Home Data Privacy Roundup Google Is Backing A National Approach To US Privacy Compliance

Google Is Backing A National Approach To US Privacy Compliance

Comic: Consent String Theory

Compliance is not a choice. But companies have some choice in how they tackle it.

There are two main approaches.

Businesses can implement a compliance program on a state-by-state basis, essentially devising different data strategies to meet the legal requirements in each state where they have customers.

Or they can take a national approach by applying the strictest guidelines (say, California’s statute) across all jurisdictions.

With so many US state privacy laws either already or about to become enforceable – we’ll be up to 17 once the governor of Maryland gets out his pen – companies are increasingly opting for the national route to make compliance less complicated.

Now, so is Google – which is a big deal, because Google’s POV carries weight.

Where Google goes …

On Thursday, the Google Ad Manager account on LinkedIn posted that “coming soon, Google will support the MSPA US National Privacy Technical Specification (National String) as part of the IAB Tech Lab’s Global Privacy Platform (GPP).”

In English, that means Google is advocating a national approach as one viable option for privacy compliance in the US.

The MSPA is the Multi-State Privacy Agreement, a so-called “springing contract” that creates a legal relationship between signatories to enable compliance with multiple state laws as data flows through the digital supply chain. The National String transports user opt-ins and opt-outs between partners in the US.

The Global Privacy Platform (GPP) is the API-based technology that underpins the whole shebang and actually passes the strings. As of now, the GPP supports consent strings for California, Colorado, Connecticut, Utah and Virginia with more states on the way.


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

’Member the TCF delays?

Although the MSPA can facilitate either a state-by-state or national approach to compliance, the IAB and the IAB Tech Lab have been pushing for the latter. Taking a standardized highest common denominator approach to compliance is less madness-inducing (and more consistent) than trying to comply with the proverbial patchwork.

But the MSPA and GPP are the Tech Lab’s babies. It’s not surprising that they’re ballyhooing them.

Google backing the National String in GPP (what a jargon fest!) is more impactful because where Google goes so goes the online ad industry. If Google is endorsing the national approach to compliance, you can expect ad tech companies, publishers and brands to follow suit.

Forgive a girl for being a little cynical, however. I can’t help it. The words “coming soon” in Google’s post give me a little pause.

Remember when Google promised to integrate the Transparency and Consent Framework into its CMP when GDPR went into effect in 2018 … and then it took Google two years of hemming, hawing and delays before it finally happened?

I’d suggest keeping an eye out but not holding your breath.


In other news, I attended Frankfurt Kurnit Klein & Selz’s tech law summit in New York City on Thursday and heard a few excellent gems. But as we were operating under Chatham House rules, I can only share them without attribution.

These are my favorite nuggets:

On compliance in the US: “A single privacy law would be better than a multitude of privacy laws, but I don’t think the sky is falling. By and large, with some imperfections along the way, folks have largely adjusted to this new reality. As additional privacy laws come online, as long as they fit within the rough framework … I still think it’s manageable. Not ideal, but certainly manageable.”

On Washington State’s My Health My Data Act: “[With] a national approach to health data, pharma companies would not even be able to advertise.”

On why else a national approach isn’t a panacea: “A lot of small companies in our ecosystem don’t necessarily know exactly where all their data is coming from and haven’t done the hard work of data mapping.”

And a little deadpan third-party cookie humor: “If today we announced a technology that was knowable, seeable, deletable, resettable on your computer and that allowed you to determine what you want to do with it in terms of the collection of your data, we would see that as a privacy-enhancing technology. (Pause for dramatic effect) That’s a cookie. And now all of a sudden, cookies are evil.”

🙏 Thanks for reading! As always, feel free to drop me a line at [email protected] with any comments or feedback. And remember to consult your lawyer about important issues such as this.

Story updated to reflect that Google hasn’t committed to adopting a national approach to privacy compliance in the US, but is rather backing a national approach as one potential pathway to compliance via the MSPA.

Must Read

It’s Open Season On SaaS As Brands Confront Their Own Subscription Fatigue

For CFOs and CEOs, we’ve entered a kind of open hunting season on martech SaaS.

Brian Lesser Is The New Global CEO Of GroupM

If you were wondering whether Brian Lesser was planning to take some time off after handing the CEO reins of InfoSum to Lauren Wetzel last week – here’s your answer.

Comic: S.P. O'Middleman's

TripleLift CEO Dave Clark Abruptly Exits After Setting The SSP On A New Trajectory

Dave Clark, who’s led TripleLift for the past two years, is stepping down, effective immediately, and is being replaced by a coterie of TripleLifters.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
shopping cart

Moloco Invests In Its Competitor Topsort As The Retail Media Stakes Go Up

Topsort can lean into Moloco’s algorithmic personalization, while Moloco benefits from Topsort’s footprint with local retailers in the US and in Latin America.

CDP BlueConic Acquires First-Party Data Collection Startup Jebbit

On Wednesday, customer data platform BlueConic bought Jebbit, which creates quizzes, surveys and other interactive online plugs for collecting data from customers.

Comic: The Showdown (Google vs. DOJ)

The DOJ’s Witness List For The Google Antitrust Trial Is A Who’s Who Of Advertising

The DOJ published the witness list for its upcoming antitrust trial against Google, and it reads like the online advertising industry’s answer to the Social Register.