Privacy Laws: 2024 Updates for Publishers

In the good old days, running a top-tier publication meant endless possibilities. Well, those days have morphed into a bit of a maze with the ever-changing privacy laws.

This isn't just a feeling, folks. A recent report by the Association of Online Publishers (AOP) and Deloitte revealed that publishers only saw a 0.3% revenue increase in the second quarter of 2023. This low revenue growth shows how difficult it is for the online publishing industry to succeed in the current environment with twisted privacy laws. 

2023 witnessed a tremendous shift in the data privacy law. New laws and stricter rules, both nationwide and across individual states, forced everyone in the industry to adapt quickly. Advertisers, publishers, and ad tech companies all had to scramble to keep up. 

From new state laws to extra focus on protecting kids' data, health information, and location data – every facet of the industry faced meticulous examination.

This article is to keep you informed about the latest privacy updates. We will break down the important changes, explain what they mean for you, and help you get ready for what's ahead. Think of it as your guide to navigating these new privacy laws with confidence.

But First, A Quick Refresher on Privacy Laws 

1. GDPR (General Data Protection Regulation) - European Union (EU)

• Website: https://commission.europa.eu/law/law-topic/data-protection_en
• Focus: Governs personal data processing, emphasizing explicit user consent and the right to be forgotten.

2. CCPA (California Consumer Privacy Act) - California, USA

• Website: https://oag.ca.gov/privacy
• Focus: Grants California residents' rights over personal information, including opting out of data selling.

3. PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada

• Website: https://laws-lois.justice.gc.ca/eng/acts/p-8.6/
• Focus: Governs private sector organizations' collection and use of personal information.

4. COPPA (Children's Online Privacy Protection Act) - United States

• Website: https://www.ftc.gov/business-guidance/privacy-security/childrens-privacy
• Focus: Protects children under 13 online, requiring parental consent for data collection.

5. ePrivacy Directive - European Union (EU)

• Website: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32002L0058
• Focus: Focuses on privacy in electronic communications, including user consent for online tracking.

6. CPRA (California Privacy Rights Act) - California, USA

• Website: https://oag.ca.gov/privacy
• Focus: An extension of CCPA, enhancing user rights and introducing additional privacy measures.

7. LGPD (Lei Geral de Proteção de Dados) - Brazil

• Website: https://www.gov.br/esporte/pt-br/acesso-a-informacao/lgpd
• Focus: Similar to GDPR, protecting the privacy rights of Brazilian citizens.

8. VCDPA (Virginia Consumer Data Protection Act) - Virginia, USA

• Website: https://www.oag.state.va.us/consumer-protection/files/tips-and-info/Virginia-Consumer-Data-Protection-Act-Summary-2-2-23.pdf 
• Focus: A state-level privacy law in the US providing rights similar to CCPA and GDPR.

‍New Privacy Laws

• The EU-US Data Privacy Framework (DPF), finalized in 2023, offers a path for US companies to comply with GDPR when transferring data to the EU. As publishers who operate in both regions, you should explore the DPF's implications.

• Universal Opt-Out Mechanisms (UOOMs) like Global Privacy Control (GPC) are gaining traction, allowing users to opt out of data sharing across multiple platforms with a single setting. As publishers, you should be prepared to honor UOOMs as they become more widely adopted.

New Updates on Privacy Laws Every Publisher Needs to Know in 2024

1. Washington's My Health My Data Act

This act grants users greater control over health-related data and enters enforcement territory in 2024. Brace yourselves for potential lawsuits and a significant impact on ad targeting in the health and pharmaceutical sectors.

Consider the example of Publicis' $350M settlement for marketing opioids reveals ethical concerns. Despite claiming innocence, their practices included recording intimate patient-doctor conversations. The unit responsible, Verilogue, continues under Insagic, blending capabilities with Epsilon's data. This example emphasizes the need for publishers to go beyond legal compliance, considering ethical implications in data usage.

