- Hashing & pseudonymization: Email/phone often hashed before matching. This reduces direct PII sharing but can still be re-identified in some cases.
- Regulatory constraints: GDPR, CCPA and similar laws restrict processing/sale of personal data, require disclosures, and give consumers rights (access, deletion, opt-out).
- Platform rules: Major platforms (Apple, Google) limit access to persistent identifiers and restrict cross-app tracking (e.g., App Tracking Transparency for IDFA).
- Ad industry opt-outs: Industry initiatives (e.g., Global Privacy Control, IAB Transparency & Consent Framework) and ad choices pages exist to manage consent.
