Don’t sleep on privacy regulation. So far 2022 may be lacking 2018’s one-two punch of the General Data Protection taking effect in Europe and the California Consumer Protection Act being passed in the U.S., but a spate of recent regulatory jabs could be setting up for a right hook.
Consider the privacy regulation moves of the past couple months. The recently introduced American Data Privacy and Protection Act is the latest congressional bill proposing a federal privacy law in the U.S. The California Privacy Protection Agency released a draft of proposed regulations for enforcing California’s privacy law. Europe has passed the Digital Markets Act and Digital Services Act, each of which covers targeted advertising and data management. And GDPR enforcement is picking up.
“The canary in the coal mine of what is triggering all this attention is the digital advertising ecosystem,” said Dominique Shelton Leipzig, a partner at the law firm Mayer Brown where she serves as the lead for global data innovation as well as ad tech privacy and data management.
In the latest episode of the Digiday Podcast, Shelton Leipzig surveyed the current privacy regulation landscape and interpreted what it portends for the digital ad industry. Her verdict?
“With all the regulation, there’s a minefield for companies approaching the space,” Shelton Leipzig said.
Here are a few highlights from the conversation, which have been edited for length and clarity.
The U.S. as privacy law outlier
We need a federal privacy law, personally, and we’ve needed one for a super long time. I mean, of the top 10 GDPs in the globe, we’re the only country without an overall data protection law.
Potential for a U.S. privacy law in 2022
There is general pessimism that [Congress passing a federal privacy law] is going to happen in time to take place this year in 2022, before midterm elections. The consensus appears to be there’s momentum, but to actually get the bill and the edits out, this is a really serious effort that most likely will have to be picked up again in 2023.
Global privacy pressure
There are 150 countries now with data protection laws around the world. So if you’re sitting in the U.S. working for a global company, you’ve got counterparts across the globe that have to start thinking about data privacy. I mean, I just saw last week Swaziland just came [out] with their data protection law.
The privacy ripple effect of Roe v. Wade being overturned
Even as it’s overturned, at core the legal analysis [behind Roe] is based on privacy precedent and the right to privacy. So the overturning of that decision calls into question privacy rights on a bunch of different fronts. There are some unexpected consequences or unexpected fallout that people may not have imagined. The ad tech community is going to be very much front and center in the types of requests for information about profiles on customers, loyalty programs, etc. because those go into purchase habits.