Personalization in the new privacy era

PersonalizationBy Juliana Amorim

If you face the dilemma of personalization in the new privacy era, you are not alone.

It's likely you already stumbled upon a few reports indicating that consumers wish brands to deliver a more personalized experience, offering products and services that fit their needs. And yet, at the same time, there is a growing concern about how companies are using personal data.

Some call this the privacy paradox: the apparent mismatch between customer apprehensions about privacy and the actual online behavior.

In this blog post, we'll show you how to manage this paradox and guide you through the process of personalizing your customer experience while still respecting their privacy.

These are some of the topics we'll cover:

How many data protection laws are there today?

Many data protection laws are in place today, rooted in the idea that the control of personal data is a fundamental right and should be protected. What usually drives the implementation of these laws is the increased digitization of the economy and the growing impact of data breaches. By the time we wrote this article, almost 80% of all nations had data privacy regulations.

The GDPR (General Data Protection Regulation), a regulation from the EU, was the precursor of these laws, and served as a model for other countries to create or revise their data protection laws. Besides preventing information misuse, the fundamental purpose of data protection laws is to provide users greater control over the collected and stored personal data.

The legal bases

Most of these laws define legal bases to regulate the collection, processing, and storage of such information, which directly affects digital marketing and personalization.

Some of these legal bases are:

  • Consent
    The user gives their consent to the company to use personal data.
  • Legitimate interest
    The company has a legitimate reason to use the data.
  • Necessity
    The data is necessary for the company to provide the service.

Let's explore in more detail each one of the above.


Consent is the unambiguous statement saying the user grants the company permission to use their data for specific purposes. Typically, consent occurs when a user signs up for a service.

There are two types of consent: explicit and implicit.

For example, when ordering something over the phone, you are expected to give some personal information, such as your name and address, so the company can correctly deliver your order. In this case, you are not explicitly signing or marking a document stating that you agree to the use of your data. This is known as "implied consent," or more accurately, "unambiguous and implied consent" in GDPR.

On the other hand, explicit consent is when you sign a form, tick a box, or write a statement such as "I consent to the processing of my personal information."

Legitimate interest

Legitimate interest is the most flexible legal basis, but brands cannot use it without violating the legality principles of data processing. You can use personal data without consent in some cases, but it is still necessary to perform a proportionality test in the case of a legal trial.

When an employer stores their team member data, it is clearly understood why it is necessary. However, in the case of digital marketing, it can be a little more challenging to prove the absolute need for collecting personal data without a specific purpose.


The principle of necessity stipulates we must restrict the collection and use of personal data to the necessary minimum for achieving the intended purposes of the company. If a given company does not have any telephone service and the only contact is via email, for example, it isn't necessary to collect the phone number.

The legislation refers to this as "data minimization", stating that the data must be handled only by the people who need it to process it.

In other words, you shouldn't collect as much data as possible in case you'll need it later.

But what is personal data?

Personal data is any information related to a user identifying or correlating it with a natural flesh-and-blood person, such as an address, email, or phone number.

Some information alone does not make it possible to identify a person. Yet, when combined with other, it doas, so it can be considered as personal data. A simple example is the name of the company and the position the person holds: usually, there's only one CEO in a company, which can lead us to identify who this person is.

The data privacy laws also forbid undue disclosure of personal data and sensitive information leaks. One of the rules imposed by GDPR is to grant the user the power to accept or reject privacy policies and terms of use within a website or application, which directly impacts marketing strategies, and, consequently, personalization, one of the pillars of digital marketing.

How does it correlate with the latest browsers' privacy shift?

In response to the call for increased privacy and regulations restrictions, many tech companies started changing their approach to privacy, especially around cookies and third-party pixels.

Apple was among the first companies to introduce a new privacy-focused approach to the browser. In 2017, the tech giant rolled out a new Safari version narrowing the use of JavaScript and local storage-based cookies by setting a seven-day lifespan. Later, they released App Tracking Transparency, a pop-up window in iPhone apps that allow people to choose not to be tracked across apps and websites.

Meanwhile, Google announced the Privacy Sandbox, a set of ideas for developing a more private web. These ideas include a system called Federated Learning of Cohorts, or FLOC, which involves grouping people together based on their interests. The company also plans to block tracking cookies on the Chrome web browser in 2023 in favor of a privacy-friendly alternative.

Finally, Mozilla Firefox's browsers also introduced a new technology called Enhanced Tracking Protection (ETP), which banned third-party cookies by using an approach similar to adblockers.

Sign up for our newsletterSign up for Croct Blog updates and never miss a post.
Woman surrounded with marketing icons.

How does it impact personalization?

At Croct, we are aware of how important it is to find the balance to make the most of data for marketing purposes without compromising privacy. Not all personalization strategies require the use of personal data – we have many high-impact cases of personalization strategies using only anonymous data. When the regulations challenge us to think out of the box, the best ideas come into play.

We've seen a lot of this here. Sem Parar has achieved outstanding results by using marketing campaign data, and Brazil Journal also did it by using only behavioral data. None of them had to rely on personal data to increase the bottom line.

The possibilities for personalization using only anonymous data are endless. Approximate location, device category, behavioral, marketing, and shopping information are just a few examples of non-personal data that can fuel marketing strategies and boost conversion rates.

If you have any doubts about it, you should definitely give it a try. It's not hard to start, and the potential impact is tremendous. Just run an AB test, and you'll see for yourself.

So what can we expect the internet to look like?

The privacy era is here to stay.

While it's easy to look at privacy laws as an obstacle to personalization, more than a few people believe it will improve marketing strategies. The regulations provided the user with better protection against intrusive marketing. Companies that understand they can use this to develop a trusting relationship with their customers will be ahead of the game.

Being a transparent company on collected data treatment is a praising way of positioning itself and adding value to the user. Research already shows that consumers are willing to give up their personal information for a better user experience. What they don't like is having the control of it taken from them. With regulations in effect, we can expect users to be more reliable in sharing their data since they have ways to know how you use them.

If you are looking for a personalization solution, create a free account and explore our platform by yourself. It was built from the ground up with data privacy in mind to give marketers the best chance of success in today's competitive landscape.

Let's grow together!

Learn practical tactics our customers use to grow by 20% or more.