5 Things Every Product Manager Should Do for Data Privacy Day

Data Privacy Day is a chance for product managers to take stock of how their products handle customer data and ensure privacy is baked into every stage of the product lifecycle.

Respecting user privacy has emerged as a strategic priority that now rivals performance and usability. McKinsey research found that privacy and sustainability have surpassed usability as top priorities for product managers, driven by regulation, consumer demand, and the ability to attract capital. For brands like Airship’s customers — who rely on cross-channel messaging to build trust and drive engagement — prioritizing privacy drives both compliance and competitive advantage.

“Instead of thinking of privacy as a blocker, think of it as a feature that builds trust,” says Dan Diaz-Gilligan, Manager of Privacy and Compliance at Airship. “When product managers treat privacy as a core product requirement from day one, they’re building the foundation for long-term customer relationships.”

We spoke with product, legal, and growth leaders, and here are five things every product manager should do for Data Privacy Day.

1. Audit your consent flows

When’s the last time you actually went through your own opt-in experience as a user? Test it. Is it clear what customers are signing up for? Are you collecting only what you need?

A confusing or buried consent flow erodes trust before the relationship even starts. With Apple Intelligence now prioritizing notifications based on relevance and personal context, brands that fail to secure meaningful opt-ins risk getting deprioritized by the algorithms — and by customers.

Product managers should know exactly what data their products collect, why it’s necessary, and how long it needs to be retained. This knowledge puts you in the best position to ensure consent flows are transparent and compliant.

Beyond compliance, consent flows are also a prime opportunity to collect valuable zero-party data. When customers actively choose to share their preferences, interests, and communication choices, you’re building a foundation of first-party insights that no third-party cookie could ever match. A well-designed preference center lets users tell you exactly what they want, how often they want to hear from you, and through which channels. That’s gold for personalization — and it’s data customers have explicitly chosen to share. In a world where privacy is most challenging because it often trades off against usability, consent flows done right let you have both: respect for customer privacy and the data you need to deliver relevant, personalized experiences.

“Optimized consent flows don’t need to feel like a legal hurdle. In fact, the best ones feel like conversation,” says Meghan Suslak, Director of Product at Airship. “When we design preference centers that actually give customers meaningful choices, we see higher opt-in rates and better engagement. People want control, and when you give it to them, they reward you with their trust.”

2. Make preference centers actually useful

Give customers real control, not just an “unsubscribe from all” nuclear option. Let them choose channels, frequency, and topics. Customers who can dial in their preferences stick around longer than those forced into all-or-nothing choices.

New iOS and Android features like app locking now limit notification visibility for sensitive apps. This makes securing opt-ins and giving users granular control more important than ever.

Think multi-channel from the start. Your users interact with your brand across push notifications, email, SMS, in-app messages, and web, with different tolerance levels for each. A customer who wants daily push alerts about order status might only want weekly email digests about promotions. Build preference centers that let users set channel-specific preferences rather than forcing a one-size-fits-all approach. 

Consider your entire user universe, not just opted-in users. Your preference center strategy should account for users at every stage: those who haven’t opted in yet, those who have opted in to some channels but not others, those who’ve gone quiet, and those actively engaged. For users who haven’t opted in, think about what value proposition might change their mind. For users who’ve disengaged, a well-timed “update your preferences” prompt is better than losing them entirely. The goal is to maximize the surface area of your consented relationship with each user: meeting them where they are, on the channels they prefer, at the cadence they choose.

“We’ve seen that granular preference controls actually increase overall engagement,” says Danny Ackerman, VP of Product at Airship. “When customers can choose to get order updates via push but marketing content via email, they’re more likely to stay opted in across the board. We believe in giving users the option to ‘opt-down’ instead of opting out.  It’s counterintuitive, but giving people more control leads to more touchpoints, not fewer.”

3. Clean up your data

If you’re holding onto data you don’t use, you’re just holding onto risk. Data Privacy Day is a good excuse to purge stale records, review what you’re collecting, and ask whether each data point actually serves the customer experience.

Privacy regulations like GDPR and CCPA require businesses to safely and securely store personal data and only keep it for as long as necessary. Product managers play a key role in determining data retention and deletion strategies. Work with your engineering and legal teams to ensure you’re not over-collecting or over-retaining.

“Data minimization is also good product management,” notes Andra Robinson, VP of Legal at Airship. “Every data point you collect creates both opportunity and liability. Product managers who regularly audit what they’re collecting and why tend to build leaner, more focused products that are easier to secure and easier to explain to customers.”

