Streaming TV advertising is booming. Marketers love that they can reach cord-cutters and on-demand audiences with TV-style ads. In fact, CTV ad spending is projected to double from about $1.85 billion in 2023 to over $3.73 billion by 2028 (eMarketer). This growth is great news for small and midsize businesses (SMBs) and agencies looking to get into TV advertising. But there’s a catch: with this opportunity comes new privacy concerns. A recent industry survey found that 80% of experts say CTV needs a better way to address users for targeting and measurement. In other words, figuring out who is watching (and respecting their privacy) is a big challenge.
Why is privacy such a hot topic in streaming TV ads? In short, digital advertising relies on tracking people’s data – and both regulators and tech platforms are cracking down on that tracking. If you’ve heard about cookies going away, new privacy laws, or Apple’s privacy features, you’re seeing the tip of the iceberg. Don’t worry – in this guide, we’ll break down what all this means for streaming TV advertising and how you, as an SMB or agency, can navigate the change.
At the heart of modern digital advertising are user identifiers—tools that help advertisers understand and reach audiences. In the world of streaming TV (or Connected TV, CTV), these include:
Cookies: These are small text files stored in your web browser. In traditional online ads, cookies remember who you are (or rather, your browser) across different sites. However, in the streaming TV world, cookies play a smaller role because many CTV platforms are apps or devices (not web browsers). Still, if someone streams video through a web browser (say, watching Hulu on a laptop browser), cookies might be used to track that behavior. Cookies also come into play when linking a user’s behavior on the web to their TV viewing (via device graphs that connect cookies to other IDs) . Historically, cookies were the backbone of digital ad targeting – think of them as the “name tags” that websites gave you so they could serve personalized ads later. In CTV, they’re less central, but worth mentioning as part of the bigger picture.
Mobile Advertising IDs (MAIDs): MAIDs are the mobile/CTV device IDs provided by operating systems (like Apple’s IDFA or Google’s Android Ad ID). These are unique identifiers on your phone, tablet, or smart TV device that help advertisers recognize your device across different apps. In streaming TV advertising, if someone is watching via a smart TV, streaming stick, or gaming console, those devices often have a resettable advertising ID similar to mobile phones. Advertisers use MAIDs to target or frequency-cap ads in streaming apps – for example, to avoid showing you the same ad 10 times on your Roku. MAIDs are powerful because they persist across apps (until a user resets or blocks them) and aren’t tied to cookies. However, they’re subject to platform rules (we’ll get to how Apple changed the game on these IDs shortly).
IP Addresses: Think of an IP address as your device’s “home address” on the internet. It’s a numeric label (like 203.0.113.45) that identifies your network location. In CTV advertising, IP addresses are hugely important, especially when other IDs (cookies, MAIDs) aren’t available. Advertisers use IPs to infer your geographic location (for example, to serve local ads to viewers in Chicago versus Miami) and even to guess which devices belong to the same household. In fact, many streaming ad platforms use IP addresses to associate devices in the same home – so if your phone and your smart TV ping the internet from the same Wi-Fi, they assume it’s one household and can coordinate ads accordingly. IPs can also help with measurement (matching a viewer who saw a CTV ad to a later website visit or purchase from the same IP). The downside? An IP address is a blunt instrument – it doesn’t give a name or exact identity, and it can be imprecise (many people in one area can share similar IP ranges). But it’s a key fallback identifier for CTV where more precise IDs are absent.
Why all these IDs? In a perfect world, a marketer would know exactly who saw their ad and whether that person took action (like visiting a site or buying something). Identifiers like cookies, MAIDs, and IPs have been proxies for “who” and “did they act.” They enable targeting (showing the ad to the right person), retargeting (reminding you of that couch you looked at yesterday), and measurement/attribution (crediting the TV ad when a sale happens).
Many ad tech solutions even connect these IDs in identity graphs – e.g., linking a cookie from your laptop to your phone’s MAID and your TV’s device ID, via matching data points, to create a more complete profile. This cross-device matching lets advertisers say, “aha, three different screens, but same person/household.” Cool, right? Well, it was – until privacy concerns started throwing wrenches in the gears.
