Video marketing

Data Privacy in 2021: Everything You Need to Know

You’ve read the press releases, you’ve seen the full page ads, but as we slowly progress through this dynamic new year you may still be asking yourself what’s actually happening with the future of data privacy? To put it mildly: a lot.

Not like you needed an extra thing to feel anxious about this year, right? Between Google sunsetting the third-party cookie, and the April 2021 iOS14.5 update, users have more transparency than ever before into how their personal data is collected and shared. These data privacy changes have given consumers considerable autonomy over the information third parties can collect and use, automatically opting users out of tracking.

These are well overdue protections for individual consumer data, but if you’re a marketer who relies on hyper-relevant targeting to reach your core audience, your job is going to get more complicated. 

The granularity you’re used to is going away. With decreased targeting capabilities, you’ll need to reframe your positioning and creative approach to appeal to a wider audience while still driving action. Upper-funnel targeting will become far more important because you’re unlikely to know whether you’re reaching someone for the first time, or the fiftieth.

Not sure what to do about it? You’re not alone. That’s why we’ve created these resources for you to better wrap your head around all of the ins and outs of this dense topic to help you discover ways to run high-performing video campaigns (and learn about your audience) while staying privacy compliant.

Check out the resources below and then keep reading for a primer on the data privacy regulations that are reshaping the world of marketing.

State, Federal, and International Data Privacy Regulations 

If you’re new to the complex world of data privacy, you may at first feel lost because of the shorthand vocabulary that dominates discussions. Marketers use a lot of acronyms and conversations around data privacy are especially stuffed with them. 

We’ve divided this glossary into two sections, the first covering terms related to state, federal, and international regulatory data privacy acts. The second focuses on terms related to the varied privacy-friendly solutions that are being developed to combat the loss of granular tracking.

These core definitions should keep you oriented as you navigate the nuances of data privacy.

Learn More: Social Media Video Ad Specs & Placements Guide

General Data Protection Regulation (GDPR)

The GDPR limits the ways organizations can harvest and commodify personal data of European Union residents. The primary goal of the GDPR was to “harmonise” data privacy laws across the European Union to provide greater protection for individuals by modernizing the ways organizations collect and handle data from their consumers.


California Consumer Privacy Act (CCPA)

This act secured new privacy rights for California residents. Like the GDPR, whether or not

your organization is located in California, businesses are now required to comply with CCPA regulations if they collect any personal data from California residents. 


California Privacy Rights Act (CPRA)

This act helps fix loopholes left in the CCPA, like redefining the definition of businesses to exclude small and mid-sized businesses and focusing on larger enterprise entities that collect

massive amounts of data. It also updates the right to opt-out to directly regulate cross-site advertising and offer more transparency to consumers about how personal data is shared across websites, applications, and services. 


California Privacy Protection Agency (CPPA) 

A supervising agency established by the CPRA that ensures businesses comply with both CPRA and CCPA regulations.


Virginia Consumer Data Protection Act (CDPA)

In March 2021, Virginia became the second state to enact sweeping data privacy regulations with the Virginia Consumer Data Protection Act (CDPA), granting its citizens more control over their personal data. The CDPA applies to any businesses that control or process data from at least 100,000 users, or that sell and collect personal data from 25,000 users while making 50% of their annual revenue from these personal data sales. 

There is no monetary threshold for which businesses must remain compliant. That means that even large scale enterprise organizations will not have to be compliant with the CDPA so long as they do not fall under the act’s applicable rules.


New York State Stop Hacks and Improve Electronic Data Security Act (SHIELD)

New York’s SHIELD Act is the East Coast version of California’s Consumer Privacy Act. The act clones many of the same frameworks that make up the CCPA and the GDPR, but it is markedly different. Where the CCPA is a data privacy law, the SHIELD Act is a security regulation that amends the state’s data breach disclosure law. This broadens the scope of what a data breach entails to include any unauthorized access to private and/or personal information.

The SHIELD act also makes significant changes to the definition of private user information. It expands protections to biometric data, like thumbprint and facial recognition, as well as user email addresses, passwords, and security questions.


