08 July 2026
Privacy-safe growth in the age of AI, agentic advertising and data governance
This article is not written, or presented as legal advice nor opinion. Readers should neither act, nor rely on opinion(s) in this article and linked materials without seeking legal counsel.

In summary
- AI is moving from content creation towards decision-making and campaign execution.
- Privacy regulation is increasingly focused on fairness, necessity and transparency rather than consent alone.
- Children’s privacy standards are expected to influence broader consumer expectations.
- Tracking technologies, AI governance and data quality are becoming significant business risks.
- Organisations that strengthen governance today will be better positioned for the next generation of AI-powered marketing.
AI is changing marketing. Governance is becoming the competitive advantage.
Privacy, AI and measurement are no longer separate conversations. Together, they’re reshaping how organisations collect data, make decisions and deliver marketing outcomes. That convergence was one of the strongest themes to emerge from the latest IAB Privacy & Data Summit.
As AI becomes increasingly embedded across advertising workflows, marketers are relying on larger volumes of data to power audience creation, optimisation, measurement and automation. At the same time, regulators are asking tougher questions about whether organisations actually need the data they collect, how transparently it is used and whether automated decisions remain fair.
The organisations that gain the greatest advantage from AI won’t necessarily be those collecting the most data. They’ll be the ones with the strongest governance, the clearest consent frameworks and the highest-quality data.
For many organisations, governance is becoming just as important as the technology itself.
AI agents need governance before they need more data
Much of the discussion centred on AI moving beyond content generation into decision support, workflow automation and autonomous campaign management.
Industry initiatives including the Model Context Protocol (MCP), Agent-to-Agent (A2A) communication standards and IAB’s work on agentic advertising all point towards an ecosystem where AI systems increasingly interact with one another across advertising platforms.
That creates significant opportunities for efficiency. It also creates new governance challenges.
Organisations will increasingly need clear policies around:
- what AI agents can access
- what recommendations they can make
- which actions require human approval
- how AI decisions are monitored and audited.
As AI takes on greater operational responsibility, governance becomes part of marketing infrastructure rather than simply a compliance exercise.
Privacy is shifting beyond consent
Privacy discussions have moved well beyond cookie banners and consent pop-ups.
Increasingly, regulators are focusing on whether organisations genuinely need the personal information they collect, whether its use is fair and reasonable, and whether consumers would reasonably expect it to be used in that way.
A recurring theme throughout the summit was that organisations should collect only the information that is genuinely necessary for a clearly defined purpose.
The Australian Privacy Principles increasingly reinforce this direction.
APP 3 focuses on limiting collection to what organisations genuinely require, while upcoming APP 1.7 reforms introduce greater transparency around automated decision-making.
For marketers, this has practical impacts.
AI-generated audiences, automated segmentation, personalised pricing and recommendation engines may all receive greater regulatory investigation as automated decision-making becomes more common.
Rather than asking whether consent has been collected, organisations should also ask:
- Do we actually need this information?
- Can we clearly explain how it is used?
- Would customers reasonably expect this use?
Children’s privacy may reshape privacy expectations for everyone
One of the strongest discussions focused on Australia’s proposed Children’s Online Privacy Code.
The Code applies to online services likely to be accessed by children, creating a broad obligation for many digital businesses.
The expectation is that organisations should only collect information that is strictly necessary by default, while carefully considering age assurance, direct marketing practices and parental consent requirements.
Importantly, several speakers suggested the standards established for children’s privacy may influence wider consumer expectations over time.
What begins as child-specific privacy protections may ultimately become the benchmark for everyone.
Tracking pixels remain under the microscope
Tracking technologies continue to attract close regulatory attention. The discussion reinforced that it’s not just the technology that matters, but how and why it’s being used.
For example, tracking repeat visitors to a mental health website could reveal sensitive information even if individual data points appear relatively harmless in isolation.
Brands should regularly review:
- tracking pixels
- tags
- third-party scripts
- consent configurations
- data-sharing practices.
As we’ve explored previously in our articles on the OAIC’s recent tracking pixel determinations, organisations remain accountable for the technologies deployed across their own digital properties, regardless of which vendors provide them.
Strong tag governance and consent management are becoming essential operational capabilities rather than technical housekeeping.
Data minimisation is becoming a strategic advantage
Another consistent message throughout the summit was simple:
- Collect less.
- Collect deliberately.
- Delete data when it is no longer required.
- More data does not automatically create better marketing.
Instead, excessive collection increases privacy risk, security exposure and governance complexity.
Progressive profiling was highlighted as a practical approach that allows organisations to build customer understanding over time instead of requesting unnecessary information upfront.
Equally important is establishing clear retention and deletion policies so information is not retained indefinitely without purpose.
Privacy-safe audience strategies are evolving
Privacy-safe audience development is also becoming more sophisticated.
One session explored how physical-world signals such as geography, postcodes and contextual information can help marketers better understand audiences without relying exclusively on individual-level identifiers.
As one speaker noted: “People do not only live in the digital world; they live in the physical world.”
Location-based and contextual signals can complement first-party data while supporting more privacy-conscious activation strategies.
For many organisations, this offers an opportunity to reduce dependence on identity-based targeting while still improving campaign relevance.
Transparency is becoming essential across the data supply chain
The summit also highlighted growing interest in understanding where audience data originates.
Initiatives such as IAB transparency labels encourage marketers to evaluate audience datasets based on factors including:
- data source
- recency
- permissions
- modelling methodology
- overall quality.
For organisations working with second-party and third-party data, governance increasingly extends beyond internal systems to include external partners.
Data partner discovery workshops and regular governance reviews can help identify both opportunities and areas of potential risk.
Better measurement starts with better data
Measurement discussions, including Marketing Mix Modelling (MMM), Multi-Touch Attribution (MTA) and brand uplift, shared a common conclusion.
No measurement framework can outperform poor-quality data.
Before investing in advanced analytics, organisations should first assess whether their underlying data is complete, consistent and trustworthy.
The most sophisticated measurement model cannot compensate for incomplete inputs.
As AI-powered optimisation becomes more common, the quality of the underlying data will increasingly determine the quality of business decisions.
Louder recommendations
- Reviewing what personal information is collected and why
- Auditing consent flows and avoiding bundled consent
- Assessing whether pixels or tags collect sensitive information
- Reviewing AI-driven audience creation and automated decision-making
- Implementing clear retention and deletion policies
- Adopting progressive profiling where appropriate
- Conducting partner governance and data discovery workshops
- Improving transparency around audience data sources
- Validating data quality before relying on MMM, MTA or brand uplift studies
- Building governed first-party knowledge bases that can safely support future AI use cases.
Get in touch
Get in touch with Louder to discuss how privacy, consent, measurement and data governance obligations may impact your organisation.
Want more Louder content?
Add Louder as a Preferred Source in Google Search to see more of our articles when you search and subscribe to our newsletter to receive the latest industry updates straight to your inbox.