Over the past few years, a wave of privacy regulations and platform changes has started to restrict those trusty identifiers we just discussed. The goal of these changes is to give users more control over their data and limit how companies track people, but they definitely make digital advertising trickier. Here’s what’s happening:
Enacted in the EU in 2018, GDPR introduced strict consent requirements for tracking and granted users the right to access or delete their data. It led to the now-familiar cookie consent pop-ups and fundamentally reshaped how data is handled in digital advertising.
Launched in California in 2020, CCPA gives consumers the right to know what data is collected, opt out of data sales, and request deletion of their personal data. Unlike GDPR’s opt-in model, CCPA focuses more on opt-out, but both have inspired wider privacy reforms across the U.S.
Beyond regulations, platforms themselves are driving privacy changes. Apple’s App Tracking Transparency (ATT) framework introduced in 2021. This change made iPhones and iPads ask users for permission before allowing apps to track them across other apps/sites. The result? Most people said “No, thanks.” (Globally, only around 20–30% of users opt in, meaning 70–80% of iOS devices no longer share the IDFA freely .) For streaming apps on iPhones or Apple TV, that means the mobile ad ID is often unavailable unless a user explicitly allowed tracking – a huge shift from the old days when it was on by default. One mobile marketer summed it up: “Smaller businesses are a casualty… Apple may not have fully thought that through” , highlighting that not just tech giants, but small advertisers lost a vital tool for reaching customers.
Apple didn’t stop there. They also introduced iCloud Private Relay (an iOS/Safari feature for iCloud+ users), which hides the user’s IP address and browsing activity by routing it through relay servers. In plain terms, Private Relay works a bit like a VPN – it obfuscates your real IP, so websites and ads can’t easily pinpoint your location or recognize you by IP . Right now, Private Relay isn’t on by default for everyone (you have to be an iCloud+ subscriber and enable it), so it’s not huge in usage yet. But experts call it a potential “nuclear option” for ad tracking if Apple ever flips the switch to turn it on by default . It would drastically undermine IP-based targeting and measurement because advertisers would see only an Apple proxy IP, not your true address. In short, Apple is giving users more privacy and giving advertisers fewer clues.
Meanwhile, browsers and other platforms are following suit. Apple’s Safari and Mozilla Firefox have blocked third-party cookies for years; Google Chrome (the big one) is planning to phase out third-party cookies as well. Google is also working on technologies like Gnatcatcher (part of its Privacy Sandbox) to hide or mask IP addresses to prevent fingerprinting . If that comes to fruition, the ability to use IP as a consistent ID could diminish. Even on the CTV front, Google’s ad products are changing – Google announced that its European consent policy will apply to CTV as well, meaning any CTV app or publisher using Google ads must integrate with the IAB’s Transparency & Consent Framework and have a Google-certified consent management platform by 2025 . (This was supposed to kick in earlier, but got deferred to July 2025 , giving folks a bit more time to adapt.) Still, it’s a clear sign: CTV is no longer a privacy “wild west” – the same rules hitting web and mobile are coming for streaming TV.
All these changes boil down to one thing: advertisers have less easy access to data on “who’s watching.” The identifiers that once quietly tracked viewers are either disappearing, becoming opt-in only, or require heavy-duty compliance. It’s a new landscape. As one advertising exec quipped, it’s turning into a “massive quagmire” of devices, logins, and regulations . So, if you’re feeling a bit overwhelmed by the alphabet soup of GDPR and ATT and CMPs – you’re not alone!
Next, let’s talk about what these privacy moves practically mean for advertisers day-to-day, especially smaller teams and agencies.
Okay, so regulations and Apple/Google are cutting off some of our favorite targeting tools. What does that actually mean when you’re planning or running a streaming TV ad campaign? Here are some of the practical impacts to expect:
You might not be able to target as narrowly as before. If fewer users can be tracked or identified, the audience segments available for targeting get broader or smaller in size. In short, if you were used to laser-focused targeting, you may have to broaden the scope when some data points disappear.
