We talk a lot about how transparency builds trust. And there are a lot of ways for businesses to be transparent with their audiences.
Tell customers what data you’re collecting, for what purposes, and who will have access to it. Tell them what their rights are and how to exercise them. Let people know when you update your legal statements, like your privacy policy or terms of service, and what those updates mean for them as customers.
According to the IAPP’s State of the Consumer Report from 2023, “the most effective way to increase consumer trust is providing clear information about privacy, enabling consumers to really understand what companies do with their personal data.”
64 percent of respondents to that survey said providing clear information would increase their trust in a company. 57 percent said getting basic privacy information from a company when they sign up for something would also increase trust.
Companies are doing those things. They have to. These aren’t just best practices for transparency; they’re legal requirements under data privacy laws.
But is getting it right still the exception rather than the norm? Or does it just seem like it because a good backlash makes good headlines? Let’s look into it.
Why people don’t trust companies
The cynical response here would be: Why should they?
As of early 2025, over 80 percent of the world’s population was protected by privacy laws. Which sounds great, but what it’s traditionally been like as a consumer online is important to consider.
It’s generally agreed that Google started tracking link clicks on search results some time in the early 2000s, and it kind of became the Wild West from there.
Tracking and marketing technologies have advanced quickly, and for most of this millennium to date, people going online have been tracked so closely you’d think they were a critically endangered species.
Tracking capabilities ramped up quickly, hand in glove with the explosion of new social platforms between 2000 and 2010 and the arrival of smartphones. Never before in history had people created so much detailed data, which was so readily collected and processed by so many commercial entities.
Most consumers still don’t really know the degree to which they’re tracked online and just how well companies know them. But they know something’s up. (Even if their phones aren’t spying on them quite the way some people think.)
But consumer savvy has been ramping up, too. As our Usercentrics report, The State of Digital Trust in 2025, discovered, 62 percent of consumers feel that they have become the product.
For some that is purely a negative. They want to read things, browse things, buy things, and be left alone beyond those transactional interactions. For others, they know their data has value, These consumers increasingly insist that they should have more control over it, and also benefit from access to it, instead of just being passive data providers to companies.
What does transparency mean today?
As noted, privacy laws around the world pretty much all share certain notification requirements: what data is collected, how it’s used, who may have access to it, etc. Other legal documents, like Terms of Service, also have specific requirements.
These also need to be kept updated, which is often where negative coverage online comes from. A company makes an update, someone notices, scrutinizes it, and draw conclusions, for better or worse, which they post. Sometimes companies caught up in a backlash retract policy changes entirely. Sometimes they apologize for a lack of clarity in their wording and rewrite it.
Poor choice of words or bad intentions?
Sometimes it really is just a matter of what the company thought was clear not matching up with how the audience comprehended it. The company isn’t up to anything nefarious. Other times the company really is up to something. (Just how deep into the document are those updates buried?)
Additionally, there is potentially a gulf between following the letter of the law to protect your business from potential penalties, and communicating in a way that results in a happy customer base that trusts you with their information and feels well informed about what doing business with you entails.
Keep in mind that when a person chooses to become your customer, they’re bringing with them every memorable interaction and experience they’ve had with other companies — for better or worse.
That’s the standard to which companies are being held by consumers. But few companies operationalize thinking beyond their own operations and interests when crafting customer experience. (We’re not talking about competitive intelligence here.)
How do you figure out what transparency means to your audience?
So what does transparency mean? It means your audience and customers are happy with the information you provide and how you provide it. Not that you’re doing well enough to avoid running afoul of data protection authorities.
That requires knowing your audience well enough to know what “clear and plain language” (a phrased borrowed from Art. 12 GDPR) means to them. How much information they want, when and how they want it, what they’re okay with your company doing, how much choice they want in shaping interactions. Maybe personalized ads are okay, but using content they’ve created for training LLMs isn’t.
“The controller shall take appropriate measures to provide any information referred to … and any communication … relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means.” — Article 12(1) GDPR
This takes time, testing, and iteration – same as any messaging. Think of it as a long-term optimization campaign. After all, everything else keeps changing: your operations and the technologies you use; the legal landscape; your audience’s interests, expectations, and what has their attention. (Which could be the most recent ToS update backlash…)
Small companies have a transparency advantage (or those that think like small companies)
Most people who work for large companies rarely have direct contact with customers, prospects, and other engaged parties. Unless it’s specifically part of the job, like sales, customer support, or perhaps user experience testing.
It’s hard to know what the customer wants, how they think, and how they want to be communicated with when you’re many departments and roles away from them. The more teams you need to work with to know these things about your audience, the more How We Say and Do Things becomes a project, not just part of the company’s cultural domain knowledge.