Information Transparency and Personal Data Control Act

A proposed U.S. federal data privacy regulation whose goal is to provide the nation with fair and thoughtful digital consumer rights by developing a digital privacy framework that complements current global standards set by the GDPR. 

The timeline overview of Data Privacy Changes

This timeline shows how data privacy has changed over the last five years

Key Data Privacy Tools and Framework

Apple’s Identifier for Advertisers (IDFA)

An identifier that tracks user activity across different apps on an iOS device.


App Tracking Transparency (ATT)

An iOS14 feature that requires users to manually opt-in to sharing their device’s IDFA.


SKAdNetwork (StoreKit Ad Network)

An alternative, privacy-oriented solution from Apple for tracking user data outside of the IDFA. On the SKAdNetwork, when a user clicks on an ad that leads to an app download, that data is stripped of any user-level or device-level data before being sent to the ad network where it can be accessed by the advertiser. The SKAdNetwork will tell app developers when their product is downloaded, but it does not provide information on any other event that results in a conversion.


Enhanced Tracking Protection (ETP)

An anti-tracking feature for Firefox that blocks, by default, third-party cookies on their browser.


Intelligent Tracking Prevention (ITP)

An anti-tracking feature for Safari. In its initial iteration, the feature forced trackable domains to purge third-party data after 30 days of inaction. Since then, the ITP has been iterated on multiple times. In its most recent update in March 2020, the ITP fully blocked third-party cookies on Safari, as well as on all iOS devices.


Google Privacy Sandbox

Google’s proposed solution for limitations on granular tracking where non-identifiable data is stored inside the Chrome browser. They replace the cookie with five APIs that collect aggregated data, like Conversions and Attributions. 


Federated Learning of Cohorts (FLoC)

One of the five APIs in the Google Privacy Sandbox. This API offers an alternative to interest-based targeting where businesses focus on a large cohort of users, rather than individuals. With its machine learning algorithm that stores data in the browser, FLoC develops these cohorts based on the sites that an individual user visits, the content of those pages, or other factors. No individual data is shared, only the anonymous cohorts FLoC generates.


Two Uncorrelated Requests, Then Locally Executed Decision On Victory (TURTLEDOVE)

Another one of the five APIs in the Google Privacy Sandbox, TURTLEDOVE is a long way of saying “a solution to retargeting”  With TURTLEDOVE, advertisers can program codes on their site that assign users to specific interest groups for the purposes of retargeting. When serving an ad to these users, two requests for ads are sent: one that’s based on the interest group, and the other on the context of the website they visited, but not tied to any other browsing data. 


First Locally-Executed Decision over Groups Experiment (FLEDGE)

Essentially, FLEDGE is the first test-run for TURTLEDOVE, allowing Google the opportunity to try out it’s core functionality before integrating into the Privacy Sandbox.


Data Privacy in 2021: What’s Next

The fact is that creating high quality marketing videos that perform can be costly and time-consuming. But with thorough pre-production planning—and a discerning eye—you can keep production costs down so you can turn what you want to do into what you can do.

Fortunately, producing a video has never been more affordable. And as the appetite for video intensifies, being able to affordably generate a stream of new and relevant video ads will make your brand stand out in a rising sea of competitors. 

But there’s another way to make your production process more efficient: QuickFrame’s production marketplace. We streamline the production process by connecting brands from every industry with professional video content creators and video production companies that can produce scalable ads at a low cost of video production

It’s not too good to be true – it’s just how we do business.

We’ve taken the mystery out of performance marketing. No surprises. No out-of-control costs. No more guesswork. Learn why we’re so different.

Driving eCommerce with Video

Related Articles

Video marketing

Establishing Shots #4: Bruce Tetsuya

May 25, 2022
Video marketing

Video Production Planning Checklist: 15 Keys to Success

May 24, 2022
Video marketing

TikTok is the Real Pivot to Video Moment

May 19, 2022
Video marketing

How Brands Celebrate AAPI Heritage Month

May 18, 2022

Do More with Video

Learn how we can help you produce more quality videos affordably and at scale.