Re-thinking digital strategy for the age of compliance


5 min read

Posted by Fergal McHugh on November 24, 2020

Re-thinking digital strategy for the age of compliance

For anybody working in, or with, digital technology — and today who isn’t? — there is sense that a sea-change is underway. I am not simply talking about the transformative boost digital has received from a global healthcare crisis. In 2020, for a great many organisations, digital transformation looks less like an interesting hobby and more like a strategy for survival. But well before the pandemic, the centrality of digital technology to business and to our lives was driving increased regulative scrutiny and also, a new sensitivity in consumers to how their information was being collected and used. This combination of regulation and privacy-active consumers is resulting in a vastly different digital world, with serious consequences for how organisations interact with their customers using digital technology.

The adoption of the General Data Protection Regulation (GDPR) by the European Union broke the spell on a long period in which it looked like regulators had little interest in what organisations did with the data they collected on digital platforms. Even if that perception was mistaken, for anyone involved in digital marketing there was a sense of working in an effectively unregulated area only limited by technical possibility. Post GDPR, things look distinctly different. And more recently a string of Court of Justice of the European Union (CJEU) decisions with respect to tracking technologies and social media plugins has had significant consequences for how digital marketers practice their trade. It is increasingly essential for digital professionals to understand the laws tasked with regulating their practices, at the peril of legal enforcement, costly litigation and damage to reputation.

While the major platforms continue to devote considerable amounts of capital to fighting digital regulation most organisations will not be in a position to materially influence the shape of future policy. But the interaction of platforms and regulators is more complex than it looks. In fact, we are already seeing the major players speed on ahead of the regulators to set their own agendas, and sometimes going a great deal further than the regulations require. So, what do regulators and industry have in common? They are both feeling a renewed consumer pressure to see privacy become an integral part of the online experience!

At least one source of this consumer pressure is changing attitudes to privacy. Research into the digital preferences of the so-called Generation Z indicate that contra the standard narrative, they are more privacy conscious is generally assumed, and may be on the brink of reversing a privacy-agnostic trend noted among millennials. If we look at some recent market changes, the plans to phase out of third-party cookies by the major browsers, Facebook’s limited data use or Google’s proposed “Privacy Sandbox” — these all reflect industry ambition to make sure that tomorrow’s consumer doesn’t withhold their clicks of privacy concerns. The “Privacy Sandbox” is a toolset tasked with deliver a targeted ad capability without the privacy violations. Time will tell what these shifts really mean for practice, but they are strong indicators of the shape of things to come. What is certain is that If we look at the trends both in terms regulation and evolving consumer attitudes the writing is on the wall with respect to the personal data free-for-all. To resist these trends is to attempt to push back the tide. And we have good reason not to; privacy-sensitive digital marketing will benefit all of us.

The burning question for an organisation framing a digital strategy today is how negotiate this brave new world of privacy-focused digital communications and marketing. It is too early to make definitive pronouncements on what the new status quo will be like, however in the meantime here are some admittedly provisional principles that will support a compliance-compatible digital strategy.

Buy EU

Based in Ireland with a primarily Irish and European customer base I am primarily concerned with the European context of this regulatory transformation. As such at the core of any digital strategy today I advocate a new brand of EU exceptionalism!

Collect and store your data in the EU. Buy EU products and services. Avoid non-European data outflows. One reason why this strategy might be the right one is the troubled history of Safe Harbor and more recently Privacy Shield. In fact, the invalidation of privacy shield leaves many organisations in the dark about the legality of the data they are exporting to the U.S. It is better to avoid such exports until a clear picture of how this might be legitimately conducted.

Get a clear view of your current activities

Many organisations simply don’t know what they are doing; they don’t have unified, perspicuous view of their territory. In the post-compliance world, it is essential — both legally and operationally — that organisations master their territory.

What I tell our customers is that you need to understand your tracking landscape, where your data comes from, and where it’s going. And this means understanding your tool set and actually just as importantly understanding your internal teams and your vendor environment. How are these tools being used, and for what purposes, and who is ultimately using them? Organisations need to audit their vendors, trace down along the chains of subprocesses, understand what those vendors do with customer data. They need to insist on Data Protection Contracts.


If this seems like it is going to make life very difficult for organisations who want to see more speed, more efficiency and more effectiveness from their digital marketing teams, rather than seeing them slowed down and hampered in reams of red tape then another piece of strategic advice is to simplify. Only collect data when you need to. Instil that culture across the organization and out into your vendor environment. A simplified approach is a curated approach. Work with a curated set of tools and a curated set of vendors. Make the job of compliance easier by reducing your overall risk profile.

Go native

Aligned to the EU approach is a broader potential for bringing things back into the family. Cultivate your own digital capability. First party data is king. And you avoid the risk of becoming joint controller with organisations whose business is not transparent to you, whose processes you neither know nor understand. Today’s best Digital Experience Platforms have significant tracking and targeting capabilities and if you work to cultivate the trust of users, they are far more likely to share important information with you.

Rethink targeting

It is increasingly clear that the benefits of targeting based on the personal data are overstated. This has meant that the success of “contextual” approaches which rely on serving ad content relevant to what is on the user’s screen at that time. In post-compliance digital marketing we are likely to see more “contextual” approaches which consider advertising as part of a broader, more integrated concept of the user experience. There are alternatives to personal data driven targeting. Explore them!

Since 2002 we design and build the platforms that help organizations accelerate and secure their investments in digital. If you need help designing your compliant and sustainable digital strategy and making web work for you – our team will be more than happy to help, contact us today.

About the Author

Fergal McHugh
Fergal McHugh

Fergal McHugh is Head of Strategy at Arekibo. He is responsible for overseeing Arekibo’s innovation and growth strategies.