Home / 

Each passing year, the growth of cybercrimes and increasing stringency of privacy laws make striking the correct balance between a delightful digital experience and customer trust more challenging for today’s digital-focused retailers. 

Increasing Cybercrime

The most common cybercrimes affecting customers are data breaches and exposed customer records. 2021 was the worst year in cybercrime with 1,862 data breaches, surpassing 2020’s total of 1,108 and the previous record of 1,506 set in 2017 (Identity Theft Resource Center’s 2021 Data Breach Report).

Balancing Data Privacy and Personalization in 2022

The study suggests that the year-on-year growth of the average total cost of a data breach increased by nearly 10% in 2021, the highest ever recorded. In addition to the average price of $4.24 million to clean up a data breach, these events impact company’s trust and reputation. 85% of shoppers who had personal data stolen in a breach told others about their experience, while 33% shared it on social media (Interactions Marketing).

Impending Regulation

2022 is a pivotal year for introducing new laws enforcing stringent data privacy policies. Across countries and the United States, these regulations deliver a bewildering set of increasing requirements upon their introduction, as are seen below. 

  • GDPR (General Data Protection Regulation) governs the processing of the personal data of citizens of Europe. Learn more
  • PIPEDA (Personal Information Protection Electronic Documents Act) is a Canadian data privacy law that governs commercial processing activity.
  • CCPA (California Consumer Privacy Act) seeks to protect the personal data of California residents. California Privacy Rights Act (CPRA) amends the CCPA. Learn more
  • VCDPA (Virginia Consumer Data Protection Act) gives consumers the right to access their data and request businesses to delete their personal information. Learn more
  • ColoPA (Colorado Privacy Act) gives Colorado residents privacy rights, including access, correct, and delete their data. Learn more

In addition to California, Virginia, and Colorado listed above, at least four other states, including Massachusetts, New York, North Carolina, and Pennsylvania have comprehensive consumer data privacy proposals in committee now. Since a Federal Privacy Law is imminent, all organizations collecting and acting on data collected from the public must review and bolster their data governance and security approaches. 

The Privacy Paradox

The privacy paradox represents the inconsistency between personalization and privacy priorities. Increasing online commerce has opened a Pandora’s box of ethical concerns on technology usage, sharing of data, and expectation of personalized experience. While some are comfortable letting retailers track their browsing and shopping behaviors for a better shopping experience, others consider it a breach. 

According to Gartner, “…despite having less trust in brands to use their data ethically, millennials are more willing to provide companies with information in exchange for convenience and personalized experiences.” Such behavior clearly outlines the unequal relationship between privacy and personalization, delivering the privacy paradox. 

Address the Paradox, Maintain Regulation

Data privacy laws provide confidence that a person’s data and identity are kept safe and can continue to provide their information to a business. Companies must understand the emerging regulation, confirm compliance within all digital customer interactions, and ensure no actions harm customers. 

Balancing Data Privacy and Personalization in 2022

Here are some ways you can enable personalization and earn customer trust while adhering to the data privacy laws.

1. Stop reaching out for a 'cookie' jar

Cookies have been instrumental to advertising and marketing initiatives. But concerns around privacy-intrusive tactics and class-action lawsuits for cookie violations, like against Oracle and Salesforce, have expedited the move towards a cookieless future. 

In the emerging cookieless world, privacy and personalization are not mutually exclusive. Today’s brands understand that data breaches are detrimental to long-term audience acquisition, growth, and retention. Customers expect companies to be more transparent about their data collection practices and reduce sharing personal details with third parties. This challenge offers an opportunity to those who can think outside the box. 

Big players like Apple and Firefox have already blocked third-party cookies, and Google plans to follow suit by 2023. The first-party tracking allows the metadata collected by the cookie to remain between the user and the website/business, helping build a stronger one-to-one relationship. 

Winterberry Group and Interactive Advertising Bureau (IAB) reports that spending on first-party tracking is rising. More than half of the respondents have already adjusted their budgeting to accommodate the change.

