Data Privacy Roundup

Starting on February 16, Google said it will no longer prohibit fingerprinting for companies that use its advertising products. Oh, how times have changed.

But cookies aside – and don’t forget to leave a few real ones out for Santa – there were lots of other big privacy developments in 2024. Here are some of the highlights.

Although most people probably understand in an abstract way that they’re being tracked online, the details are fuzzy. Honestly, the details are fuzzy to me, and I write about this stuff for a living.

The Federal Trade Commission is warning companies that using a data clean room isn’t some kind of get-out-of-compliance-free card.

Even when third-party cookie deprecation was ostensibly still in the offing last year, there was only modest publisher adoption of the Protected Audiences and Topics APIs, according to data from Sincera.

A new nonprofit organization in the UK wants to develop the first regulator-approved privacy-compliance certification for ad tech – and it’s got the UK’s data protection authority on board.

It’s been more than two months since Google said it would forego third-party cookie deprecation in favor of a user choice mechanism. But it hasn’t shared any details yet.

Let’s clear the air. The Federal Trade Commission does not hate advertising, says Samuel Levine, the agency’s consumer protection chief. But the FTC does have a few suggestions for the ad industry.

The discovery process in the lead-up to Google’s ad tech antitrust trial has unearthed nuggets of information that aren’t directly related to the case, yet are no less fascinating.

There’s a decent amount of overlap between many US state privacy laws – but there are also many significant differences. Take the Maryland Online Data Privacy Act.

Not only will hashing data not anonymize it, but regulators, including the Federal Trade Commission, consider hashed identifiers to be personal information.

Google is keeping third-party cookies in Chrome, and here’s what ad tech Twitter (X, whatever), has to say about it.

Sophia Cao, RTB House’s newly appointed director of private advertising advocacy, knows how to play nice in the sandbox – because, well, she used to work there.

Musings on the Chrome Privacy Sandbox consent pop-up after experiencing one in the wild in Europe. Do people know what they’re opting into?

Class-action attorney Jay Barnes makes the case for why the US **doesn’t** need to pass a dedicated federal data privacy law.

Being able to share information about a group of people without compromising any individual person’s privacy kinda sounds like a form of wizardry. But it’s not. It’s just math.

Rather than directly managing risk and regulatory compliance as a traditional chief privacy would do, Ron De Jesus is like a liaison between Transcend and the CPO community.

Google has said publicly that it will eventually (“soon”) adopt a national approach to privacy compliance in the US. That’s a big deal – but only if Google actually does it.

The APRA is the first serious attempt at a compromise to pass national privacy legislation since the American Data Privacy and Protection Act failed to advance last year.

I spent the week in Washington, DC, attending two privacy- and public policy-focused events and I have a single takeaway from both: Enforcement. Is. Coming.

Here’s some free legal advice from a privacy lawyer: Don’t make privacy claims if you’re not going to stick to them.

If you weren’t able to tune in to the FTC’s PrivacyCon event last week – it was a seven-hour affair, after all – then worry not. We gotchoo.

“Compliance doesn’t have to be a chore, and legal can be a strategic partner,” says Jamie Lieberman, chief legal officer at ad management and monetization platform Mediavine.

We caught up with IAB Tech Lab CEO Tony Katsur in the wake of a new bombshell report that claims the Chrome Privacy Sandbox is not fit for purpose.

With the final phaseout set for the end of this year and multiple new state privacy laws now in effect, privacy lawyers (and privacy pros in general) are gonna be busy.

Contextual targeting today is way more advanced than what was available a decade ago. So, what could the FTC’s COPPA Rule proposal mean for contextual advertising to kids?

Let’s make 2024 the year of data privacy as a differentiator. But let’s also make it happen way faster than the “year of mobile.” (That took, like, a decade.)

Privacy and personalization often feel mutually exclusive in ad tech. But it doesn’t have to be that way, says Abhishek Sen, CEO and co-founder of NumberEight, a mobile data platform that takes a novel approach to dealing with identity data deprecation.

Ad measurement and attribution are in crisis – but maybe that’s a good thing says Andrew Covato, founder and managing director of measurement consultancy Growth by Science. “It’s time for change.”

When the FTC started cracking down on digital health companies last year, many of Freshpaint’s customers, which include health systems, hospitals and health care marketers, were at a loss about how to continue marketing.