Privacy regulations have been a topic of conversation since the introduction of the first modern data privacy laws introduced in Germany in the 1970s. The conversation took center stage in 2016 with the introduction of the General Data Protection Regulation (GDPR) in the European Union. In 2018 the US followed suit with the introduction of the California Consumer Privacy Act (CCPA), which was initially much narrower in scope than the GDPR. 

As the conversation around data privacy continues to escalate, additional states began adopting privacy laws. Colorado, Connecticut, Utah, and Virginia are set to have new data privacy statutes online in 2023. And, in January the CCPA was amended and expanded with the introduction of the California Privacy Rights Act (CPRA). All of these changes are set to shift the underlying data privacy philosophy in the US from a historically harms-prevention-based approach to a rights-based approach. 

What is included in the scope of these new privacy acts?

  • These new state privacy laws going into effect in 2023 create a range of consumer privacy rights linked to the storing and selling of sensitive information.
  • They also mandate new data protection obligations for businesses and their employees in order to improve individuals’ data rights and privacy.
  • Each state imposes obligations on businesses, service providers, and third parties to conform to states’ legislative frames. Legal frames differ from one state to another such as consent management, contractural provisions, or sensitive data processing. It is up to the business to roll out compliance programs to comply with these regulations. 

A Common Language to Support Compliance

End-to-end compliance in such a complex and interconnected ecosystem requires standardized tech frameworks, ensuring all players share a common language. This is why we follow the IAB Tech Lab’s Global Privacy Platform (GPP). The GPP enables all parties in the digital advertising chain to comply with regional privacy regulations more easily. 

It is a transport layer that communicates user consent and preference signaling throughout the digital supply chain that supports existing consent formats and is flexible enough to support new markets with unique needs. The IAB Tech Lab stewards the development of these technical specifications. This platform provides a sustainable way to adapt to changes in existing privacy regulations and adopt new ones with its flexible, channel-agnostic, open architecture. The GPP integrates with existing highly-adopted privacy signals – including US Privacy and TCF.  

In California, we currently support the IAB CCPA compliance framework tech requirements to pass user opt-out signals. Beginning in Q1 2023, we will be able to ingest and share signals allowing publishers to operate in full compliance with state privacy regulations thanks to the GPP. 

We’ve always worked to increase quality and privacy throughout the entire advertising ecosystem. Our European roots mean we have a long history of and strong experience in upholding data protection and privacy standards and we have applied this knowledge to help our clients globally. 

View our one sheet to learn more about the latest regulations and how we can help you remain compliant