Why privacy sits underneath marketing, not beside it

For a long time, privacy was treated as a compliance function — something the legal team handled so the marketing team could keep working. That separation does not hold up in 2024 and beyond. The same data that powers personalisation, attribution, and audience building is the data that regulation, platform policy, and consumer expectation are actively tightening rules around.

Treating privacy as a foundation — not a line item — changes what marketing you can actually build. Consent Mode v2, server-side measurement, first-party data architecture, data retention controls: none of these are privacy features bolted onto performance work. They are the infrastructure that lets performance work keep functioning as third-party tracking erodes and as regulation keeps arriving.

Principles that survive the next regulation

The regulations keep changing — GDPR, DMA, the Greek implementation of electronic communications law, the inevitable next wave. What stays constant is a small set of principles we apply across every engagement:

  • Collect less. Every data point you collect without a clear purpose is future liability. Purpose limitation is a feature, not a constraint.
  • Own the pipeline. Data that flows directly from your site to your own server — rather than only through third-party pixels — gives you control over retention, access, and purpose.
  • Transparent to the user. Consent banners that actually communicate, privacy policies that are readable, and data-subject request handling that takes days instead of months — these are the signals users increasingly notice.
  • Test the assumption that you need the data. Half the personalisation built on fragile identifiers can be rebuilt with aggregate signals. Privacy-first rebuilding often produces more durable performance.

This Data Privacy Day, reconsider the foundation your marketing is standing on.