Blog

First party data 101: What your marketing team needs to know

Read more to answer frequently asked questions around first-party data and how your organization can take advantage of it

Ashlea Cartee
Product Marketing Manager, OneTrust
May 23, 2023

Different types of consent
What are the differences between states?
The deprecation of third-party cookies
Contrasting zero-party and first-party data

Marketer’s masterclass for privacy and personalization

Join us for eight interactive webinars, three in-person events across the US and UK, and follow along for access to exclusive resources!

Learn more

Every day, it feels like there’s a new data privacy regulation update; six states in the US now have comprehensive privacy laws (and many more with bills in the works), adding to the already crowded global regulatory landscape. Because third-party cookies are also finally going away in 2024 (for now), organizations need to find a way to get relevant data about their customers without using third-party trackers to get it.

This shift is going to bring about a new era of corporate responsibility, with organizations being more transparent than ever before about exactly how and why they’re processing data and demonstrating the value that collecting this data brings to their customer’s user experience.

In the recent Marketer’s Masterclass webinar series, OneTrust privacy experts covered many topics on consent and preferences, including first-party data, zero-party data, and how US state privacy laws define Sensitive Personal Information (SPI). Let’s take a look at some of the common questions across the series that were asked around first-party data.

Different categories of data require different types of consent

When collecting first-party data or zero-party data, your marketing organization needs to be aware of the categories of data that it’s collecting. While obtaining data such as website activity and purchase data require opt-out consent from the user to obtain, more sensitive categories of data not only require a separate consent form but an additional notice as well that explains why these categories of data are required for your organization and how you plan on processing it. These categories of data are referred to as Sensitive Personal Information (SPI) and have slight differences across the US privacy landscape.

SPI can be considered first-party or zero-party data when it’s collected directly from the consumer and not via any third-party data trackers. In these cases, you still need to ensure that the appropriate consent mechanisms are in place when collecting this data.

You need to guarantee that your marketing teams are aware of the different consent requirements and mechanisms in place for the categories of data that it’s looking to obtain from users.

What are the differences regarding sensitive personal information (SPI) consent for different states?

Different laws in the US deal with SPI in different ways.

First off – what is it? Different states define SPI slightly differently, however, all states currently have the following items classified as SPI:

Racial or ethnic origin
Religious beliefs
Health data
Sexual orientation
Citizenship status

Apart from these, there are certain categories of data that some states consider as SPI and others don’t. For example, California considers union membership, government ID, financial information, and private communications to be SPI while no other state does. Certain states include other categories such as biometric information, children’s data, and geolocation, in their SPI definition while others leave them out. Precise geolocation data is one category that is considered SPI by every state except for Colorado and is currently one of the main topics of discussion in privacy.

Refer to the table below for a full breakdown of SPI categories across US state privacy laws.

Under the Virginia Consumer Data Protection Act (CDPA), Colorado Privacy Act (CPA), and Connecticut Data Privacy Act (CTDPA), companies are required to get an opt-in from customers before processing their SPI, whereas the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the Utah Consumer Protection Act (UCPA) operate on an opt-out model – although the CCPA does require companies to have a “clear, conspicuous” link on their website that reads “Limit my use of Sensitive Personal Information” that customers can click to opt-out of the use of their SPI.

Make sure your organization has the right data policies in place to process consent appropriately for each jurisdiction, along with notices and disclosures on your site to ensure transparency with your customers on how and why their data is being processed.

How will the deprecation of third-party cookies impact data collection?

With third-party cookies going away in 2024, companies need to establish methods of collecting data that don’t rely on third-party trackers. Companies can collect first-party data by playing detective on their own website or app. By using tools like Google Analytics or Adobe Analytics, companies can track customer behavior, see what they're clicking on, and find out what they're buying. It's like being Sherlock Holmes, but for marketing!

The deprecation of third-party cookies doesn’t mean the end of CMPs by any means, the onus of collecting data for various purposes and the consent required for each purpose now falls solely on your organization.

Another way companies can collect first-party data is by taking advantage of preference centers. The more you know what your customers prefer when it comes to their taste in products and preferred mode of communication, the easier it becomes to reach out in a non-intrusive way that adds value.

Companies can also collect first-party data through email marketing campaigns. By asking customers to sign up for newsletters or loyalty programs, companies can get a treasure trove of valuable data, like email addresses, demographics, and preferences.

What’s the difference between zero-party and first-party data?

Zero-party and first-party data are two types of data companies use to gain insights about their customers. Both types of data combine to form “earned data,” which is important for marketing and customer engagement, but they differ in their origin and level of customer involvement.

While both first-party and zero-party data are valuable for customer engagement, first-party data is data that a company collects directly from its customers through interactions, while zero-party data is data that customers willingly share with companies. Both types of data are essential for creating personalized experiences and driving business growth. Just like how a good friend knows all your likes and dislikes, companies can use this data to make sure their customers are getting exactly what they want.

