Home Data-Driven Thinking Ignore No More: 3 Impending Privacy Changes You Need To Pay Attention To Right Now
OPINION: Data-Driven Thinking

Ignore No More: 3 Impending Privacy Changes You Need To Pay Attention To Right Now

By AdExchanger Guest Columnist

SHARE:
Ines Henrich, VP of sales planning and media strategy at Aki Technologies

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Ines Henrich, VP of sales planning and media strategy at Aki Technologies, an Inmar Intelligence company.

When it comes to privacy legislation, denial often comes before compliance.

When GDPR went into effect back in 2018, some companies in the US simply ignored it, opting to shut down or limit operations in the EU instead of adjusting their data privacy practices.

But with privacy legislation in California (CPRA), Colorado (CPA) and Virginia (VCDPA) set to go into effect 2023, American businesses will have no choice but to accept and act.

How exactly does this trio build on the precedents that GDPR and CCPA have set? And what do companies need to do now to ensure compliance in 2023?

These laws will usher in an era of classification-based compliance, privacy assessments and restrictions to data sharing. Here’s how to prepare.

Understand the distinction between controller and processor 

The EU’s GDPR identified two classes of businesses dealing with customer data: controllers and processors. Controllers determine the purpose of processing data; processors process data on behalf of the controller but do not determine the purpose for processing.

Virginia’s and Colorado’s laws borrow the controller-processor distinction from the GDPR, forcing US businesses that operate in those states to reckon with that taxonomy. 

Most retailers and brands are considered controllers – and being a data controller under new legislation will come with new responsibilities. 

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Daily Roundup

Daily News Roundup

Breaking Up Google is Hard To Do; Eyes On Epsilon

One new hurdle to navigate? Data subject access requests. These requests are consumers’ way of invoking their rights to find out what data a company has collected from them and to delete or correct inaccuracies in that data.

Prepare for privacy impact assessments

The Colorado and Virginia laws introduce a requirement for data controllers known as a privacy impact assessment or data protection assessment. Conducting a PIA entails assessing the benefits of sensitive data processing for targeted advertising, customer profiling or other use cases relative to the risk data collection and usage pose to the consumer. 

Not sure if you’ll have to conduct PIAs? Data mapping holds the answer. Data mapping is the practice of detailing how data moves throughout an organization. It helps businesses ensure they know exactly what data they are storing, how they are storing it and where it is going in order to limit risk, provide transparency to end users and comply with regulatory requests.

If it sounds daunting, fear not. Mapping can be automated, taking some of the burden off of businesses.  

Adjust to data sharing restrictions

CCPA forced businesses to give consumers the right to opt out of sales of their data to third parties. But there was a lack of clarity about whether data sharing to facilitate targeted online ads constituted a sale and therefore required an opt-out opportunity. 

But with CPRA, there’s no gray area. 

The law explicitly defines “sharing” to include “cross-textual behavioral advertising” (or targeted advertising based on user behavior). This means the many brands that share data with ad tech providers to facilitate advertising will now need to develop opt-out capabilities for customers. 

Brands will need to clearly state what data they are sharing and give consumers the right to opt out of sharing with third parties. This shift could present a major challenge not only in operationalization and compliance, but also in its potential impact on marketing. Marketers will also want to make the best possible case to consumers for necessary data processing and sharing, explaining the value exchange customer data makes possible.

Complying with new privacy laws will require some legwork, but if companies get it right, they can transform privacy challenges into opportunities. Eliminating regulatory liabilities is a big win, but shoring up consumer trust will be the most important victory.

Follow Aki Technologies (@akiunlocks) and AdExchanger (@adexchanger) on Twitter.

Must Read

Platforms

Conversion APIs Are Becoming Table Stakes – But Not All Brands Have Bought In

CAPI integrations have moved from a nice-to-have to a necessity for anyone operating within walled garden environments. Now they’re laying the groundwork for an outcomes-driven ad ecosystem.

Peppa Pig
Marketers

The Media And Retail Deals Behind The Peppa Pig Franchise Expansion

Peppa Pig is everywhere. Whether or not you have children, you likely know the little girl pig from the kid’s cartoon show. But the Peppa media franchise is just getting started.

CTV

How A For-Profit College Is Using CTV Ads To Win Over New Students

The American College of Education partnered with performance TV company MNTN to better reach its audience of adults seeking higher education.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Platforms

Critics Say The Trade Desk Is Forcing Kokai Adoption, But Apparently It’s Up To Agencies

Is TTD forcing agencies to adopt the new Kokai interface despite claims they can still use the interface of their choice? Here’s what we were able to find out.

Commerce

Why Big Brand Price Increases Will Flatten Ad Budgets

Product prices and marketing budgets are flip sides of the same coin. But the phase-in effects of tariffs, combined with vicissitudes of global weather and commodity production, challenge that truism.

Publishers

The IAB Tech Lab Isn’t Pulling Any Punches In The Fight Against AI Scraping

IAB Tech Lab CEO Anthony Katsur didn’t mince his words when declaring unauthorized generative AI scraping of publisher content “theft, full stop.”

Popular

  1. Banner. Contemporary art collage. Two people holding hands and go up on colorful columns, graph as on career ladder. Concept of partnership, business acquisition, deal, cooperation, teamwork, contract
    ad tech M&A

    Roqad Acquires Zeotap’s Third-Party Data Arm To Get A Leg Up On Identity In Europe

    Roqad is buying Zeotap’s third-party data biz to boost its identity resolution capabilities, but also for access to key integrations with major ad platforms.

  2. CTV Roundup

    Pure Dating App Swipes Right On Programmatic CTV Ad Buying

    Back when the Pure app first launched in 2012, it was a completely anonymous hookup app. Now, it’s using CTV as a way to explain its rebranded vibe to prospective new users.

  3. Comic: Game Over?
    Daily News Roundup

    GAM Goes Direct To Buyers; Perplexity’s Ad Lead Exits

    Google’s SSP tries to cut out its DSP ahead of a possible ad tech breakup; Perplexity’s head of ads skips town; and Amazon’s search ad pause flooded the market with big spenders.

  4. Marketers

    How A Specialized CRM Platform Is Helping Restaurants Dig Into Audience Insights

    Panso, a CRM for restaurants, gives folks in the restaurant business a 360 view of their guests which can be used to send targeted and personalized email and SMS campaigns.

  5. PODCAST: The Big Story

    Will AI Companies Pay Publishers?

    Pause ads are going programmatic, as connected TV ad buying becomes more automated. Plus: how publishers are proposing to be compensated by AI companies – and the odds that they’ll receive what they are asking for.