Data Privacy in 2024: Everything You Need To Know

With 26% of Americans having been victims of fraud in the past year, data privacy is more important than ever. To protect customers, governments around the globe have been enacting legislation aimed at keeping their data safe. As new laws and regulations go into effect, you may need to change your marketing strategies and be smarter with your customers’ data.

If you’re wondering how to tackle data privacy in 2024 without negatively impacting your digital marketing efforts, we’ve got you covered. Here, we break down the ins and outs of data privacy, including what’s new in 2024 and how it might impact your digital marketing strategy.

---

State, Federal, and International Data Privacy Regulations

Internationally, governments have been steadily enacting digital data privacy regulations since 2018, when the European Union implemented the General Data Protection Regulation. In the United States, however, consumer protections have primarily been left up to the states, which means laws will depend on where your customers are.

Even if you’re not located in Europe or in one of the states with strict data privacy laws, you’re probably required to comply with GDPR. Companies with a customer base that spans state or international borders will need to adhere to all data privacy regulations, regardless of where the business itself is based.

In other words, it almost never matters where your company is headquartered—if you want to reach every potential customer you can, you’ll be responsible for complying with most, if not all, data privacy regulations out there. 

General Data Protection Regulation (GDPR)

GDPR is a robust collection of data protection laws aimed at protecting European citizens from misuse of their data. The GDPR limits how you collect and use personal information, and there are limits to how long you can store it. 

In the words of the act, “regulation is an essential step to strengthen individuals’ fundamental rights in the digital age and facilitate business by clarifying rules for companies and public bodies in the digital single market.” The enactment of one single law for the entire EU was intended to eliminate “fragmentation in different national systems and unnecessary administrative burdens.” 

If you have customers or prospective customers based in Europe, you need to follow these guidelines to be compliant: 

• Full disclosure of what data you’re collecting, why you’re collecting it, how you share it, how you protect it, and how you store it
• Enhanced user control over how their data is used, including consent over whether or not companies can share it with a third party
• Mandatory compliance by all third-party vendors who access your company data

California Consumer Privacy Act (CCPA)

The CCPA is considered one of the strictest in the United States. If you do more than $25 million in gross sales with California residents, you are required to comply, even if you’re not located in the state. In 2020, the law was amended to include the following protections: 

• The right to know what personal information a business has collected and delete it if necessary
• The right to opt out of data sharing between companies
• The right to correct inaccurate information
• The right to limit how companies use and disclose sensitive personal information

In January 2023, California announced an investigation into mobile apps that don’t comply with CCPA, potentially impacting multiple companies. Some companies have been ordered to pay upwards of $1.2 million for unauthorized use of customer data, such as selling personal information without informing customers and not giving them the opportunity to opt out. 

Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act went into effect in January 2023 with the goal of protecting Virginians’ personal data. Like the CCPA, your business doesn’t have to be in Virginia to be impacted. If you conduct any business with residents of the state of Virginia and either process data from at least 100,000 users or make 50% of your revenue by selling and collecting personal data from 25,000 or more users, you will need to follow these regulations.

Under this law, Virginia residents have the right to: 

• Confirm if companies are processing their personal data
• Correct inaccurate information
• Delete their personal data
• Get copies of their personal data from companies
• Opt out of targeted ads

New York State Personal Privacy Protection Law (PPPL)

New York’s Personal Privacy Protection Law (PPPL) is aimed at regulating how the state collects and disseminates personal information. Under the law, New Yorkers have the right to: 

• Access personal records maintained by state agencies
• Correct inaccurate information

The law prohibits government agencies from collecting irrelevant personal information and requires them to notify people when their data has been collected. It also prohibits state agencies from storing data in secret banks or disclosing it without permission.

In 2019, New York also passed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). Under this law, companies have to protect customer security and confidentiality. It also protects biometric data, including facial recognition information, as well as email addresses and passwords. 

Other States

After a long period of unregulated data collection, more states are crafting privacy policies to keep up. In 2023, data privacy laws in Colorado and Connecticut went into effect, both of which offer similar protections as outlined in the CCPA. Under Colorado law, businesses have to display a privacy notice so customers understand what types of data are being collected and how each business is using it. Businesses are also required to offer a universal opt-out option.

Additional regulations are on the way as well. Utah’s Consumer Privacy Act (UCPA) goes into effect in December 2023, and Iowa’s Consumer Data Protection Act (ICDPA) takes effect in 2025.

The Health Insurance Portability and Accountability Act (HIPAA)

Some industries have their own data privacy laws. The most commonly known industry-specific privacy law is HIPAA, which applies to the health industry. It ensures, in short, that patients have control over how their personal health data is used and that patients own their personal health information.

