A recent study by Google and BCG found that while 70% of brands in APAC understood the privacy imperative, only 40% are trying new solutions and experimenting.
While APAC might be playing catchup with other markets when it comes to readiness for a privacy-first and cookie-less world, time is running out. With Google's plan to stop the use of third-party cookies in Chrome by the end of 2023, new data privacy laws and regulations are coming into play in the region—such as Thailand's Personal Data Protection Act (PDPA) which becomes fully enforceable this year, China's Personal Information Protection Law (PIPL) which came into effect in November 2021, and India's Personal Data Protection Bill (PDPB) which is still in deliberation.
Jessica Martin, head of privacy for Google APAC, warns that marketers should be taking first steps now as being privacy-ready won't happen overnight.
How privacy-ready are brands and advertisers in APAC?
The good news is I’m seeing an increased awareness as to the importance of privacy. For example, we did a piece of research and found that more than 70% of companies in APAC agreed that not being privacy-ready will have significant impact for businesses. That can include things like loss of trust or regulatory compliance or even the technological impacts on their business. If I was to have that same conversation two years ago, I didn’t see such a high stat across the markets. So, for me, that’s really exciting that we’re seeing such a rise in increased awareness.
Does readiness vary from market to market?
Surprisingly for me when I did this research, Thailand was leading the pack in its awareness because PDPA came into place. So regulation has pushed Thailand to be more prepared for consent based reform. But if I went to the next stage beyond compliant regulation and thought about their adoption of privacy-forward practices and doing experimentation, they are less strong and they need to do more. So Thailand’s awareness is good, but their actual execution into the next piece—while their open to it and starting it—I wouldn’t say they are mature and done.
Generally, we’ve started to think about our markets in broad groups, which I would say is those nascent but fast-advancing markets. Then we have those markets that are developing with changes on the horizon, and finally we have those historically more mature markets like Australia, for example, that had existing privacy reforms in place and quite mature privacy practices, but they’re kind of going through an iteration as we’ve seen with regulatory changes or the next stage of what privacy and durable solutions looks like. All in all, readiness and what privacy means in APAC is as diverse as APAC itself. But there’s been an absolute positive shift in terms of increased awareness and companies recognising that they need to go and prepare.
What about consumer attitudes to privacy in APAC? Are they just as diverse?
As for consumers, everyone has a different view when it comes to privacy. If you think about Japan vs India vs Australia vs China—and if I ask what is an acceptable use of data? What do you consider a fair value exchange? What should that look like? It differs in each market. In Thailand, we found that people were actually more willing to share data if there’s a good and clear reason which offers a benefit. But in markets like Australia, and to some extent Japan, we noticed that people want clear, plain language about what’s being used and why, and they also want a control and consent element. These are good practices that we want to see universally, but they’re at that next level where people are happy to share, but at the same time want it to be clear what they are sharing and what they get in return.
What does 'ready' currently look like?
What ‘ready’ looks like and the steps you can take to prepare also varies from market to market. You’ve got some that say they have a strong first party data strategy; they’re thinking about durable solutions and are trying to see how they can do more with less—like machine learning, automation, and they’re already starting to make those moves. Others know they need to do something, but either the sense of urgency or the next stage they still have room to go. So we’re trying to get more encouragement in the ecosystem to have that experimental mindset and to think about durable solutions.
Are there any quick fixes or workarounds?
There won’t be one silver bullet. People ask ‘what’s the fix?’ And I say ’no, no there’s no fix.’ There are however good practices like a strong first party data strategy that is consented—letting your users know what you’re collecting and why and then building that. Marketers need to be trying a few different levers to get to that next stage in a privacy-forward way. I do believe that more needs to be done on that in many markets.
What should brands and marketers be doing now to prepare?
For those that currently have practices or dependencies on third party solutions, they need to understand what dependencies they have. So what techniques are they using that will be impacted by third party cookies? Say, for example, re-marketing. The work that is being done in Privacy Sandbox is looking to develop valid use cases to help with that. As companies develop their next round of developments and investments, they should be asking what the durable solutions are, and what they should be looking for. How are we building a good first party data strategy? I don’t mean collect all the data. I mean understand what data you need to collect and why, and do it in a privacy forward way so that it’s clear and consented and that people have choice and control so that they can adjust their consent—I think that’s really important. Once you’ve built that good first party data strategy, that’s your platform to do all the next bits. That’s when you can use things like AI and machine learning to help you do more with less. But brands need to do the first steps now. You don’t get a first party data strategy overnight.
Is Topics a solution?
Topics is the next stage. It relates to intraspace advertising. So Topics is a proposal in Sandbox that Chrome is working on. And it’s a public participation process. So it’s the next iteration for what a replacement API for intraspace advertising could be. Currently, it’s moving into the origin trial phase and it will be worldwide origin trials and there will be more news on this and they will release it publicly on the Chrome side as they do their different stage updates. But again it’s not really a standalone solution. For intraspace advertising you would use the Topics API, but you would use some of the other ad information you have as well, like contextual, and you would bring them together to get that great personalisation in a privacy forward or privacy preserving way that gives you various choice and control. Topics is only a proposal at this stage and subject to change.