“You do it to yourself, you do
And that’s what really hurts
Is that you do it to yourself, just you
You and no one else
You do it to yourself”
If, like me, you were a teenager in 1995, the year Radiohead released its album “The Bends,” then you probably recognize those lyrics.
They’re from the song “Just,” which might as well be the theme song for ad tech, an industry no longer in a position to self-regulate as it had been doing for decades and decades.
“We’ve been an unregulated industry for over 100 years,” said Richy Glassberg, CEO and co-founder of privacy compliance startup SafeGuard Privacy, speaking on a panel at an ID5 event in New York City last week.
“We’re now a heavily regulated industry,” Glassberg continued, “and if you don’t understand that, it’s a big misconception.”
The fact is, Glassberg said, the many privacy laws we’re seeing “are a direct result of the fact that our industry, for the last 15 years, abused the respect of consumers. We forgot about the consumer.”
“You do it to yourself, you do
And that’s what really hurts.”
So regulators stepped in – but they’re not the only ones who took a cue. Class-action attorneys are getting busy, too.
“Lawyers are looking for what pixels are firing,” said Brian Kane, COO and co-founder of data privacy software company Sourcepoint. “Whether it’s the VPPA [Video Privacy Protection Act] or CIPA [California Invasion of Privacy Act], there’s a bunch of privacy-related activity that’s not just regulation.”
Meanwhile, regulators are more than ready to pick low-hanging fruit, and there’s quite a lot of it.
For example, if a business tells its consumers they can opt out of data collection by reaching out to a general privacy@companyname.com email address, then someone needs to check that inbox regularly and actually process the requests.
But you’d be surprised how often businesses don’t respond to messages, including to those from regulators.
Glassberg pointed to an observation he heard shared on stage by an enforcement official in California speaking at a private event in February.
“She said they were sending letters to companies, to the privacy mailbox, and people weren’t responding,” Glassberg said. “She very clearly said, ‘Be transparent. If you’re telling your customer to reach out at privacy@blankcompany and then you don’t answer me, a regulator? Then you’re not answering your consumer either.’”
In other words, have a little respect. (That’s a nod to Erasure in keeping with my musical theme. Fun fact, “A Little Respect” was released in 1988, which just so happens to be the year that then-President Ronald Reagan signed the VPPA into law. Life is a flat circle.)
Anyway, have a little respect and “have an awareness of how we got here,” said InfoSum CEO Lauren Wetzel. “Which is to say, we were pretty careless with data.”
I dunno what else to add to that other than 👏👏👏 and 🫠.
🙏 Thanks for reading! As always, feel free to drop me a line at allison@adexchanger.com with any comments or feedback. Also, please meet my spirit animal.