“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Robert Rasko, CEO and founder at The 614 Group.
I find it quite interesting that the IAB has asked the federal government to regulate a portion of the digital advertising industry. It is, at every angle, quite momentous given the IAB’s long history of promoting self-regulation.
But in a letter to leaders of the Senate Commerce Committee, IAB wrote, “A uniform federal privacy standard could provide clarity, market certainty and add fuel to future innovation while preserving the value and benefit that online advertising brings to the internet ecosystem.”
Once California passed its Consumer Privacy Act, the IAB had little choice but to change its regulatory posture. As the most populous state in the union, California has much clout; when the state sets its own environmental standards for automobiles, all US cars will ultimately meet them.
California may have started a trend, as at least 10 other states have introduced privacy laws similar to GDPR. Not surprisingly, the IAB saw the writing on the wall and opted to work with the federal government to, as it wrote, provide clarity and market certainty. One national law is easier to manage than 50 separate ones.
In my opinion, advocacy for federal regulation is a sign that an industry is growing and has an enormous impact on the lives of average Americans. When the IAB reached out to the Senate Commerce Committee and proposed “sensible” regulation, the message to me was clear: We’re not in the little leagues anymore.
Many of the 7,000-plus companies that comprise the LUMAscape may find this a bit jarring, as they’re still small operations. But our efforts have caught the attention of regulators all over the world, and that has elevated what we do.
Beyond GDPR: regulation in the United States
The goal of GDPR is to provide EU citizens and residents with greater transparency and control over their personal data. In this way, GDPR is similar to the laws being enacted here in the United States.
However, the California and Vermont laws go beyond breach notification and require companies to make significant changes in their data processing operations. For instance, the California law, according to the IAB, requires that all businesses that collect consumer data must explain the purpose for doing so, the categories of data collected, a description of their rights under the Act and a clear and conspicuous opt-out option that must include the phrase: “Do not sell my personal information.” The policy of consent by default doesn’t fly anymore.
The Vermont law, intended to crack down on data brokers that collect and monetize consumer data, seeks to shine light where there was darkness. The law requires all data brokers to register with the Vermont Attorney General and submit annual disclosures describing if and how consumers can opt out of data collection. It also requires them to adopt comprehensive data security programs and disclose any breaches that may have occurred. The law also bars credit rating companies from charging for credit freezes (a little off topic for the average website that collects data).
It’s easy to see how, in the absence of one set of regulations for the entire country, any company that collects consumer data could face a dizzying array of regulations, filings, disclosures, consent requirements, consumer notifications and so on. This, in turn, will make it difficult for any website to operate across state lines. Is anyone really surprised that the IAB abandoned its self-regulatory position and seeks to guide a national effort?
The IAB had a pillar of self-regulation referred to as the Online Behavioral Advertising regulations or OBA. Much came out of it, including the Digital Advertising Alliance, which establishes and enforces privacy practices. In its quest for self-regulation, the industry, led by the IAB, has developed many policies. It’s possible that regulators may take exactly what the IAB has done and turn it into regulation – wouldn’t that be easy? Or perhaps they could simply follow that framework as a guide?
The industry is growing, and it makes sense IAB took its initial and current positions. How will the industry self-regulation that has been done to date compare to whatever final federal regulation emerges? I know I’ll be watching to see how this unfolds.
Follow AdExchanger (@adexchanger) on Twitter.