4. Evaluate how AI features impact privacy

AI is transforming product development. But it’s also creating new privacy risks that product managers need to get ahead of. Before integrating AI features into your product, ask hard questions about what kind of data flows where.

AI applications are built with and fine-tuned with potentially sensitive personal data. Users also input data into certain AI applications that may need to be filtered out for privacy or other reasons. Product managers should work with engineering to set up policy workflows that restrict sensitive personal data from being sent to AI applications, whether internal or third-party.

Key questions to ask:

• What user data is being sent to AI models, and is it necessary?
• Are you disclosing AI data usage in your privacy policy?
• Could the AI feature inadvertently expose sensitive information in outputs?
• Are third-party AI providers processing data in ways that comply with your privacy commitments?

A lot of the bias we see in algorithms can be attributed to the fact that they are typically trained on historical data that is often biased. Product managers should think about both privacy and fairness when evaluating AI integrations, as these issues are increasingly intertwined.

“AI governance is where privacy and product strategy collide,” says Dan Diaz-Gilligan. “Product managers need to ask not just ‘can we build this AI feature?’ but  ‘how do we build it responsibly?’ The answers to those questions shape both your product roadmap and your customer trust.”

5. Talk about privacy like it’s a feature (because it is)

Stop treating privacy as a compliance checkbox and start marketing it. Customers notice when brands respect their data. A simple “here’s how we protect your information” message can differentiate you from competitors who stay silent.

And here’s the business case: when you’re transparent about privacy, customers are more willing to share. Zero-party data — preferences, interests, and intentions that customers voluntarily provide — is more accurate, more actionable, and more durable than anything you could infer or purchase. This transforms privacy transparency from good ethics to a durable data strategy.

Product managers are at the center of the product development process. They decide what gets built and incorporate input from all stakeholders. That makes them uniquely positioned to champion privacy as a product feature, not just a legal requirement.

Responsible product management is now a non-negotiable standard. The companies that get ahead of this shift will build stronger customer relationships — and stronger brands.

“Privacy should be part of your product narrative, not hidden in the fine print,” says Andra Robinson. “When product managers work with marketing to communicate privacy features clearly — whether that’s in onboarding flows, release notes, or customer communications — they’re turning a legal requirement into a competitive differentiator.”

How Airship helps product managers build privacy into their apps

Privacy-first customer engagement requires the right set of tools.. Airship’s platform is designed to help product managers embed privacy considerations directly into their mobile app experiences:

• First-party and zero-party data foundation: Airship’s cross-channel orchestration is built on first-party data and direct customer relationships — not third-party cookies or opaque data brokers. Even better, our preference centers and consent flows help you collect zero-party data: preferences, interests, and intentions that customers voluntarily share. This is the most accurate, actionable, and privacy-compliant data you can get. And it future-proofs your engagement strategy against evolving regulations and browser changes.
  
• Granular preference centers: Give customers meaningful control over how they hear from you. Airship makes it easy to build preference centers that let users choose channels, message types, and frequency, turning privacy compliance into a loyalty driver and a rich source of zero-party data. Every preference a customer sets is a signal you can act on: what they care about, how they want to engage, and when. That’s data no third-party cookie could ever provide.
  
• Consent-based messaging: From push notifications to SMS to email, Airship helps you secure and honor opt-ins across every channel. Our platform tracks consent status so you’re never guessing whether a message is compliant.
  
• Privacy-respecting personalization: Deliver relevant, personalized experiences without overstepping. Airship’s SDK Privacy Manager gives product managers granular control over data collection through feature-specific flags — enabling only the data collection necessary for each use case, from push notifications to analytics to Scenes.  This means you can tailor content based on customer preferences and behaviors using Airship’s segmentation and experimentation tools, while keeping data minimization principles front and center. You collect what you need, when you need it — nothing more.
  
• Global compliance support: Whether you’re navigating GDPR, CCPA, or emerging privacy laws, Airship’s platform is designed to support compliance across jurisdictions — so your product team can focus on building great experiences, not chasing regulatory updates.
  

Privacy and great customer experience don’t have to be at odds. In fact, they can reinforce each other. When customers control their preferences and trust how their data is used, they engage more.

“At Airship, we’ve built our platform around the principle that privacy and personalization can coexist,” says Danny Ackerman. “Product managers shouldn’t have to choose between respecting user privacy and delivering great experiences. The right tools let you do both — and that’s what drives sustainable growth.”

The bottom line

Data Privacy Day is a reminder to make privacy part of your product DNA, not just a once-a-year audit. The brands that treat privacy as a feature, not a burden, will be the ones customers keep coming back to.

Ready to build privacy into your mobile app experience? Book a meeting with our team to see how Airship can help.