Why first-party data is the key to data privacy

On this page

Do you think you know data privacy best practices? Then we have a question for you. Which scenario below will result in stronger data privacy?

Scenario 1: Your company collects data from your website visitors and uses that data to improve your social media advertising.

Scenario 2: Your company buys data from a certified data broker and uses that data to improve your social media advertising.

Both are similar, but one is a best practice for data privacy. Which one is it?

If you chose scenario 1, you’re absolutely right. Scenario 1 uses first-party data, which means your company has complete control over how and why you collected that data. You also have control over the security of that data.

Scenario 2 uses third-party data. Even though the company you purchased the data from is a certified data broker, you still can’t verify how that data was collected and who has access to it. Not to mention you had no control over the security of that data.

If consumer trust and compliance are important to your company, and they should be, there’s only one type of data you should collect—first-party data.

First-party data will help build trust with people who visit your website and use your products. It can also make complying with data privacy regulations easier.

Explaining first-party data and data privacy

First-party data and data privacy are very closely intertwined, but to fully understand the relationship between these two concepts, we need to first define them.

What is first-party data?

In another article, we wrote, “first-party data is data collected by your company.” It’s that simple. Any data you collect from people who visit your website, use your products, or visit your physical locations is first-party data.

For example, say someone visits your website and enters their email to subscribe to emails from your company. Their email address is a piece of data that was collected by your company. It is first-party data.

There’s also a privacy expectation with first-party data. If consumers share their data with you, they often expect that you’re not selling or sharing that data with any other company. That’s where data privacy fits into first-party data.

What is data privacy?

Data privacy is all about transparency. You’re telling consumers what you’re doing with the data you collect from them. Data privacy essentially has two parts. First is how information is collected, stored, and flows. The second half is what you collect, when, and why.

These two parts of data privacy are often detailed in a statement to consumers that tells them exactly what you’re going to do with the data you collect from them. That's the purpose of a data privacy policy.

Data privacy policies are what create transparency and build trust between consumers and your company.

First-party data improves consumer trust

In the 2018 study, The State of Consumer Trust, researchers found five factors related to data privacy that cause consumers not to trust a company:


Avoiding each of those pitfalls can be done by improving your data privacy, which will increase consumer trust in your brand. Each of those factors—brands asking too much information, data scandals, inaccurate information, confusing privacy policies, and “creepy” advertising—can often be solved when your organization uses only first-party data.

Brands asking too much information

If you’ve ever entered a free car giveaway in a shopping mall, you’ve experienced this firsthand. The entry forms for those giveaways often ask for a huge amount of personal information.

When filling out one of those forms, you’ve probably asked yourself, “Why does this company need to know my age, salary range, and all of this other information for a contest to win a car?” Entering all of that information probably felt a little bit intrusive. It might have even caused you to stop filling out the form and throw it away instead of completing your entry.

The reason those companies are asking for all that information is because the companies giving those cars away are often doing it to collect data. They’re then selling that data to other companies.

Organizations committed to data privacy don’t sell first-party data. Therefore, they only need to collect data that is absolutely necessary for their business to run. That helps prevent brands from asking too much information.

Privacy-focused companies often keep track of the data they collect with a data governance strategy. These documents are reviewed regularly to make sure they are only collecting relevant information and the data they’re collecting doesn’t feel unnecessary to consumers.

Public data scandals

Not using data privacy best practices can result in embarrassing data scandals. If you’re only collecting necessary first-party data, there’s a smaller chance of your company’s data being involved in a scandal.

You might remember Uber’s location-based data collection scandal. The company was collecting location data about users after they were done using the app. The practice was controversial and resulted in a lot of bad press for the company, even though they technically weren’t doing anything illegal. Eventually, the company did the right thing and reversed their decision, but the damage to consumer trust was done.

Had Uber only been collecting necessary data, they likely wouldn’t have received as much negative press surround their location-based data collection practices.

