design and marketing services will make sure you are collecting and effectively using that precious data from (potential) customers. We will soon be officially offering email marketing services as well. We are familiar with a suite of both third- and first-party tools and services so you can learn more about your customers and help your business grow in the face of increasing internet privacy. With an elegant website and effective marketing, users will want to trust you with their information.

New Privacy Policy Changes Information Gathered From Customers.
What your small business in Ontario needs to know about local cookies and 3rd party cookies - what are website cookies

It may feel like talk about GDPR and Cookies came out of nowhere, however, these have been ongoing major issues for a long time. Regulation is finally catching up with the ever-expanding online world. Learn what they are, what they do, and if you can block them. Here are the basics every small business owner in Ontario should know about Local Cookies and 3rd Party Cookies.

Know the Basics: What are Cookies and What Do They Do?

When we’re talking about website cookies, we’re not talking about the delicious chocolate chip variety. Cookies are used to track and remember website visitors. Technically speaking, cookies are tiny bits of code that are placed in the browser of your computer so that a specific website may remember your specific computer.

Local Cookies vs. 3rd Party Cookies

Cookies are split into local cookies and 3rd party cookies. I will explain the differences between both further on.

Local Cookies are cookies used on and by a specific website to enhance user experience.

They can have a variety of uses such as:

  • Remembering items in a Shopping cart (e-commerce)
  • Recording that you’ve already exited a pop-up and not to show it again
  • Tracking sitewide search results to show you similar products (e-commerce)
  • Analytics Data (most websites use an analytics tracking tool, we’ll talk more about this below)

3rd Parties use cookies to track visitors’ use of their apps or extensions. If you’ve ever watched a video on a website, YouTube or Vimeo has likely been tracking your cookies.  3rd Party Cookies include:

  • Video streaming services (YouTube, Vimeo, etc.)
  • Sound streaming services (Soundcloud, etc.)
  • Google Adsense (Google Ads)

Here is an example of Google Adsense’s Cookies description:

“AdSense uses cookies to improve advertising. Some common applications are to target advertising based on what’s relevant to a user, to improve reporting on campaign performance, and to avoid showing ads the user has already seen. Cookies themselves contain no personally identifiable information. Depending on the publisher’s and the user’s settings, information associated with cookies used in advertising may be added to the user’s Google Account.” – Source Google AdSense

Please keep in mind that to check your preferences, especially with search engines like Google & Bing and carefully choose which information to share.  The same goes for Social Media streams like Facebook and LinkedIn.

Can You Block Cookies?

While it is possible to block local cookies, less than 5% of users choose to.  Why? Because it makes using the Internet very difficult.  You will not be able to use any website that requires you to log in (Hotmail, Gmail, stores you may have an account with, etc.) as these websites all track your personal preferences to cater the experience to you specifically.

Blocking 3rd Party Cookies however is very simple and typically has no adverse effects. To block 3rd Party Cookies you will need to look up instructions specific to your Internet Browser (Chrome, Firefox, Safari, etc.).

Do You Know What Information Your Small Business Website is Collecting?

As a small business owner, you really should know the answer to this question, however the answer is likely, no.  We may think about what information we provide to websites we visit, however we rarely think about what our own site may be collecting.

To see what information your websites collect, my clients can email me for a detailed report. Otherwise, you can use this free tool at your discretion. Keep in mind, it is likely tracking your information too! Here is a free Cookie Checker.

I hope this article helped shed some light on Cookies; what they are, how to block them and how to check if your small business website is using them.

For more tips like these you can follow us on FacebookTwitter, and LinkedIn. Don’t forget to sign up for our monthly newsletter as well for more education and inspiration!