First-party data is what companies can learn by tracking customer interactions on their website, purchase history, and social media activity. Think of it as things you would learn about a friend from interacting with them, noting their behavior in different situations. Companies can use this information to create ads and marketing campaigns more tailored to their customers' likes and wants. First-party data is typically used for personalized marketing, retargeting, and improving customer experience. This type of data requires an opt-out mechanism for users in the US privacy landscape – your organization must clearly mention that their data can be used for the purposes of targeted advertising, profiling, and personalization while giving users the choice to opt-out of sharing their data for these purposes as well.

Zero-party data is when customers voluntarily give companies their preferences and opinions through things like surveys, polls, and feedback forms. Think of this as what your friend willingly tells you after you ask them what they think about a certain issue or topic. Companies can use this data to create even more personalized experiences for their customers, making them feel like they're truly understood. Zero-party data allows companies to create personalized experiences that directly align with customer needs, which helps build trust and loyalty.

To learn more about how your organization can stay on top of consent requirements, build trust with your customers, and deliver personalized experiences while honoring user privacy, watch the Marketer’s Masterclass for Privacy and Personalization on-demand.

Your partner in trust transformation

Privacy Matters

Our privacy center makes it easy to see how
we collect and use your information.

Your privacy

When we collect your personal information, we always inform you of your rights and make it easy for you to exercise them. Where possible, we also let you manage your preferences about how much information you choose to share with us, or our partners.

Blog

First party data 101: What your marketing team needs to know

Table of contents

Marketer’s masterclass for privacy and personalization

Different categories of data require different types of consent

What are the differences regarding sensitive personal information (SPI) consent for different states?

How will the deprecation of third-party cookies impact data collection?

What’s the difference between zero-party and first-party data?

You may also like

Consent & Preferences

The latest on consent-driven advertising: TCF 2.2, GPP, GCM and beyond

Unlock cutting-edge advertising trends: TCF 2.2, GPP, GCM and more! Join to master consent strategies in 2024 and beyond.

November 27, 2023

Consent & Preferences

How to activate data confidently with unified consent management

Join us to learn how to harmonize data for responsible use, leverage first-party data, and ensure your data architecture with a proactive consent strategy to build customer trust.

October 24, 2023

Consent & Preferences

Compliant omni-channel automation: How to be a responsible marketer?

Join this webinar and learn how to create a compliant privacy-first marketing program that respects customer consent across multiple channels.

October 12, 2023

Consent & Preferences

AdTech and consent toolkit 2023

Master TCF 2.2 & Google CMP requirements with our AdTech and Consent Toolkit 2023. Stay compliant and succeed in the privacy-first advertising landscape.

October 10, 2023

Consent & Preferences

How OneTrust integrates with Snowflake

When it comes to personalized marketing campaigns, email lists, or any other activation, make sure you’re staying compliant with all applicable privacy regulations.

October 09, 2023

Consent & Preferences

The IAB TCF 2.2 mastery toolkit

Master IAB TCF 2.2: Gain insights, navigate changes, and empower your organization with our resource kit. Download now!

October 05, 2023

Consent & Preferences

Honoring consent throughout the data lifecycle

Watch our webinar and learn how consent can enrich your data while helping you build a brand your customers can trust.

October 03, 2023

Consent & Preferences

The Google CMP requirements toolkit

Master Google's CMP Standards: Stay compliant and excel in the evolving ad landscape. Download our Google CMP Requirements Toolkit now!

September 27, 2023

Consent & Preferences

Adobe + OneTrust: How to market responsibly with consent-based experiences

Join Adobe and OneTrust as we discuss best practices for deploying consent-based marketing campaigns and privacy-first experiences.

August 29, 2023

Cookie Consent

Trust matters: Building consumer confidence in a cookieless world

Join us and learn how to build consumer trust and drive marketing ROI without relying on third-party cookies.

August 01, 2023

Consent & Preferences

Consent-based advertising: Connecting with customers in a privacy-centric world

Get the insights you need to launch privacy-first advertising campaigns and build strong customer relationships based on trust.

July 28, 2023

Consent & Preferences

Master IAB TCF 2.2: Navigate the latest changes in user consent management

Keep up to date with the latest IAB TCF 2.2 changes and learn what you need to know to keep your organization privacy-first and complaint.

July 27, 2023

Consent & Preferences

Tackling privacy and personalization: Fireside chat with PwC and the NFL

Our expert panel looks at how consent and preference management empowers consumers, creates engaging custom experiences, and helps companies comply with global regulations.

July 20, 2023

Consent & Preferences

The marketer's first-party data checklist

Download our in-depth first-party data checklist and begin building privacy-first marketing strategy that builds trust and keeps your organization compliant.

July 11, 2023

Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Consent & Preferences

Consent-based marketing: bringing privacy and consent to your tech stack

Learn how focusing on first-party data and end-to-end consent can help drive innovation and trust with this on-demand webinar with Engage Business Media.

June 28, 2023

Consent & Preferences

Consent-driven advertising: What to know about Google's new CMP requirements

Join us for this expert webinar as we delve into Google's new CMP requirements for ads and best practices for permission-based advertising.

June 27, 2023

Consent & Preferences

Navigating Google's new CMP requirements

Adapt to Google's June 2023 CMP requirements with this infographic and confidently engage your audience while staying compliant.