Data Privacy Roundup

Former Texas privacy enforcer Tyler Bridegan breaks down how regulators decide which companies to target – and how a little common sense can keep you off their radar.

What’s one data privacy shift or regulation that will most reshape digital advertising in 2026 – and who will be most unprepared for it?

From 2015’s ad tech gold rush to today’s cautious comeback, telcos are once again testing whether they can turn subscriber data into ad dollars – this time with privacy as the selling point.

Google recently settled a class-action lawsuit by agreeing to create an off-switch for data sharing in bid requests. Huge deal, right? So why isn’t anyone talking about it?

It’s not that people don’t care about their privacy – they do. The problem is that protecting it is often difficult, inconvenient and confusing.

As privacy rules tighten, M&C Saatchi built OneView to help marketers measure performance without relying on cookies or user-level data.

The Trade Desk is facing class-action lawsuits claiming its “privacy-safe” Unified ID 2.0 is really just repackaged cookie tracking.

Privacy isn’t black-and-white, says the FTC’s Chris Mufarrige, promising evidence-driven consumer protection cases under the Trump administration.

When Ours, a telehealth service for couples counseling, launched in 2020, it wasn’t planning to eventually pivot to a health care-focused customer data and privacy compliance platform.

Presearch is a decentralized, privacy‑first search engine that pays users in its own crypto – but also runs an ads business.

How will the California Privacy Protection Agency’s new rules on automated decision making and AI impact ad targeting? We asked the experts.

Regulators care about privacy in practice, not just in theory. Simply having a tool or partnership in place isn’t enough to demonstrate effective compliance.

There’s a saying in Texas: “All hat and no cattle.” It means all talk and no action. That idiom does not apply to the folks within the Consumer Protection Division of the Texas attorney general’s office.

Add digital health and wellness publisher Healthline to the growing list of companies hit with fines under California’s privacy law.

A UK-based early-stage startup called Paapi, which just closed its pre-seed funding round last month, is building a platform to help advertisers with privacy-safe ad measurement.

Whatever your take on the FTC’s oddly conditional green light for the Omnicom/IPG merger, one thing’s clear: The agency is being more active than expected.

But publishers have more power than they think to authenticate their audiences – they’ve just gotta learn how to wield it.

Google released a proposal for a Chrome feature called script blocking as part of a broader effort to mitigate API misuse for broader reidentification. In short: It’s a crackdown on fingerprinting in Incognito mode.

Despite all the cookie drama, companies haven’t completely abandoned the Chrome Privacy Sandbox, and BU marketing professor Garrett Johnson has the receipts to prove it.

There’s a reason ad tech is no longer in a position to self regulate. Somewhere along the way, companies forgot to respect their consumers and so regulators stepped in.

Google isn’t a regulator. From an attorney’s point of view, its decrees don’t carry the force of law, and that’s what lawyers are concerned with: the law.

You know that old saw about how regulators aren’t technical and don’t understand how online advertising works? Yeah, that’s not a thing anymore.

Privacy lawyers and ad tech folks often don’t speak the same language. But at least now they’ve got an acronym in common: MSCA.

Why should establishing consumer trust be a differentiator – and wouldn’t it be great if that was just every company’s MO?

The assumption often is that lawyers are the ultimate party poopers who want to stop innovative product people from doing what they do best. But that’s not the case at all.

What’s in the tea leaves for the FTC’s new chair Andrew Ferguson, who took over in January? Kyle Kessler, a partner at Womble Bond Dickinson, weighs in.

If an alternative identifier is present in the bidstream, and no one transacts on it, does it make a sound? The availability of alt IDs in open auctions has steadily increased, but demand has yet to catch up with supply.

Google just shared a teeny tiny bit more info about its planned consent mechanism for Chrome, which will be “a one-time global prompt.” Pause for amazed silence (lol).

To commemorate Data Privacy Day on Jan. 28, my gift to you is an update on something I think is about to get a lot more attention: universal opt-out mechanisms.

Attention, data brokers: If you operated in California last year, you need to register with the California Privacy Protection Agency (CPPA) by the end of this month.