Image of woman sitting by water on her laptop.

Privacy-First Marketing for Nonprofits

When is the last time you read through your organization’s privacy policy? Maybe… never?

How about your cookie consent banner? Did you take a “set it and forget it” approach?

If so, you’re not alone. On the surface, it makes sense that privacy and tracking would be at the bottom of a marketer’s task list. But if you engage in targeted advertising or use Google Analytics to track website visitors, privacy-first marketing should be a priority for your organization.

And if you aren’t transparent about how you track and store data, you also squander an opportunity to build brand trust.

So, how can you ensure your donor data is kept safe but keep your marketing plans well-informed? Here, we outline the latest trends your nonprofit needs to know in the ever-evolving world of data privacy. 


What is Privacy-First Marketing?

Privacy-first marketing is an approach to digital marketing that places equal emphasis on campaign results and the privacy of the users being targeted. It involves careful consideration during the planning process to ensure that you are only collecting the information you absolutely need to report on the results of your efforts and nothing more.

It also requires marketers to explain, in plain English, what the user is getting into and how their information will be used, and then freely gain their consent for it. Finally, it includes limiting efforts to track users beyond what is needed and, when appropriate, opting for first-party data over third-party tracking.

All of this is done not only because it is the right thing to do, but also because it’s an approach that will build trust with audiences and help build long-term relationships.


The Importance of First-Party Data

What’s the Big Deal?

It started with Apple’s App Tracking Transparency and continues with each new privacy feature or legislation introduced. 

It’s time to invest in your first-party data infrastructure. It’s time to develop a real plan for user privacy and consent. It’s time to consider other ways to genuinely attract customers and supporters to your business or nonprofit, as it becomes harder to follow them around.

The metrics provided by third-party paid media platforms were always shaky at best and are becoming increasingly untrustworthy as digital privacy changes take hold. Having a way to report in-platform on key conversions will still be essential to optimize your media spend, but they shouldn’t be the primary way that you measure your results.

While it requires a significant and ongoing technology investment, first-party data allows you to connect actions with real-life supporters and develop a cohesive picture of their interactions with your organization.

When done right, you won’t be guessing using anonymous and often conflicting data from multiple third parties like Facebook, Google, LinkedIn, and more.


Why should I do this?

Instead of fighting against the current, view this as a once-in-a-digital-generation opportunity to gain a competitive advantage by leaning into privacy—including form consent language, up-to-date privacy policies, internal data security initiatives, and opt-in vs. opt-out based tracking decisions.

Doing so will show prospective donors that you value their personal information—especially when you’re doing it not because it’s legally required (yet) but because it’s the right thing to do. Fundamentally, it’s a play to build long-term brand trust over short-term marketing results.


Ensure your actions match your policies

When you say you aren’t tracking website visitors, are you sure that’s the case? There are a few essential tools when auditing a website’s user privacy settings:

#1 VPN Clients: You can visit the website from various countries to see if the cookie consent banner is updated to reflect the law of the land. For instance, if you VPN in from Germany, you should not be tracked by default and should have to opt into tracking explicitly.

#2 Technology Profilers: These useful browser plugins search a site’s code and give a quick overview of the tech in use, from CMS to analytics to tracking codes. We suggest Wappalyzer.

#3 Pixel Helpers: Platform-specific browser plugins allow you to see if certain third-party cookies are firing and which events are being sent back to the platform. For instance, you can use the Meta Pixel Helper on any website to see if you are being tracked and in how much detail.


I used these tools to quickly review an organization’s website in the US and EU. From there, I observed that while the cookie consent banner’s language became GDPR-friendly when visited in the EU, third-party cookies were still being fired. 

It’s admirable for any organization or business to prioritize user privacy. However, the last thing you want is to look disingenuous inadvertently. That’s why it’s essential to audit how your site is and isn’t tracking visitors—and to do it regularly. Tools like these are how you make that happen with little technical know-how required.


New Ideas to Explore with Privacy-First Marketing

Websites are anything but static, and with each plugin or tracking pixel you add, you need to update your privacy policy and cookie consent banner to ensure you’ve covered your bases.

It’s also essential to revisit your privacy policy each time a significant new privacy law goes into effect where you operate, such as the CCPA in California.


Here are a few things you can do:

Ban third-party tracking pixels

Instead, lean into first-party data sources like HubSpot for attribution. (This doesn’t mean not running ads; it means getting creative with ad formats and behind-the-scenes integrations.)


Implement a compliance solution

One like Termly, to replace your static policy pages with robust embeddable documents that you can easily update over time. (Kudos to them for their setup wizard, which asks many intelligent questions to help you quickly craft custom policies.)


Use emerging cookieless and server-side tracking techniques

Allow marketers to still generate analytics without implementing invasive browser pixels or sending troves of personal data to third parties. Platforms like Plausible Analytics and Matomo are worth consideration for privacy-first analytics.


Try Server-Side, API Based Tracking

When you need to report data to third parties such as Facebook, use tracking methods such as Conversions API to control what data points you send and limit exposure of Personally Identifiable Information (PII). Expect this type of tracking to become more widely available as a feature in marketing software.  Leading platforms like WordPress, HubSpot, and Classy already offer support, and Google Tag Manager containers can also be implemented server-side, although the process is relatively technical.


Solutions for detailed, hyper-targeted tracking

If this is a must for your organization, consider solutions like OneTrust and CookieYes to at least give visitors a choice and buy yourself some time before the inevitable phase-out of tracking cookies.

If you haven’t invested in a marketing CRM and taken steps to integrate your tech stack…this is the year to make those moves.


What’s next?

While all this may seem daunting, once implemented, you’ll feel in control of your organization’s data and empowered in your marketing and fundraising efforts.

The end result doesn’t have to be negative. Instead, it can be empowering as you’ll form closer bonds with your customers and supporters, become better stewards of their personal information, and develop a healthier, more diversified approach to online advertising.

We don’t believe that “privacy-first marketing” is an oxymoron. It’s the way of the future. And right now, nonprofits and for-profits can get ahead of future privacy laws and cookie changes by taking a firm and clear stance. As a marketer, wouldn’t you establish a “market leader” position and use privacy as a selling feature instead of a weakness?

If you’re looking for a partner to help you move into the next step of data privacy, contact the Media Cause team.


Related Posts