I&M Bank House, 5th Floor, 2nd Ngong Avenue, Upper Hill, Nairobi, Kenya

First-Party Data – A Case of Compliance and Privacy


Throughout the years we have seen the three main browsers that dominate the market, Google Chrome, Mozilla Firefox, and Apple Safari phase out third-party cookies. With Google spearheading the movement, we can see a major shift in online advertising. So why the change? Let’s take a look from the perspective of the Data Protection Act, 2019: 


The Act emphasizes obtaining consent from a data subject when collecting and processing their information. It provides that consent should be voluntary, specific, and clear from any ambiguity. With first-party data, information is seen to be collected directly from the individual rather than with third-party cookies where users are often tracked without their consent. 

 The principle of transparency governs the full disclosure of the way companies use personal information obtained from data subjects. This ensures that individuals can make informed decisions about sharing their personal information. Third-party cookies would often track users without their consent or knowledge which would essentially raise privacy concerns. However, with the first party, transparency acts as a driving force as companies are obligated to give full disclosures on the what, why, and how data is being collected. A WIN FOR PRIVACY! 

 Another principle that is taken into consideration is data minimization; which dictates that companies should only collect data that they need to fulfill a specific purpose and no more. First-party data allows companies to now target their data collection to be more specific for a desired goal. This ensures that there are reduced security risks, as the data being collected is minimal. 

 The Data Protection Act, 2019 also mandates that appropriate security measures should be put in place to protect data and noting that data security is one of the biggest concerns within the privacy space, first-party data seeks to ensure that security measures are taken into account by storing data within a company’s system, giving them more control over the data. 


The Data Protection Act, 2019 aligns perfectly with the shift from third-party cookies to first-party data. The Act provides a futuristic outlook where companies can collect data directly from individuals in a way that is both compliant with the law and regulations while also being user-centric.