Data Privacy Day 2023 – How did we get here and what’s happening now in 2023?

January 27, 2023 — by Fiona Campbell-Webster    

We’ve come a long way on the global privacy journey since 2018 when GDPR led the way for the world to start creating a plethora of privacy laws each with its own special nuance. This is fantastic for privacy awareness and business adoption, but it has become operationally challenging for businesses both small and large to navigate and implement.

2023 Should be the Year to Begin Harmonizing Privacy Laws. 

This year we can expect to see greater effort towards harmonizing these increasingly fragmented privacy regulatory approaches. Efforts around a potential US Federal privacy law, American Data Privacy and Protection Act (ADPPA) in 2022 should be revived in 2023 to eliminate uncertainty, offer greater clarity, transparency, and privacy to the consumer. In the long run, if regulators and industry can work together to achieve this harmonization, it will lead to a healthy balance between seamless privacy compliance and scaled, personalized opportunities that allow businesses of all sizes to flourish. Read my advice in full in Spiceworks

Prepare for potential new policy

The latest in data privacy is usually reactive in response to legislation, so this Data Privacy Day it’s important to prepare for potential new policy. As more states introduce privacy laws, organizations must be aware of, and able to manage, the varying provisions which can make cross-state compliance complicated.

Privacy Policies and Notices

With the focus on privacy policies, privacy notices and cookie policies, it is incredibly important that companies start reviewing and updating disclosure documents on their sites and digital properties, as the new US State privacy laws and rules will require many changes, such as what are the categories of data disclosed to third parties.

US Multi-State 2023 Privacy Compliance

As you are preparing for your US Multi-State 2023 compliance, for California, Virginia, Colorado, Connecticut and Utah, we have prepared some guidance located in our Privacy, Security and Identity Hub here.

Check out my comments in the discussion on US Multi-State law requirements with Tim Peterson from Digiday and on CPRA raising the bar, in this excellent and informative video here.  Tim Peterson also created a video with IAB Legal on their contractual solution the Multi-State Privacy Agreement (MSPA) which can be found here. Both videos are insightful, easy to understand and are definitely worth the price of admission!

I also recently sat down with Greg Kihlström from The Agile Brand to discuss the importance of consumer privacy in fostering stronger relations between platforms and customers. Listen to the full podcast episode on The Agile Brand website here.

Global Privacy Controls (GPC)

Regarding global privacy controls, it is important for marketers to continue to monitor developments on opt-out preference signals, which are addressed in greater detail in the CPPA’s draft regulations. The first step in data privacy is to ensure your technology team fully recognizes the new opt-out requirements. The “frictionless” opt-out approach (recognizing opt-out signal preferences) may have challenges, and companies should take time to understand how the business can practically implement this approach or the alternative approach of including links to allow consumers to opt-out.

EMEA Privacy for 2023

For the continuing developing landscape in the EU and UK, James Kerr, MediaMath DPO for EMEA has prepared some guidance located in our Privacy, Security and Identity Hub here. Also see his comments on the IAB Transparency and Consent Framework and approval of the plan of action by the Belgian DPA here.

Post Third Party Cookies will this happen in 2023?

Who knows … but whether it does or doesn’t, now is the time to prepare for a future without third party cookies. Solutions are already built. I discussed this recently with ID5 in its ID5 Identity 2023 here. I recommend watching the full thing, but MediaMath’s session is at 2:40:06

Lastly, don’t forget that if third party cookie deprecation by Google finally happens in 2023 as previously promised, it won’t change the need to still comply with applicable global privacy laws. It will still mean that first party and second party data and alternative IDS used for targeting purposes will still be subject to global privacy laws like GDPR, CCPA and other US Multi-State laws.

MediaMath’s privacy team will continue to provide guidance and updates in our Privacy, Security and Identity Hub throughout what promises to be a very busy year in 2023 for both responsive data and privacy compliance and proactive framing for harmonization of the current fragmented global and national privacy landscape to ensure a sustainable and flourishing future for businesses and consumers in our growing digital economies and market places.

Fiona Campbell-Webster

Fiona Campbell-Webster, Esq, CIPP-E is Chief Privacy Officer at MediaMath and is a dual qualified attorney in New York and U.K. She is responsible for defining the privacy program and strategic policies and processes around privacy, data use, identity and compliance to ensure data is used globally in ethical, privacy-friendly ways that support MediaMath’s business outcomes while honoring global data protection laws and self-regulatory obligations. Fiona has provided privacy and legal advice to the AdTech industry for many years with experience on the buyside and sellside. Previously, Fiona was Head Legal Counsel and DPO at Beeswax (DSP), prior to that first and sole legal counsel and DPO at TripleLift (SSP) and started supporting AdTech working as part of a team of attorneys for Sizmek (DSP/AdServer.