Adjusting Campaigns For Privacy Laws – Digital Marketing 201

Want to keep updated about the blog? Sign up for the newsletter!

Niche Presents: Digital Marketing 201

Part of the 201 series, a deeper dive into various topics for enrollment marketers.

Why Adjusting Matters

Over the last few years, digital marketing has become one of the most predominant and powerful ways to reach families and students. With an increase in interest, usage, and data collection; stronger laws have been enacted to protect user privacy and information. While these laws may impact the way some perform digital marketing, it does not remove the power that digital marketing has on the industry. We’ll dive into how you can adjust your digital strategy amidst targeting restrictions and data laws to still reach families and students.

Targeting Restrictions

When it comes to data restrictions, there are a few privacy acts at the forefront of marketing restrictions including GDPR, CCPA, and LGPD. It’s important to understand these regulations and acts as violations lead to hefty fines and penalties.


GDPR (General Data Protection Regulation) protects the privacy and personal data of EU citizens. Starting in 2016, the EU implemented new guidelines that require businesses to protect personal data as well as regulate the use of personal data outside of the EU. This data protection spans from basic identification like name and address to more complex information like health and ethnic data.

CCPA (California)

CCPA (California Consumer Privacy Act) focuses on giving consumers more control over their personal information. It requires that users have a right to know about what personal information businesses collect, grants users the right to delete personal information that has been collected, provides the right to opt-out of the sale of their personal information, and the right to non-discrimination for using their CCPA rights.  Under the guidelines of CCPA, organizations must give users notice explaining their privacy policies.


The Utah Consumer Privacy Act allows users to opt out of processing personal information for targeted advertising and the selling of personal information. Within the act users gain access to personal data, can obtain a copy of said personal information, and order that the personal information is deleted. The effective date of said act will begin in December 2023.

CPA (Colorado)

The Colorado Privacy Act will go into effect in July 2023. For businesses/organizations to be compliant with the new law they will need to provide clear privacy notices and conduct data protection assessments for any personal data processing that may have risk to users. While not much detail is available on what “risk of harm” means, clarifying rules may surface prior to the Act’s launch. Users are granted the right to opt out of personal data targeting, a universal opt-out mechanism, and having access readily available for users who request visibility. 

CDPA (Virginia)

The Consumer Data Protection Act followed California as the second data privacy act in the USA, launching in March 2021. The act contains six main rights including: the right to access (personal data), the right to correct (any information that may be inaccurate), the right to delete, the right to data portability (users have the ability to obtain a copy of said data), the right to opt out, and the right to appeal (if a business denies to act within 45 days or the request users have a right to deny the usage of said data).

LGPD (Brazil)

LGPD (Lei Geral de Proteção de Dados in English Brazilian General Data Protection Act) is very similar to GDPR as it focuses on the protection of personal data of individuals in Brazil. The act grants rights including revoking consent, the right to have data deleted, the right to access data, the right to information on where data has been shared, and the right to remove excessive data. 

PIPEDA (Canada)

Canada’s Personal Information Protection and Electronic Documents Act, like many other data privacy laws, strives to protect individual’s information. The act states that organizations must obtain an individual’s consent when personal information is collected, used or disclosed. Individuals also are granted the right to have access to said information along with the ability to challenge the accuracy. 

PIPL (China)

The Personal Information Protection Law of China went into effect November 1, 2021. The new privacy law works in conjunction with China’s existing Cybersecurity Law and Data Security Law to heighten protection of its residents. PIPL allows individuals the right to know what personal information is obtained about them, the ability to deny processing of personal information, the right to a personal copy of said information, the right to data portability, the right to fix incorrect information, the right to supplement incomplete information, the right to remove said information, the right to have handling rules explained, and the right of action. 

NITDA (Nigeria)

The National Information Technology Development Agency Act is a framework for the planning, research, standardization, application, development, monitoring, evaluation, coordination, and regulation of information technology practices. The standards and guidelines in place for regulation purposes follow many of the above mandates in an attempt to protect user data, allow users to have access, and understand how their data is handled. 

PDPA (Singapore)

The Personal Data Protection Act in Singapore allows individuals to access, protect, and correct their own data. Companies/Organizations that collect and/or retain this type of data must obtain consent, collect data for an appropriate purpose, and must inform the individual of why the data is being collected. Said data is also not allowed to be transferred to any country with a lower level of data protection.

POPIA (South Africa)

The Protection of Personal Information Act was enacted on July 1, 2021 in South Africa. The purpose is to promote the protection of personal information by public and private organizations, establish minimum requirements for the processing of personal information, and regulate the flow of personal information outside of South Africa’s borders.

How To Adjust

While these laws place regulations on the way data can be collected and stored, there are modifications you can make to digital marketing campaigns to make them compliant and successful.

Location Exclusion and Adjustment

If data regulation is not something you want to deal with at all, one of the simplests solutions is to exclude countries. On Google, there are very simple steps to remove countries from your targeting. Using the Locations tab in your campaigns, selecting the Excluded tab will bring you to a search bar where you can easily select cities, states, regions, or countries you wish to avoid advertising to. In the event that this tactic limits your audience size, there is also the opportunity to target certain countries that may have similar prospective families or students. 

Self-Audit and Plan

Perform a self-audit of all the ways your organization collects data to ensure that security measures meet the standards of storage and accessibility. This audit should also include re-assessing any partnerships you may have that are also stakeholders in data collection. Their actions could impact your organization, and it is important in complying to make sure everyone is on the same page. Alongside auditing, creating a plan that will easily allow for deletion, disclosure, confirmation, and customer requests will help prepare your organization in the event that it will need to comply with a users’ request. 

Create a Policy Page or Pop-Up

In order to provide easy access to users on your organization’s security policies and how data is used, security pages or pop-ups can be installed. Either can provide a description of your data tools, techniques, and certifications. It can also inform the users on how their data will be used, thus, following the guidelines put in place. 

Targeting Adjustments with Niche

At Niche, our team of Digital Marketing Specialists works with you and your school to understand your goals and the students or families you want to target. Our processes and procedures are compliant to GDPR, CCPA, and LGPD removing any concern you may have in regards to complying with the acts. With various tactics and strategies, our team works to strengthen your school’s digital marketing performance using our powerful remarketing audience and digital skillset. 

Why is Niche Remarketing So Powerful?

We are able to ensure your ads are targeted to prospects that have signaled interest in your school, similar schools, or performed relevant searches on our site. We also make sure to serve your ads at the right time. Our ads are targeted to prospects while they’re actively engaged in the school search process, introducing your school during this critical period.


Courtney Camp

I grew up north of Pittsburgh and moved to the city for college at Duquesne to study Entrepreneurship and Marketing. After living Downtown for four years, I stayed in the city and have worked in various marketing capacities spanning from social media and email marketing to paid search analysis and implementation. Outside of work, I love exploring the city for a new coffee shop or place to eat (favorites include Dianoia’s or Gaucho but I can’t pick just one). I also spend a lot of my time running or coaching at [solidcore] and F45!

Want to Hear more from Niche?