May 26, 2023 • 4 min read • By Ronan Shields
Facebook owner Meta was fined earlier this week for yet another privacy infraction in Europe, just days ahead of GDPR entering its fifth year of enforcement.
Such a high-profile player in the sector being hit with a €1.2 billion ($1.3 billion) fine — this time by the Irish data protection authority for mishandling EU user data when transferring it to the U.S. — underlines the fact that every ad tech operator must make compliance with such laws their top priority.
It is within this context that their U.S. counterparts are lobbying lawmakers on the opposite side of the Atlantic with the aim of inducing (not to mention outright influencing) a multi-state privacy law, one that may take primacy over the myriad of individual state laws currently in place.
Even though efforts to draft such a law are far from officially entering the statute books — the most mature effort is the American Data Privacy And Protection Act (ADPPA) — key players in the industry are beating a trail to the U.S. Capitol.
The key aim here is to ward off having to comply with a patchwork of individual state laws in preference for a single set of legally-enforced privacy requirements applicable across the Union, similar to the situation in the EU.
In the absence of a U.S. federal privacy law, such a scenario is brewing in states across the U.S. Lawmakers in California, Colorado, Connecticut, Utah, and Virginia, among others, are answering public calls for more robust legislation equipped to adequately safeguard their privacy in the rapidly advancing digital era.
In the meantime, executives from both the IAB and its sister organization IAB Tech Lab are attempting to spearhead early compliance and lobbying efforts through a number of initiatives.
Such efforts are taking place through initiatives such as its Global Privacy Platform, and Multi-State Privacy Agreement — arguably successors to the Transparency Consent Framework in Europe — and its Accountability Task Force.
Separate sources across the IAB report bipartisan support for federal privacy law in the corridors of power with relevant draft legislation undergoing edits in the House of Congress. Some are forecasting a realistic timeline for any such legislation passing into law will be after next year’s general election.
IAB Tech Lab CEO Anthony Katsur spoke with Digiday about some of his body’s efforts, including meeting with key backers of such legislation (he declined to name the individual politicians he has met with) for the purposes of education.
“If you’re a global media company, then you’re facing a nightmare of cross-compliance,” he said. “In the internet era many companies are global by nature… it’s a nightmare from a technical, legal, and consumer experience perspective.”
Per Katsur, much of the conversations with D.C. policymakers center upon balancing consumer privacy and data security while not hampering the digital advertising economy with the industry championing how it helps promote the SMB tier of the economy.
“States’ rights and the whole issue of pre-emption is going to be an issue that’s heavily debated,” added Katsur when quizzed on the nature of such conversations with relevant politicians. “Any federal law would pre-empt CCPA and California is not going to be too thrilled about that.”
The lobbying power of the industry’s titans such as Alphabet, Amazon, and Meta is widely known, not to say resented among both the public and industry peers. And it is arguably this dynamic that has galvanized publisher executives, specifically ad ops pros tasked with the nitty-gritty chores of making ad tech work within prescribed guidelines to similarly pound the pavements in the U.S. Capitol in the hope of meeting key politicians.
Rob Beeler, a consultant specializing in media owners explained to Digiday how he plans to escort a delegation of publishers to educate such representatives on the day-to-day realities of the industry. It’s an initiative that some hope will curry favor among key decision-makers, particularly as it doesn’t bare the hallmarks of Big Tech.
“We want to discuss with them the value of having a Federal-level Privacy Legislation versus state-by-state,” said Beeler. “We’re going to talk about it because we’ve gone through what GDPR does, versus trying to do this at the California, Massachusetts, and Colorado level [of lawmamking].”
In the absence of such federal legislation, some vendors seek to help industry actors better establish the privacy compliance of their supply chains with Pixalate understood to be readying such an offering that will help marketers and publishers understand if their partners meet requirements across the U.S. The company’s CEO Jalal Nasir, claimed Apple and Google’s inaction over enforcing their stated privacy requirements on their respective app stores has furthered some of these issues.
“The ad tech industry is ill-equipped to handle the imminent disruption when U.S. state privacy laws start to be enforced,” he said. “Google and Apple have failed to enforce their own app store policies, which has created a mobile app ad ecosystem rife with both ad fraud and illegal commercial surveillance – hanging both ad tech companies and consumers out to dry.”