US Multi-State Privacy Laws

June 29, 2023 — by Fiona Campbell-Webster    

In January we shared a blog post with recommendations on how to prepare in 2023 to comply with five US Multi-State privacy laws in California as amended by CPRA, Virginia, Connecticut, Colorado and Utah. As a reminder, the enforcement date of several of these laws is 1 July 2023. This blog post is a brief practical check list for our clients to help support your compliance efforts. Please also refer to the January blog post for background on what we recommended clients should do in preparation. “What’s needed now, next and later for clients to prepare for global digital advertising privacy compliance starting January 2023”

Practical check list for our clients:

  • Have you updated your privacy policies to consumers on your sites to provide Do Not Sell/Share My Personal Information (DNSS) opt-out notices?
  • Have you implemented opt-out mechanisms to be able to send DNSS opt-out signals to MediaMath when a consumer opt-out of selling/sharing on your site?
  • Have you implemented Global Privacy Controls (GPC) on your site as required under California?
  • Have you updated your privacy policies to consumers on your sites to provide opt-out of sharing for targeted advertising notices for consumer rights under Virginia, Colorado, Connecticut and Utah?
  • Do you have an opt-out of sharing for targeted advertising mechanism for consumer rights under Virginia, Colorado, Connecticut and Utah?
  • Will your opt-out signals be integrated with the IAB Tech Lab’s Global Privacy Platform (GPP)? One Trust for example is integrated with GPP.
  • Have you reviewed the new and updated Schedule B to your MSA for US Multi-State privacy laws? These Schedule B terms are also located in our User Policy which forms part of your agreement.
  • MediaMath will be a participant and signatory to IAB US Multi-State Privacy Agreement. As a 1st party Business, under CCPA as amended by CPRA, will you be signing up to the IAB US Multi-State Privacy Agreement? Here is the Advertiser’s Guide to the MSPA

Please reach out to your MediaMath representative if you have any questions regarding the above.

Disclaimer: Please note this blog post is not intended as legal advice and you should consult your own legal advisors on your company’s legal and technical compliance requirements.

Fiona Campbell-Webster

Fiona Campbell-Webster, Esq, CIPP-E is Chief Privacy Officer at MediaMath and is a dual qualified attorney in New York and U.K. She is responsible for defining the privacy program and strategic policies and processes around privacy, data use, identity and compliance to ensure data is used globally in ethical, privacy-friendly ways that support MediaMath’s business outcomes while honoring global data protection laws and self-regulatory obligations. Fiona has provided privacy and legal advice to the AdTech industry for many years with experience on the buyside and sellside. Previously, Fiona was Head Legal Counsel and DPO at Beeswax (DSP), prior to that first and sole legal counsel and DPO at TripleLift (SSP) and started supporting AdTech working as part of a team of attorneys for Sizmek (DSP/AdServer.