For the last decade, privacy compliance focused primarily on the browser. In 2026, the regulatory perimeter has expanded.
Regulators and consumers now scrutinize data collection in connected TV, automotive systems, and Internet of Things (IoT) environments. As we’ll see, recent privacy enforcement highlights the risks here.
The challenge for privacy teams is no longer just managing cookies on a website. It is maintaining a “consistent user experience and enforcement across all endpoints,” regardless of the hardware.
Jump to:
- The fragmentation of tracking
- Connecting the silos
- Harmonization is the technical hurdle
- Designing for non-web interfaces
- Future-proofing the stack
The challenge for privacy teams is no longer just managing cookies on a website. It is maintaining a “consistent user experience and enforcement across all endpoints,” regardless of the hardware.
The fragmentation of tracking
Tracking mechanisms differ significantly by endpoint. While web teams manage cookies and pixels, product teams dealing with connected TV rely on IP- or device-based signals. Automotive teams manage vehicle identifiers and telematics data.
These environments often operate as data silos. A user might log in to a streaming service on their phone and opt out of tracking, then log in to the same service on a smart TV.
If the privacy architecture treats these as separate users, the opt-out fails to propagate. The user continues to be tracked on the TV. This creates a compliance gap and a poor customer experience.
Connecting the silos
In its Market Guide for Privacy UX, Gartner notes that compliance gaps remain widespread “in the absence of clear reject options and persistent tracking after the data subject has opted out.”
To address this, organizations must move toward a “unified model.” This means implementing a Consent Management Platform (CMP) that can act as a single source of truth.
This central repository maps various identifiers (mobile ID, IP address, VIN, email) to a single human identity. When a preference changes on one device, the system updates the central record and pushes that change to all other connected touchpoints.
Harmonization is the technical hurdle
Gartner defines “harmonization” as the ability to connect multiple preference repositories and synchronize user choices.
Harmonization is difficult in non-web environments. A car dashboard or a TV remote offers a limited interface compared to a mouse and keyboard. The technical integration must be robust enough to handle real-time signals without disrupting the functionality of the device.
If a user changes a privacy setting on their car’s infotainment screen, that signal must instantly update the back-end marketing database. If it doesn’t, the manufacturer risks sending marketing communications based on data the user just asked them to suppress.
Designing for non-web interfaces
The “Privacy UX” must adapt to the physical constraints of the device.
You can’t present a multi-layered cookie banner on a dedicated infotainment screen while a user is driving. You can’t expect a user to navigate a complex preference center using a TV remote.
In December 2025, a streaming provider agreed to a $530,000 settlement for alleged California Consumer Privacy Act (CCPA) violations, specifically regarding its failure to provide adequate opt-out mechanisms on connected devices.
Regulators noted that directing TV viewers to web-based cookie settings was insufficient for a cross-platform service.
Privacy teams must work with UX designers to create simplified, accessible controls that comply with regulations without breaking the user journey.
Future-proofing the stack
Gartner forecasts that tracker consent controls will continue to expand. The variety of endpoints will only increase.
Organizations that build a unified privacy layer now, one that separates the consent logic from the specific device, will be able to scale compliance to new channels as they emerge.
Those that rely on separate, disjointed tools for web, mobile, and IoT will face increasing operational costs and regulatory risk as the definition of “tracking” continues to evolve.