If tracking is harder, linking an ad view to a result (like a website visit or sale) is also harder. For instance, if IP addresses are partially masked or user IDs aren’t available, connecting the dots between “TV ad shown on Roku” and “user later visited my site on their phone” becomes an exercise in statistics and probability rather than a deterministic match. Advertisers might see less attributed conversions from their CTV campaigns, not necessarily because the ads stopped working, but because the tracking can’t confidently tie users to outcomes. This can be frustrating, especially for small businesses who rely on direct response performance.
In some cases, you’ll lean more on the streaming platforms’ own aggregated data. Big players like Roku, Amazon (Fire TV), or streaming services offer their targeting options, but how they build those (and whether they share device-level data) might be opaque. With privacy changes, these platforms may offer more aggregated segments (“lovers of cooking shows in California”) rather than granular user lists. You might have to trust the platform’s internal attribution reports since you can’t track users off-platform as easily. Smaller advertisers might find it tough to validate results independently, which can feel like a black box.
First-party data is information you collect directly from your customers (like emails, login info, purchase history, website visits, etc.). In a world where third-party data (cookies, device IDs from others) is drying up, your own data becomes gold. Even for CTV, this matters. For example, a local retailer might build their own customer email list and use it to target those people on streaming platforms (through hashed email matching if the platform allows) or at least to understand overlap. Agencies working with SMB clients might emphasize collecting customer info through CRM, loyalty programs, or website traffic, then leveraging that in advertising. If you have a way to know who your best customers are, you can use CTV to find “lookalikes” or just make sure those customers see your new video ad.
Many small businesses hadn’t prioritized data collection – now they really should. It’s no surprise that marketers are leveraging first-party purchase data via retail media networks and publisher partnerships as one adaptation . The idea is to rely on data sources where users have already given consent or have a direct relationship, rather than on sneaky third-party trackers.
Advertisers should expect more aggregated reports and less per-user info. For instance, you might get a report that your CTV campaign reached 50,000 people in Los Angeles and drove a 5% website lift, but you won’t know exactly which 50,000 or get to retarget individual “Jane Doe” later unless she somehow volunteers her info. The focus shifts to trends and groups, not individuals. This also means frequency capping (limiting how often one person sees your ad) might be less precise if you can’t uniquely identify everyone – some viewers might end up seeing an ad a bit too often or occasionally twice if systems can’t tell they’re the same person across apps. It’s improving with unified ID solutions, but it’s still a challenge in a fragmented, privacy-constrained environment.
Especially for agencies working with multiple clients, keeping on top of privacy compliance is becoming a job in itself. You might need to ensure each streaming platform or publisher you buy ads on has proper consent mechanisms. If you use any audience data, you need to confirm it’s collected in privacy-compliant ways. For SMBs without legal teams, this is daunting. It’s one reason many trade groups have been raising concerns. In the U.S., small businesses worry that new state privacy laws could make online advertising “more difficult and expensive” for them. This balancing act – privacy vs. ad effectiveness – is felt acutely by smaller players who can’t easily absorb compliance costs or sudden drops in ad performance.
To sum it up, privacy changes are forcing advertisers to adapt their strategies. For SMBs and agencies, it might feel like your “easy mode” targeting is gone, and you have to get a bit more creative and hands-on. But it’s not doom and gloom – it just means a shift in how you approach targeting and engagement. In fact, these constraints can spur innovation in reaching customers in respectful ways. Let’s look at some of those new approaches, like contextual targeting and getting user consent properly, which are becoming the go-to moves in this new era.
At Skybeam, we’re committed to helping SMBs and agencies succeed in this evolving landscape:
Transparent Targeting: Our platform uses advanced targeting options — including contextual and geo-based approaches — while respecting audience privacy.
Built-In Compliance: Skybeam works with industry-standard frameworks (like IAB’s Transparency & Consent Framework) to ensure campaigns meet regulatory requirements.
Privacy-Safe Insights: Our real-time reporting provides actionable data without compromising user privacy.
In today’s environment, privacy isn’t just a legal necessity—it’s a brand value. Consumers are increasingly aware of how their data is used. Advertisers who prioritize transparency and respect for privacy can build trust and long-term loyalty.
By staying informed, adapting strategies, and partnering with privacy-forward platforms like Skybeam, marketers can thrive in the age of privacy-first streaming TV advertising.
Olena Svietlova
2025-06-11 • 9 min to read
