Since the first banner ads, the world wide web has largely run on ads. To fund online services, the digital advertising industry collects detailed information about billions of people. But substantial change is imminent. 

New laws targeting digital advertising 

The ePrivacy Regulation, a long-awaited update to the EU’s rules on direct marketing and cookies, was intended to pass alongside the GDPR in 2016, but has reportedly been permanently shelved by the European Commission. 

Yet lawmakers in the US have been more active recently (from a weaker starting point), with around 18 states passing laws that give consumers the right to opt out of targeted advertising and the sale of their personal data. Many of these states—including California, Colorado and Connecticut—also require businesses to process opt-out signals sent via consumers’ browsers, such as the Global Privacy Control (GPC). This approach could hit tracking-based digital advertising revenues hard. 

And these obligations could soon be extended across the entire US via a draft federal law, the American Privacy Rights Act (APRA). While America is likely to remain an “opt-out” jurisdiction, these new rules should provide greater privacy for people willing to take steps to achieve it. 

Regulators are targeting harmful advertising practices 

Even without modern privacy legislation, regulators are interpreting older laws in a way that covers modern technology and practices. In the US, for example, the Federal Trade Commission (FTC) has issued scores of enforcement orders and reached numerous settlements under the FTC Act, a 110-year-old consumer protection law. 

While the law doesn’t mention tracking people’s locations or selling their personal data, the FTC has repeatedly found that such practices, carried out without notice or consent, are “unfair or deceptive” under the FTC Act. 

The UK’s Information Commissioner’s Office (ICO) recently turned its attention to cookies for the first time. Last year, the regulator told scores of websites that they were breaking the law by failing to allow users to reject cookies as easily as they could accept them. The ICO says it will continue its campaign against non-compliant cookie banners using an automated website-scanning tool. 

But besides these legal and regulatory pressures, there are other forces shaping the world of digital marketing. 

Google, Apple, and other ‘gatekeepers’ 

Policy shifts by the internet’s “gatekeepers” can have trickle-down effects on many smaller players. For example, when Apple’s App Tracking Transparency policy forced App Store developers to get consent to track iPhone users, many companies reported substantial initial revenue dips. 

Nearly half a decade ago, Google announced Privacy Sandbox—a much-delayed effort to change how people’s data is collected via Chrome, the web browser of choice for around two-thirds of internet users.  Google intends to stop other companies from collating detailed information about individual users via third-party cookies. Instead, Google will offer advertisers aggregate data about people’s interests via a new tool called Topics. In principle, this should be a win for privacy. But restricting access to Chrome users’ data has serious competition implications. An investigation by the UK’s Competition and Markets Authority (CMA) could delay the launch of Topics until 2028—or derail the project altogether. 

As digital advertising adapts to legal, regulatory, and industry pressures, businesses taking a transparent and responsible approach are likely to suffer the least. 

HewardMills can help ensure you meet the current legal requirements wherever your company operates. And our privacy experts can help your business anticipate and prepare for change in this fast-developing field. 

If you would like to discuss this topic or anything else data protection and privacy-related, please contact us at