Home Data-Driven Thinking Ignore No More: 3 Impending Privacy Changes You Need To Pay Attention To Right Now
OPINION: Data-Driven Thinking

Ignore No More: 3 Impending Privacy Changes You Need To Pay Attention To Right Now

By AdExchanger Guest Columnist

SHARE:
Ines Henrich, VP of sales planning and media strategy at Aki Technologies

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Ines Henrich, VP of sales planning and media strategy at Aki Technologies, an Inmar Intelligence company.

When it comes to privacy legislation, denial often comes before compliance.

When GDPR went into effect back in 2018, some companies in the US simply ignored it, opting to shut down or limit operations in the EU instead of adjusting their data privacy practices.

But with privacy legislation in California (CPRA), Colorado (CPA) and Virginia (VCDPA) set to go into effect 2023, American businesses will have no choice but to accept and act.

How exactly does this trio build on the precedents that GDPR and CCPA have set? And what do companies need to do now to ensure compliance in 2023?

These laws will usher in an era of classification-based compliance, privacy assessments and restrictions to data sharing. Here’s how to prepare.

Understand the distinction between controller and processor 

The EU’s GDPR identified two classes of businesses dealing with customer data: controllers and processors. Controllers determine the purpose of processing data; processors process data on behalf of the controller but do not determine the purpose for processing.

Virginia’s and Colorado’s laws borrow the controller-processor distinction from the GDPR, forcing US businesses that operate in those states to reckon with that taxonomy. 

Most retailers and brands are considered controllers – and being a data controller under new legislation will come with new responsibilities. 

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Daily Roundup

Daily News Roundup

Daily Mail Launches A Social Media Agency; AI Eats The Food Blogs’ Lunch

One new hurdle to navigate? Data subject access requests. These requests are consumers’ way of invoking their rights to find out what data a company has collected from them and to delete or correct inaccuracies in that data.

Prepare for privacy impact assessments

The Colorado and Virginia laws introduce a requirement for data controllers known as a privacy impact assessment or data protection assessment. Conducting a PIA entails assessing the benefits of sensitive data processing for targeted advertising, customer profiling or other use cases relative to the risk data collection and usage pose to the consumer. 

Not sure if you’ll have to conduct PIAs? Data mapping holds the answer. Data mapping is the practice of detailing how data moves throughout an organization. It helps businesses ensure they know exactly what data they are storing, how they are storing it and where it is going in order to limit risk, provide transparency to end users and comply with regulatory requests.

If it sounds daunting, fear not. Mapping can be automated, taking some of the burden off of businesses.  

Adjust to data sharing restrictions

CCPA forced businesses to give consumers the right to opt out of sales of their data to third parties. But there was a lack of clarity about whether data sharing to facilitate targeted online ads constituted a sale and therefore required an opt-out opportunity. 

But with CPRA, there’s no gray area. 

The law explicitly defines “sharing” to include “cross-textual behavioral advertising” (or targeted advertising based on user behavior). This means the many brands that share data with ad tech providers to facilitate advertising will now need to develop opt-out capabilities for customers. 

Brands will need to clearly state what data they are sharing and give consumers the right to opt out of sharing with third parties. This shift could present a major challenge not only in operationalization and compliance, but also in its potential impact on marketing. Marketers will also want to make the best possible case to consumers for necessary data processing and sharing, explaining the value exchange customer data makes possible.

Complying with new privacy laws will require some legwork, but if companies get it right, they can transform privacy challenges into opportunities. Eliminating regulatory liabilities is a big win, but shoring up consumer trust will be the most important victory.

Follow Aki Technologies (@akiunlocks) and AdExchanger (@adexchanger) on Twitter.

Must Read

Technology

How AudienceMix Is Mixing Up The Data Sales Business

AudienceMix, a new curation startup, aims to make it more cost effective to mix and match different audience segments using only the data brands need to execute their campaigns.

Digital Out-Of-Home

Broadsign Acquires Place Exchange As The DOOH Category Hits Its Stride

On Tuesday, digital out-of-home (DOOH) ad tech startup Place Exchange was acquired by Broadsign, another out-of-home SSP.

Social Media

Meta’s Ad Platform Is Going Haywire In Time For The Holidays (Again)

For the uninitiated, “Glitchmas” is our name for what’s become an annual tradition when, from between roughly late October through November, Meta’s ad platform just seems to go bonkers.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Monopoly Man looks on at the DOJ vs. Google ad tech antitrust trial (comic).
antitrust

Closing Arguments Are Done In The US v. Google Ad Tech Case

The publisher-focused DOJ v. Google ad tech antitrust trial is finished. A judge will now decide the fate of Google’s sell-side ad tech business.

Programmatic

Wall Street Wants To Know What The Programmatic Drama Is About

Competitive tensions and ad tech drama have flared all year. And this drama has rippled out into the investor circle, as evident from a slew of recent ad tech company earnings reports.

Comic: Always Be Paddling
Platforms

Omnicom Allegedly Pivoted A Chunk Of Its Q3 Spend From The Trade Desk To Amazon

Two sources at ad tech platforms that observe programmatic bidding patterns said they’ve seen Omnicom agencies shifting spend from The Trade Desk to Amazon DSP in Q3. The Trade Desk denies any such shift.

Popular

  1. Social Media

    Meta’s Ad Platform Is Going Haywire In Time For The Holidays (Again)

    For the uninitiated, “Glitchmas” is our name for what’s become an annual tradition when, from between roughly late October through November, Meta’s ad platform just seems to go bonkers.

  2. Digital Out-Of-Home

    Broadsign Acquires Place Exchange As The DOOH Category Hits Its Stride

    On Tuesday, digital out-of-home (DOOH) ad tech startup Place Exchange was acquired by Broadsign, another out-of-home SSP.

  3. Technology

    How AudienceMix Is Mixing Up The Data Sales Business

    AudienceMix, a new curation startup, aims to make it more cost effective to mix and match different audience segments using only the data brands need to execute their campaigns.

  4. AdExchanger Content Studio

    Beyond The Magic Button: How Domain Expertise Transforms AI Analytics For Advertising

    As artificial intelligence transforms advertising analytics, many organizations are rushing to adopt AI tools, hoping for a “magic button” that instantly democratizes data access.

  5. Monopoly Man looks on at the DOJ vs. Google ad tech antitrust trial (comic).
    antitrust

    Closing Arguments Are Done In The US v. Google Ad Tech Case

    The publisher-focused DOJ v. Google ad tech antitrust trial is finished. A judge will now decide the fate of Google’s sell-side ad tech business.