2. Users to decide their preferred level of personalization

Depending on the industry, businesses must allow customers to choose how much personalization they are comfortable with and, therefore, the amount of data they want to share, which shapes their customer journey and experiences. 

Ikea, for instance, plans to adopt a people-centric approach, where they promise to give privacy and transparency to the customers by providing complete control to the users, showing the benefits of a personalized experience while giving them the option to switch off at any point. 

In another example, Iberia Airlines asked its customers to share their dream vacation destination and the person or friend they would want to take along. Soon after, they started showing the advertisement to their friends suggesting the vacation as the ultimate Christmas gift.

Another example can be that of the grocery store robots that help shoppers personalize their shopping experience by engaging customers with voice discussions and augmented reality. They start a two-way conversation and let customers tell what they want, allowing them to get a personalized experience and sharing of voluntary data.

3. Benefit, don't be intrusive

Businesses compete for time and attention with their customers’ daily activities. This competition forces companies to create a competitive experience using modern personalization tools that adapt to and support the customer’s intentions. Though customers appreciate the personalized experience, they do not realize how it may impact their informational privacy. 

A SmarterHQ report states that 74% of consumers think that push notifications are intrusive. According to research conducted by Accenture, here are some unwelcome and borderline creepy engagement tactics that businesses should refrain from using consumers’ location to personalize recommendations topping the list below.

Balancing Data Privacy and Personalization in 2022

Let’s understand this research better with the help of an example. As an online shopping platform, sending targeted ads reminding users of their abandoned shopping cart is fair, but sending immediate ads of a product they just searched for on the internet will be considered intrusive.

4. Unleash the power of anonymized data

While there is much more to personalization, building segments by analyzing anonymous data from all visitors and customers is a classic and easier-to-digest way for visitors to act. For example, Amazon collates anonymous data to showcase relevant products in a Frequently Bought Together section. It doesn’t cause as much unease as a hyper-personalization service, and the company creates interest for the shopper without asking for data upfront. 

Some tech companies have even tried adopting differential privacy, a cybersecurity model where only aggregate information of user habits is collected and shared to maintain the users’ privacy. This differential privacy model guarantees that the collected data doesn’t divulge details of an individual user. For instance, Apple employed differential privacy in iOS 10 by creating noise around an individual’s inputs, i.e., it could track the most frequently used emojis while masking the emoji usage by any individual user.

Thus, the differential privacy model allows companies like Amazon to hide sensitive user information while personalizing shopping preferences based on the historical purchase list. 

5. Sync marketing strategies with data privacy

Earning customer trust requires that everyone in a company is aware of privacy and data protection and how your marketing strategies and technologies affect customers. 

For instance, the recommendation algorithm of Netflix and Spotify are rarely ever questioned – they use it to give personalized suggestions and is a big part of their value proposition. The customers already know that preferences benefit them. Hence, they are often more willing to share their data, knowing that personalization is part of their identity as a brand and sharing data will only improve their experience. 

Also, the company needs to train the employees in the ethical use of data. Developers building products, salespeople cold-calling prospective customers, or marketers using artificial intelligence must keep privacy on top of mind to avoid mistakes. This understanding is critical in the new state of things, with a hybrid work model becoming more popular, potentially translating into less secure networks. 

6. Prioritize privacy by design

Former Information and Privacy Commissioner of Ontario, Ann Cavoukian, stated, “Privacy by Design advances the view that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.” The phrase also mentions that GDPR prescribes companies design and implement technical and organizational measures, keeping data protection principles in mind. 

Treating privacy as an afterthought while building a personalized experience is dangerous. Businesses must build every product or strategy considering privacy from the very beginning. It is an excellent principle to follow and develop products that have the built-in capability to comply with GDPR-related obligations fully. 


It will be fair to conclude that data derived from customer loyalty is more valuable now than ever. It helps balance personalization with data protection requirements without overstepping the bounds when collecting, storing, and using personal data. Trust helps repeatedly bring the customer back to the brand and unlocks powerful ways to form long-lasting and meaningful customer relationships.