Inaccurate information used in marketing

First-party data will improve the accuracy of your marketing because you know why, where, and when you collected it. Typically, when collecting first-party data, your data privacy policy will also detail how long you can keep that data. If you only keep data for a short period, there’s a better chance that it’s accurate.

For example, say one of the data points you collect is your website visitors’ place of employment. That’s a piece of data that might change often. If you decide to reference that data in a marketing campaign two years after you’ve collected it, there’s a chance it won’t be accurate.

That might not seem like a big deal, but what if that person was fired from the company? Now, you’re reaching out to that person and referencing a company they were fired from. It’s not a good look for your company.

If your data privacy policy says that you’re only keeping this data for 90 days, there’s a smaller chance that the data will be inaccurate when you use it.

Confusing privacy policies

Privacy policies become confusing when there’s too much data being collected or when different types of data, such as second- or third-party data, come into play.

When you’re only collecting necessary first-party data, it’s very easy to explain why and how you’re collecting that data. Simple explanations of data collection will simplify your privacy policy.

Experiencing "creepy" advertising

"Creepy" advertising usually comes from a company having access to information about a consumer that the consumer doesn’t expect.

There’s a chance you’ve experienced this personally. If you’ve ever visited a website on your laptop and saw an advertisement for something you were researching on your smartphone, you might’ve felt slightly uncomfortable about how that advertisement followed you to the website.

By using first-party data, users understand the data you have about them and why. That decreases your chances of being seen as creepy.

Data privacy legislation and technology are making first-party data more important

Not only is using first-party data a best practice for improved data privacy, but there are data privacy laws and new to technologies that make first-party data even more important.

The General Data Protection Regulation (GDPR)

We’ve written about The GDPR a lot recently because it affects so much of data privacy. One of the key parts of the GDPR in regards to first-party data is that companies need to prove that they’re collecting data ethically. Most companies use a data protection officer, however, that can be difficult if your company is dealing with second- or third-party data.

First-party data makes proving consent easier than any other type of data because you will be able to prove when and how users consented to their data being collected on your website or app.

The California Consumer Privacy Act (CCPA)

The CCPA is similar to the GDPR, but as we wrote in a recent blog article, “The CCPA will further raise the bar for honoring consumer data privacy rights.”

Like the GDPR, the CCPA requires companies to prove that they’ve collected data with consent. First-party data makes this easier and more transparent.

One key difference between the CCPA and the GDPR is that consumers must be able to opt-out of having their personal data sold without being penalized for doing so.

If you’re following the first-party data best practices, you likely aren’t selling data in the first place, which makes compliance with the CCPA easier.

Third-party cookie blockers

Third-party tracking cookies are often used in advertising, retargeting and cross-site tracking. They typically work by one company placing another company’s cookie on their website. These are different to first-party cookies which remember login details and perform other useful functions that help provide a good user experience.

Blocking these third-party cookies improves data privacy because users know that when they visit a website, data about their visit isn’t being shared with any other company.

For example, say your company places a social media company’s cookie on your website. Your company might do this because the social media company promises that placing their cookie on your website will improve a specific functionality.

That’s a benefit to your company but a downside to your consumers because that social media cookie gives the social media company the ability to collect data from your website visitors without the website visitor knowing it. These third-party cookies can lead to the “creepy” advertising that we previously mentioned.

Apple, Google, Mozilla, and other web browsers have started to block these third-party tracking cookies. They agree that first-party cookies are better for users because they reduce the ability to track consumers across the internet— improving data privacy.

First-party data increases consumer trust

If your company is committed to providing a better experience for your users, you need to follow data privacy best practices. This can include hiring a Data Protection Officer (DPO) and providing data privacy training for your employees, but there are other important steps to take as well. Of all the things you can do to improve your data privacy, only collecting first-party data will make a big difference in improving consumer trust in your data privacy practices.


Segment's Privacy Portal

With the Segment Privacy Portal, you can automate your approach to keeping your customers' data private.

Getting started is easy

Getting started is easy

Start connecting your data with Segment.