23 June 2025

Privacy impact on marketing

In summary

• Australian privacy laws are tightening, with expanding definitions of PII and a shift toward first-party data as third-party cookies are phased out.
• These changes, along with evolving global regulations, are reshaping marketing strategies and increasing reliance on AI and secure data infrastructure.
• Businesses can prepare themselves for the changes by auditing data, updating consent policies, and strengthening data protection to stay ahead.

2025 Financial services Marketing

Louder’s very own Candice Driver presented at Dianomi’s Financial Services Marketing event this month. Following on from last years event, she gave an update on what’s happened in the past 12 months in the realm of Australian privacy legislation.

Candice covered a variety of issues including the evolving global and Australian privacy regulations including potential GDPR-like consent approaches, the expanding definition of PII and the slow deprecation of third-party cookies, along with stricter consent rules emphasising first-party data and robust data management practices.

Here’s our round up of the key takeaways.

Privacy regulations are evolving constantly

One thing is obvious - while alignment is unclear, companies are starting to take data and consent seriously. There is a general familiarity with the Office of the Australian Information Commissioner (OIC) and their regular updates. There is also a growing prevalence of risk/privacy officers and customer data/consent strategies within financial services companies.

Reforms are coming thick and fast and while last year’s legislative reforms in Australia were less severe than anticipated, a key question moving into 2025 is whether we will adopt a GDPR-like approach to consent or a more moderate stance on data transparency. Regardless, the OAIC expects companies to have control over their data and understand its use.

The definition of PII continues to expand

Regulators are expected to broaden the definition of Personally Identifiable Information (PII) to include web browsing, location, and device ID data, requiring companies to manage and protect more data types. The slow deprecation of third-party cookies, initiated by Apple’s ITP, continues to impact marketers by reducing data for analytics and audience growth. Despite Google’s temporary reprieve on cookie deprecation last year, its clear businesses need to adapt to a data-reduced environment.

Impact of data loss and consent regulations

The Australian advertising market is on the brink of massive change. If stricter consent regulations leading to increased signal loss are introduced, our understanding of customer engagement will be severely impacted. While modern conversion data and AI are helping to fill these gaps, they also imply a reliance on black-box solutions and potentially reduced scalability. Experiences in the EU, where customer opt-outs have significantly increased data loss beyond cookie deprecation, serve as a cautionary example for potential impacts in Australia.

There is no ‘one size fits all’ approach right now

There is a growing global divergence in privacy protections, with the US potentially rolling back consumer data protections while the EU scrutinises consent frameworks like the IAB’s Transparency and Consent Framework (TCF). This questioning raises concerns regarding consent management. Despite these global shifts, Australia is taking a more measured approach, balancing reform with business productivity, but will likely enforce stricter controls on data tracking pixels.

Shifting media landscape and data strategies

Marketers are also navigating a rapidly changing media landscape where product discovery and traditional search are being transformed by AI. First-party data strategies and media mix modelling are becoming increasingly important as digital analytics become more fragmented. This warrants a greater reliance on actual business transaction data for accurate measurement and closer collaboration between marketing and IT for controlled data movement through cloud infrastructure and server-side frameworks.

Louder’s recommendation

Regardless of future consent frameworks in Australia, the rules around data collection and sharing will tighten. Businesses need to start preparing by:

• Conducting full data audits
• Updating privacy and consent policies with transparent communication
• Strengthening data protection by implementing server side frameworks
• Continuously monitoring to navigate the changing regulatory and media landscape
• Being agile in order to adapt to ongoing changes

Keep in touch

Sign up to Louder’s newsletter to receive the latest industry updates straight to your inbox.