CCPA, CPRA, VCDPA, UCPA, CPA, CPDPA …
It’s hard enough keeping track of the acronyms for state-based privacy laws in the US, let alone complying with them.
And the operational challenges of compliance only get trickier as more states pass data protection and privacy laws of their own. (Michigan, Pennsylvania, New Jersey and Ohio have privacy bills in committee.)
“It’s a lot to take in,” says MediaMath’s chief privacy officer, Fiona Campbell-Webster, on this week’s episode of AdExchanger Talks.
But compliance means paying attention to the details.
For example, what are the commonalities between these laws? Which aspects of a company’s existing compliance program can be repurposed? Is there any overlap between new laws in the US and work that’s been done already to comply with GDPR in Europe? Are there new contractual requirements based on whether a business is considered a third party or a service provider?
The industry has been working on standards for compliance.
The IAB Tech Lab, for instance, recently released the first version of its Global Privacy Platform, which is a protocol for transmitting consent and choice signals across the supply chain. For now, it’s only available for CPRA in California, with plans to add other states soon.
But some industry observers are critical that any approach modeled on the embattled Transparency & Consent Framework in Europe, as the Global Privacy Platform is, won’t be viable in the long term.
Earlier this year, the Belgian data protection authority deemed the TCF to be illegal in its current form and gave IAB Europe six months to overhaul it, which is a heavy lift.
AdExchanger Daily
Get our editors’ roundup delivered to your inbox every weekday.
Daily Roundup
But Campbell-Webster, a self-described “optimist by nature,” is betting on a successful revamp.
The IAB is “working very carefully on that at the moment … with the view in mind that if the issues are fixed, it could likely become a code of conduct,” Campbell-Webster says, “which would be very helpful for everyone in the industry.”
Also this episode: Handling sensitive data categories following the overturn of Roe v. Wade, the over/under on whether the US will finally get a federal privacy law and Campbell-Webster’s journey from classically trained opera singer to attorney with an interest in privacy and ad tech.
For more articles featuring Fiona Campbell-Webster, click here.