Key Data Privacy Tools and Frameworks

With technology evolving rapidly, the right data safety toolkit is essential to stay on top of the latest threats to personal data. Add these tools and frameworks to your arsenal to keep your customers’ data safe. 

App Tracking Transparency Framework

If you have a company app, you’re required to use Apple’s App Tracking Transparency (ATT) framework for iOS versions. This allows your customers to easily opt out of data tracking. It also allows brands to be more transparent about how they’re using customer data while giving users a clear record of user authorization.

Store-Kit Ad Network (SKAdNetwork)

Introduced in 2018, SKAdNetwork is an Apple solution that helps you stay compliant with data privacy regulations by removing personal data before information is sent to ad networks. That means you would know someone downloaded your product, but you would not receive information about who downloaded it. Because you can’t see detailed user data, using this tool means you may need to shift your marketing focus from user personas to platform optimization.

Enhanced Tracking Protection

If your customers are using Firefox in Android, they can use Enhanced Tracing Protection (ETP) to protect their personal data by blocking third-party cookies. Other browsers, such as Safari and Google Chrome, use similar features to block third-party cookies. Even though Google Chrome, Safari, and Firefox are aiming to eliminate third-party cookies by the end of 2024, these tools are still useful for marketers to understand, as many customers will be using them to stay safe while browsing the web. 

Safari has its own privacy feature, Intelligent Tracking Prevention (ITP). It uses “on-device machine learning to block cross-site tracking” while still allowing websites to maintain functionality. It also ensures that the amount of data passed to third-party search engines is at a bare minimum while obscuring location data or cookies sent along with search data.

Google’s Privacy Sandbox

Google’s Privacy Sandbox was created to protect Chrome users by phasing out third-party cookies and reducing cross-site and cross-app tracking. The project — a collaborative effort between Google and web developers — offers multiple ways to protect customer data. 

One such development is Shared Storage, which allows sites to store and access cross-site data as long as it is read in a secure environment. 

Key Changes in Data Privacy

In 2024, businesses are expected to have a solid data management strategy. As a business owner, you can also expect to be transparent about how you’re using customer data. As data privacy laws continue evolving, there are some key steps you can take to make sure you’re complying with the majority of them. 

Consent

The majority of privacy protection laws require companies to give customers the ability to opt out of having their personal data collected and used for marketing. In the past, internet users had to adjust their settings to block cookies and other tracking tools. Now, you need to give them a clear option to give you permission to collect their data. 

Compliance

With California cracking down on mobile apps that don’t comply with CCPA, it’s only a matter of time before other states and governmental agencies follow suit. So it’s more important than ever to put safeguards into place to protect consumer data. Businesses need to carefully consider how they’re accessing, using, and storing data, as well as ensuring that data is only used for legitimate business purposes and isn’t stored for too long.

Data Minimization

Instead of collecting an abundance of data and sorting it out later, shifting legal requirements and customer expectations mean that businesses should aim to collect only the bare minimum data needed. For example, if you’re collecting data to create buyer personas, you might typically track a customer’s name, address, email address, and phone number. Minimize data collection by asking customers for their gender, age range, and zip code. 

You can also stay compliant by asking customers to supply their own data. Send out satisfaction surveys with questions about demographics at the end. This way, a customer can choose whether or not to provide you with their personal data. 

Artificial Intelligence and Security

As artificial intelligence continues to improve, you may want to use it to optimize parts of your business, but it’s essential to use these tools securely.

AI systems can collect large amounts of personal information. If customer data is swept up by nefarious actors using an AI program, or if legitimate company AI programs are compromised, customers could be put at risk. Secure communication tools and tools such as encryption, access controls, and other cybersecurity measures can help keep your customer data safe from AI. 

All these changes can impact your digital marketing efforts, including how you target and redirect your ads. Since you may not have access to granular levels of customer data, you may find yourself becoming more creative about how you’re targeting potential customers.

Non-Discrimination

Data privacy laws also protect customers from retaliation for protecting their privacy. Companies caught up-charging customers who won’t provide their data or offering special deals to customers who do provide their data might find themselves in legal trouble — not to mention dealing with damaged customer relationships.

Data Privacy in 2024: What’s Next? 

With more governments enacting laws to protect consumer data, an estimated 75% of people across the globe will be protected by some kind of data privacy regulation in the coming years. Regardless of where you do business, you need to stay on top of data privacy laws to protect yourself from these issues. 

As you adapt to the world of compliant customer data collection, you can get creative and find new ways to connect with your customers. By changing up your marketing strategies now, you will be prepared as more data privacy laws go into effect throughout 2024 and beyond.