Rapid change in the digital marketing and analytics industry

As the digital landscape continues to evolve at breakneck speed, staying on top of the latest news is more important than ever. In this article, we discuss these changes, breaking down the most significant updates and rulings impacting digital marketing, analytics, and data privacy.

‍iOS 26: Privacy Changes and the end of GCLID tracking

‍Apple’s upcoming iOS 26 release is set to make waves in the digital marketing world. The headline change? Safari will now strip out Google’s GCLID (Google Click Identifier) from all browsing sessions, not just private ones. The GCLID is crucial for linking Google Ads clicks to analytics data, so its removal will disrupt attribution and campaign measurement for a significant portion of users, potentially 40–45% of internet traffic.

Apple’s rationale is to protect the privacy of their customers using their devices, but the move has left marketers scrambling for workarounds to continue to evaluate their marketing spend in the future. While some solutions are circulating on LinkedIn, the cat-and-mouse game between Apple and marketers is likely to continue. Notably, Apple’s approach is also impacting other unique identifiers, with some uncertainty around how Meta tracking will be affected or other popular marketing pixels. The consensus? Marketers should prepare for more restricted tracking and attribution, especially on Apple devices.

‍Google’s Antitrust ruling: data sharing, not divestment

‍In a major antitrust case, Google has avoided being forced to sell off Chrome. Instead, the company will be required to share certain data with their competitors. While the specifics are still emerging, this remedy aims to level the playing field without dismantling Google’s core products. Interestingly, advancements in AI were cited as a reason for not imposing harsher remedies, highlighting how AI is reshaping regulatory thinking as well as technology itself.

‍Meta’s privacy breach: health data in the spotlight

‍Meta recently lost a high-profile privacy case in California. The company was found to have violated the California Invasion of Privacy Act by collecting sensitive reproductive health data from users of the Flow period tracking app via embedded SDKs. This ruling underscores the growing scrutiny on how tech giants handle health and other sensitive data, and it’s a stark reminder for all businesses to ensure transparency and compliance in their data collection practices.

‍Four major EU laws: Data Portability, AI, Cybersecurity, and ESG

‍Europe continues to lead the way in digital regulation, with four major new laws either in effect or coming soon:

1. The Data Act: Mandates data portability and sharing across platforms, making it easier for consumers and businesses to move their data between providers. By 2027, this must be offered at no cost, impacting industries from IoT to cloud services and healthcare. Until then, an “at cost” fee can be applied.
2. The AI Act: Requires risk classification and transparency for AI systems, including analytics tools. Businesses must now explain how AI-driven personalisation and decision-making work.
3. The Cyber Resilience Act: Imposes strict security and reporting obligations on digital products, aiming to reduce vulnerabilities and improve incident response.
4. CSR Expansion: Broadens ESG (Environmental, Social, and Governance) reporting requirements, pushing companies to actively promote and document their policies in these areas openly.

Non-compliance with these laws can result in hefty fines of up to €20 million or 4% of global turnover, so organisations should be proactive in reviewing their data practices.

‍The Hanover ruling: tag managers and consent

‍A recent court ruling in Hanover, Germany, has sent shockwaves through the analytics community. The court found that Google Tag Manager (GTM) must not be loaded before user consent is obtained, as it involves sending the user’s IP address to Google’s servers in the US. While the ruling technically applies to one company, it sets a precedent that could affect all tag management solutions, including Tealium and Adobe Launch, and potentially have far reaching impacts for how the website works in general.

The key takeaway: Consent banners must offer a clear “reject all” option, and tag managers should not be used to load consent management platforms themselves. This ruling could lead to increased costs and complexity, as companies may need to self-host more services to remain compliant.

‍Final thoughts

‍The digital marketing and analytics space is facing a period of rapid regulatory change. From Apple’s privacy moves to sweeping EU laws and landmark court rulings, the message is clear: compliance, transparency, and adaptability are more important than ever. As always, staying informed and questioning vendor claims is the best way to navigate this evolving landscape

‍