Once upon a time How We Say and Do Things probably was widely known at most companies, because companies tend to start out small. It’s easy to learn a lot about the customer when the company is only three people, you all interact with customers every day, and there is no other department to which you can assign those How To projects.
Small companies may do less marketing measurement and analysis, and that can be okay — for a time. The day to day direct experience makes up for it. The more tools and automation a company uses, the more their marketing becomes like an employee at a large company — less manual and direct contact with the audience.
So yes, it’s important to remember that as companies grow, they change. A lot. But it’s more important to remember that so does their audience. That’s a critical consideration when you have to start communicating information that you never needed to share before, with new audiences (and new languages, etc.), or comply with newly relevant laws.
Doing your best for your customers, including getting transparency right, means always learning and being adaptable, which, in good news, are pretty much overall core requirements for growing a successful business.
Getting transparency right with Privacy-Led Marketing
Are companies really getting it so wrong? Is there any hope of of keeping customers happy with the right balance of information and choice as data processing, technologies, and regulation continue to evolve so quickly?
Why privacy by design makes a difference
The first best practice is a privacy by design orientation — for operations, development, design, and communications.
When companies think about privacy first and how to include it — and its implications for their audience — at the core of what they do, it’s a way of rebuilding something that is like the small company experience. That intimate cultural domain knowledge of who customers are, what they want, and how to communicate with them.
Know your audience — on their terms, not yours
It’s not about crystallizing one specific tone of voice or volume of information everywhere all the time to be transparent. Specialized audiences often have strong preferences about what information is communicated, how much, and in what format. If your company’s customer base is lawyers, a long, dense Terms of Service or privacy policy page isn’t likely to be intimidating.
But the average consumer usually is not interested in wading through documents like that to know their rights or what you’re doing with their data. They don’t necessarily know what “legitimate interest” or “automated decision-making is.” Nor should they have to.
But most people do know they prefer to make their own decisions about what’s important to them and what companies get to know about them. Plus, some data or uses are pretty well known to be sensitive and likely to cause concern. At least for a company that pays any attention online.
Consider all of the discourse and legislation around protecting kids online. Or using AI for anything related to customers, their data, or their content. Making operations and communications privacy-first, however, can help prevent confusion and upset.
You’re more likely to be spared a backlash when you ask the hard questions about privacy and transparency before you say, do, or change anything.
This includes what your average customer considers “clear and plain language,” not what your legal department does. It can include providing in-context information and requests so that what you are asking for is clearly because it’s at a relevant time and place.
Clarity, context, and control
If someone is signing up for your newsletter, it makes sense to tell them during that process what information you need to collect and what consent they need to provide so that you can send those newsletters and meet legal opt-in requirements.
If they would also be interested in being emailed personalized offers, like new product launches or sales or events in their city, this is the additional information and consent required.
Sure, companies want as much data on their audiences and customers as possible, but it’s both legally required under many privacy laws and key to Privacy-Led Marketing that you have a purpose for all information you collect, and that you collect only the information you need to fulfill the purpose.
If you’re balking at being transparent about particular data your company wants to collect, or a particular use for it, why is that? Is it because you know your customers well enough (or have read enough backlash headlines) that they wouldn’t be likely to agree if you were transparent about it?
Instant gratification does not fuel long-term growth
A lot of companies have made short-sightedness central to their strategies. Get as much as you can, as fast as you can, and win by getting bigger faster than competitors. This includes customer acquisition and customers’ data.
It’s worked very well — for some, for a while. But the companies that grow sustainably and thrive long term, regardless of how consumers and technology and regulations change, are those that think long-term.
They understand that when you exploit resources they run out — whether oil or trees or customers — and then you have nothing. Privacy-Led Marketing requires you to think of your operations, especially marketing, as partnerships. How to make them renewable, rather than purely extractive?
Smart companies understand they’re part of an ecosystem
Deliver what you promise and don’t take more than you need. Work with your customers so you know what they want and they know what you want. Understand that trust is earned, not bought or tricked into, and invest for the long term to build it, knowing that stronger engagement and value grow along with it.
Consumers are tired of being exploited, and regulatory authorities around the world are taking their side in enabling them to say no. Restricted access to various kinds of data and processing. Consent requirements. Data portability rights, and more.
Some of the biggest tech platforms — on which millions of smaller businesses rely for advertising, analytics, and more — are also starting to get on board with privacy-centric requirements. In some ways, they have more influence for change than any government.
It also makes the path forward clear for even the most short-sighted company: play by the rules, or you don’t get to play at all.
The future is increasingly clear — clear and plain, even. Companies that make themselves future-proof will understand what transparency means, to their own teams and to their customers.
They also know that what transparency means will need to keep evolving with privacy as a blueprint and a lodestar, along with the law, technology, and customer expectations.