Marketing Privacy and Data Glossary: The Most Common Terms

Posted in
SMS Marketing
Published on
Mar 2, 2023
Written by
Hilary Henning
Written by
No items found.
Thank you! You've been subscribed.
Oops! Something went wrong while submitting the form.

Learn the language of privacy terms and regulations you’ll most often come across when building your marketing program.

Data broker. Secure Sockets Layer. Behavioral Advertising. Sounds impressive, but what does it all mean? The data privacy landscape is constantly changing, and it can be hard to stay on top of all the terminology—especially when you factor in region-specific data and privacy terms. We've put together a quick reference guide of the language you're most likely to come across as you build and optimize your marketing program.

Check out our alphabetized definitions so you’ll always be in the know. And be sure to bookmark this post for quick referencing any time. 

Disclaimer: This post is general in nature and not necessarily related to SMS or Attentive's services. The materials available in this blog post are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem.


Ad targeting 

When you receive an ad that seems like it was made just for you, that’s when a brand has used Ad Targeting. To create these personalized advertisements, brands use an individual or group’s personal data. 

The Americans with Disabilities Act (ADA) 

A civil rights law that prohibits discrimination against, and requires reasonable accommodations for, individuals with disabilities in places of public accommodation.

Audit trail

Details about a transaction—like date, time, and user information—that tracks a user opting to receive text messages from a brand. 

Australian SPAM Act of 2003

Regulates commercial email and electronic messages in Australia. This law prohibits the sending of unsolicited commercial electronic messages via email, SMS, multimedia message services, and instant messaging.


The purpose of data authentication is to make sure information hasn't been changed or fabricated. The user or computer has to prove its identity to the server with a unique user name and password or biometrics such as fingerprints, voice, or facial recognition.

Behavioral advertising

The practice of delivering targeted ads or content based on a user's online activity. Brands use data about an individual's past behaviors and preferences to deliver targeted advertising.

Canada’s Anti-SPAM Legislation (CASL)

Regulates commercial email and electronic messages in Canada. This law prohibits the sending of unsolicited commercial electronic messages via email, SMS, multimedia message services, and instant messaging.

California Consumer Privacy Act (CCPA)

Gives consumers in California the right to delete, opt-out of, correct, and limit the personal information businesses collect, use, and share about them.

Cellular Telecommunications Industry Association (CTIA)  

A mobile industry association that publishes a list of requirements for short code programs, and audits program operators against these requirements on behalf of mobile carriers.

Children’s Online Privacy Protection Act (COPPA)

A federal statute that imposes requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.   


A small piece of data that helps websites recognize a device. Cookies are a way to keep track of things like whether someone logs in, what pages they visit, and what items they add to their shopping cart. 


With respect to cookies, consent is an individual’s agreement to allow a company to place cookies in their browser to gather data about them.

Cross-device tracking

The set of technologies and methods used to track users across mobile devices, desktop computers, and laptops that generate profiles of consumers. By using shared identifiers like sign-in data, activity across multiple devices is matched to the same person and used to deliver specific ads across multiple devices. 


Data collection

T​​he gathering and analyzing of data from a variety of sources to provide business with the analytics, research, and identify trends to develop solutions.

Data hygiene

The cleaning and updating of a company's stored data to make sure they’re in compliance with data privacy laws.

Data privacy

The concept of making sure personal data is used properly by giving individuals control over how their data is accessed, used, or shared.

Data scraping

The process of pulling information from websites and other sources into a spreadsheet as a quick way to grab information for analysis, processing, or presentation.

Do Not Track (DNT)

A browser setting that disables the tracking of an individual user on a web application. When selected, the browser sends a signal to websites and other web services to stop tracking user activity while browsing.

Double opt-in

When a user signs up for an email or SMS marketing list and a follow-up email or SMS is sent to confirm the subscription. Once ‌the confirmation is completed, the user is added to the email or SMS marketing list.

Email marketing

The use of email to educate customers and promote products, services, and offers. Personal data is often used to target specific individuals to keep them engaged.


The process of scrambling human-readable information or data into incomprehensible text or code so that only authorized parties can understand to prevent unauthorized access.

First-party data

Information a company gathers directly from its audience and customers to complement and enhance their marketing efforts.

General Data Protection Regulation (GDPR)

A regulation governing collection, use, and rights regarding personal data of individuals located in the European Union.

Google Privacy Sandbox

Creates standards for websites to access user information without compromising their privacy.


Incognito mode

A private browsing window that allows users to visit web pages without storing any cookies, search history, or session data on their devices.

Identifiers for Advertisers (IDFA)

Apple's random and unique string of letters and numbers assigned to individual tablets or smartphones. They track and identify a user without revealing personal information, and enable advertisers to deliver customized content. 


The action of a consumer giving their explicit consent or permission to receive recurring marketing text messages from a brand (e.g., by entering their phone number and checking a box online).

Opt-out (or Unsubscribe)

The action of a subscriber indicating they no longer want to receive a brand’s text messages (e.g., by replying with a recognized opt-out keyword) or emails. Companies are required to remove subscribers who opt-out from their list.

Personal Identifiable Information (PII)

Also known as personal data, it is any type of information or data that can be used to identify an individual. 

Privacy by design

The practice of building data privacy considerations into developing products and services from the outset so that personally identifiable information is protected by default.

Privacy policy

A statement or legal document that explains how a company or website collects, uses, shares, and manages a customer or client's personal information.


Second-party data

Audience insights and first-party data businesses gather from trusted partners. Examples include social media profiles, customer feedback and surveys, and website activity.

Secure Sockets Layer (SSL)

Code on a web server that keeps an internet connection secure and protects any sensitive information sent during online communication from being read or modified. The SSL certificate enables an encrypted connection once the web browser contacts a secure website.

Telephone Consumer Protection Act (TCPA)

A federal statute with related FCC regulations that require marketers to obtain prior express written consent from mobile subscribers before sending them marketing text messages (e.g., legal disclosure in the sign-up unit).

Third-party data

Data collected by companies and outside sources that don’t have a direct connection to a brand or its audience.


A record of when an event occurred or certain information was created, exchanged, modified, or deleted online or on a computer.

United Kingdom General Data Protection Regulation (UK-GDPR)

The UK General Data Protection Regulation: a regulation governing collection, use, and rights regarding personal data of individuals located in the United Kingdom.

Web tracking

When cookies, web beacons, and other technologies are used to track an individual's online activity for marketing purposes.

Zero-party data

Information consumers willingly share about themselves and their preferences—such as purchase intentions and personal details—to help brands deliver better experiences for them.

To make sure you have the tools you need to meet regulations and maintain customer trust, learn more about our compliance and privacy features, such as Attentive Enhanced Audit Assistant and Attentive Litigator Defender.

Explore more SMS 101 resources—like the most common SMS marketing terms and SMS compliance best practices—to help you make the most out of your marketing program.

Related Articles