Improve your data literacy
Assess your data maturity
Prepare your team

Becoming a privacy-first company - 1: How we got here

Hi, and welcome to the first episode of our new series about how to become a privacy-first company. Over the next 5 episodes, we’ll set sail on a journey, away from the treacherous waters of digital advertising and towards the serene shores of first-party data. You’ll learn why customer privacy matters for your organisation, how to set up a privacy-first culture, strategy, and data stack, and establish lasting changes.

Glad to have you on board! Let’s start with a little context.

From cookies to customer distrust

As soon as the internet became widely used, companies started using cookies and invisible trackers to collect personal data across websites and applications. Our data is shared and sold far and wide, allowing advertisers to bombard us with personalised ads. But hey, we get lots of free stuff, so for a long time, we didn’t complain.

Tipping points and legislation

Fast forward to 2018: Facebook is entangled in the highly publicised Cambridge Analytica scandal, in which personal data from users was harvested without their consent and used in the 2016 US Presidential Election. That’s just one of the major data breaches of that time. Just ask Yahoo!, Uber, Ashley Madison, First American, …


As a result of these scandals, privacy became a permanent fixture in public awareness. A series of legislation followed suit: GDPR, DPA, CCPA, … In 2022, the European Commission introduced 2 ‘new’ legislative initiatives:


  • The Digital Services Act (DSA) offers clear rules for dealing with illegal content, enforces transparency on recommendation engines and online advertising, and sets restrictions on targeted advertising and deceptive designs, amongst others.
  • The (updated) ePrivacy legislation focuses on things like simpler rules for cookie consent, protection against spam, and overall more effective enforcement of GDPR.

Panic at the data centre

So far, this increased legal scrutiny has resulted in record-breaking fines for privacy violations. The privacy push is real – and tech giants are forced to follow.


  • Google is (eventually) getting rid of third-party cookies and disables tracking technology in its Chrome browser by default.
  • Facebook/Meta says it’s exploring ways to show relevant ads without requiring personal data.
  • Apple is going all-in with its App Tracking Transparency (ATT) policy, letting users decide which apps can track their data.


Meanwhile, many users have taken matters into their own hands by installing adblockers and other tools to protect their privacy.

Results Mckinsey

“Users realise now that their personal data is currency for which they are never fully compensated.” - Nicolas Lierman, Head of Innovation and Acceleration at MultiMinds

The solution: wean yourself off third-party data

Many companies – including yours? – rely on big tech, the digital ad industry, and thus personal data to market their business and provide a personalised, streamlined customer experience. But no matter whether you’re coming at it from a legal, operational, or branding perspective: it’s time for change.


To survive on the privacy-conscious internet, businesses must continue to offer personalised experiences without relying on third-party data. The key? Establishing strong, trust-based relationships with customers – backed by a solid data strategy and technology stack.

Homework | Are you GDPR-ready?

At MultiMinds, we tested the GDPR compliance of 69 companies by exercising our ‘right of access.’ Spoiler alert: only a handful passed the test. Would you?

Up next: A future built on trust

In the next instalment, we’ll explore why great customer experiences and business growth don’t require flagrant breaches of privacy.