Home Data Privacy Roundup Google Is Backing A National Approach To US Privacy Compliance
Data Privacy Roundup

Google Is Backing A National Approach To US Privacy Compliance

By

SHARE:
Comic: Consent String Theory

Compliance is not a choice. But companies have some choice in how they tackle it.

There are two main approaches.

Businesses can implement a compliance program on a state-by-state basis, essentially devising different data strategies to meet the legal requirements in each state where they have customers.

Or they can take a national approach by applying the strictest guidelines (say, California’s statute) across all jurisdictions.

With so many US state privacy laws either already or about to become enforceable – we’ll be up to 17 once the governor of Maryland gets out his pen – companies are increasingly opting for the national route to make compliance less complicated.

Now, so is Google – which is a big deal, because Google’s POV carries weight.

Where Google goes …

On Thursday, the Google Ad Manager account on LinkedIn posted that “coming soon, Google will support the MSPA US National Privacy Technical Specification (National String) as part of the IAB Tech Lab’s Global Privacy Platform (GPP).”

In English, that means Google is advocating a national approach as one viable option for privacy compliance in the US.

The MSPA is the Multi-State Privacy Agreement, a so-called “springing contract” that creates a legal relationship between signatories to enable compliance with multiple state laws as data flows through the digital supply chain. The National String transports user opt-ins and opt-outs between partners in the US.

The Global Privacy Platform (GPP) is the API-based technology that underpins the whole shebang and actually passes the strings. As of now, the GPP supports consent strings for California, Colorado, Connecticut, Utah and Virginia with more states on the way.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Daily Roundup

Daily News Roundup

Disco Is So Back; Bippity Boppity Slop!

’Member the TCF delays?

Although the MSPA can facilitate either a state-by-state or national approach to compliance, the IAB and the IAB Tech Lab have been pushing for the latter. Taking a standardized highest common denominator approach to compliance is less madness-inducing (and more consistent) than trying to comply with the proverbial patchwork.

But the MSPA and GPP are the Tech Lab’s babies. It’s not surprising that they’re ballyhooing them.

Google backing the National String in GPP (what a jargon fest!) is more impactful because where Google goes so goes the online ad industry. If Google is endorsing the national approach to compliance, you can expect ad tech companies, publishers and brands to follow suit.

Forgive a girl for being a little cynical, however. I can’t help it. The words “coming soon” in Google’s post give me a little pause.

Remember when Google promised to integrate the Transparency and Consent Framework into its CMP when GDPR went into effect in 2018 … and then it took Google two years of hemming, hawing and delays before it finally happened?

I’d suggest keeping an eye out but not holding your breath.

****************************************************************************

In other news, I attended Frankfurt Kurnit Klein & Selz’s tech law summit in New York City on Thursday and heard a few excellent gems. But as we were operating under Chatham House rules, I can only share them without attribution.

These are my favorite nuggets:

On compliance in the US: “A single privacy law would be better than a multitude of privacy laws, but I don’t think the sky is falling. By and large, with some imperfections along the way, folks have largely adjusted to this new reality. As additional privacy laws come online, as long as they fit within the rough framework … I still think it’s manageable. Not ideal, but certainly manageable.”

On Washington State’s My Health My Data Act: “[With] a national approach to health data, pharma companies would not even be able to advertise.”

On why else a national approach isn’t a panacea: “A lot of small companies in our ecosystem don’t necessarily know exactly where all their data is coming from and haven’t done the hard work of data mapping.”

And a little deadpan third-party cookie humor: “If today we announced a technology that was knowable, seeable, deletable, resettable on your computer and that allowed you to determine what you want to do with it in terms of the collection of your data, we would see that as a privacy-enhancing technology. (Pause for dramatic effect) That’s a cookie. And now all of a sudden, cookies are evil.”

🙏 Thanks for reading! As always, feel free to drop me a line at allison@adexchanger.com with any comments or feedback. And remember to consult your lawyer about important issues such as this.

Story updated to reflect that Google hasn’t committed to adopting a national approach to privacy compliance in the US, but is rather backing a national approach as one potential pathway to compliance via the MSPA.

Must Read

CTV

Pinterest Acquires CTV Startup TvScientific (Didn’t CTV That Coming)

Looks like Pinterest has its eyes – or its pins, rather – fixed on connected TV.

Kelly Andresen, EVP of Demand Sales, OpenWeb
Publishers

Turning The Comment Section Into A Gold Mine

Publisher comment sections remain an untapped source of intent-based data, according to Kelly Andresen, who recently left USA Today to head up comment monetization platform OpenWeb’s direct sales efforts.

Comic: Shopper Marketing Data
Commerce

Shopify Launches A Product Network That Will Natively Integrate Items From Across Merchants

Shopify launched its latest advertising business line on Wednesday, called the Shopify Product Network.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
AI

Criteo Lays Out Its AI Ambitions And How It Might Make Money From LLMs

Criteo recently debuted new AI tech and pilot programs to a group of reporters – including a backend shopper data partnership with an unnamed LLM.

Agencies

Google Ad Buyers Are (Still) Being Duped By Sophisticated Account Takeover Scams

Agency buyers are facing a new wave of Google account hijackings that steal funds and lock out admins for weeks or even months.

Platforms

The Trade Desk Loses Jud Spencer, Its Longtime Engineering Lead

Spencer has exited The Trade Desk after 12 years, marking another major leadership change amid friction with ad tech trade groups and intensifying competition across the DSP landscape.

Popular

  1. Ikkjin Ahn, CEO & co-founder, Moloco
    PODCAST: AdExchanger Talks

    From Hype To Hyperscale In AI

    AI hype is everywhere, but Moloco CEO Ikkjin Ahn says the real winners in ad tech will be those who can move beyond flashy demos and harness AI at true hyperscale.

  2. CTV

    Pinterest Acquires CTV Startup TvScientific (Didn’t CTV That Coming)

    Looks like Pinterest has its eyes – or its pins, rather – fixed on connected TV.

  3. Publishers

    Programmatic Ads Are Coming To AI Chatbots

    Bringing programmatic ads to AI chatbots marks a shift in the business model for AI search, while traditional publishers must find new ways to monetize.

  4. Comic: Shopper Marketing Data
    Commerce

    Shopify Launches A Product Network That Will Natively Integrate Items From Across Merchants

    Shopify launched its latest advertising business line on Wednesday, called the Shopify Product Network.

  5. CTV

    Cadent Acquires YouTube Advertising Company VuePlanner

    On Tuesday, TV advertising company Cadent announced the acquisition of VuePlanner, which specializes in contextual advertising and media planning for YouTube.