2. Privacy-enhancing technologies (PETs)

Privacy-enhancing technologies (PETs) are soaring in 2024 as publishers grapple with stricter privacy laws and audience reach. From news to entertainment – publishers are turning to these innovative solutions to navigate the complexities of data collection and targeting while adhering to evolving laws.

Here are a few PETs privacy tools taking flight in 2024

• Differential privacy: Think about adding "noise" to data to protect individual identities. This allows you to share aggregated stats (like total clicks) without revealing user details.
• AI-generated synthetic data: This is actually "fake data based on real data." This protects user privacy while enabling analysis, testing, or training. Like creating sample user profiles without exposing real user information.
• Federated learning: Imagine several parties learning from each other's data without sharing it directly. This tool allows collaboration and data exchange while maintaining privacy and trust. With this, publishers like you can improve recommendation systems by learning user preferences across different websites, that too, without sharing individual data.

But PETs are more than just a compliance play. They offer a strategic edge, mitigating data breach and privacy violation risks, fostering trust and loyalty with your audience. However, the excitement around PETs needs a reality check. Regulators are watching closely, demanding proof these solutions truly deliver on privacy promises. Transparency and demonstrable effectiveness will be crucial for long-term viability.

3. Rise in incentivize users in a cookieless world

The tightening grip of regulations might force a shift in business models. Publishers should also consider exploring incentive programs or other benefits to encourage users, particularly in regard to sensitive data collection.

Currently, publishers are employing various strategies to encourage users to log in and share their data in a cookieless world:

• Gamification: Snopes offers a "true or false" quiz to engage visitors and encourage them to create accounts to save progress.
  ‍

• Value-added features: Many platform offers features like saving content in exchange for user login and ad consent.
  ‍

• Single-sign-on: Future is exploring solutions like OpenPass to streamline the login process for readers.
  ‍

• Transparency: Publishers like CyberAgent emphasize the benefit of user control and transparency in data collection.
  ‍

4. Audits and accountability:

State privacy laws are demanding greater accountability from data handlers. As a publisher, be prepared for a surge in audits, internal assessments, and thorough documentation requirements to demonstrate compliance. 

Here is the growing patchwork:

• California's CPPA kicks off its auditing blitz in March 2024, so get ready for the spotlight.
  

• The US continues to see a rise in state-specific privacy laws, with four new laws taking effect in 2024 (Tennessee, Oregon, Texas, and Montana).
  

• New Jersey also passed a law in January 2024, joining Iowa and Delaware with laws coming into effect in 2025.

This trend creates a "patchwork" of compliance requirements across different regions, making it crucial for publishers like you to stay informed of specific regulations within the targeted markets.

Critical Takeaways for Publishers

• Focus on user consent 

New as well as existing privacy laws emphasize obtaining explicit and informed user consent for data collection and processing. Also, you, as a publisher, need to ensure privacy laws on your website are clear, concise, and easily accessible, outlining what data is collected, how it's used, and user rights regarding their information.

• Adapt to platform changes

Major tech companies like Google, Apple, and Android are implementing privacy updates that impact data collection and targeting practices. You need to adapt strategies to account for these changes, such as exploring alternative targeting methods that comply with evolving platform guidelines.

• You also need to demand transparency 

Seek clear information from data brokers and advertisers about the origin and collection methods of the data they provide. Notably, The ADWEEK reported the latest Digital Publishers’ Revenue Index (DPRI) from the Association of Online Publishers (AOP).

It said:

This underlines the industry's increasing reliance on such data and states that large data still goes unsegmented.

• Experiment, develop & grow 

Establish internal standards that transcend legal compliance when choosing ad partners and formulating targeting policies. Explore privacy-enhancing technologies (PETs) for genuine user privacy. 

Try integrating PETs into Data Clean Rooms for a privacy-safe solution. Lagging in opt-in efforts for sensitive data? As regulations tighten, consider offering incentives for user consent.  It's time you reassess your business models amid evolving privacy laws.

Beyond Compliance 

While legal compliance remains central, navigating privacy law requires more than staying informed. 

Here is another case illustrated in an article on AdExchanger showcasing the human cost of disregarding ethical considerations. 

Hence, as a publisher, you need to strive for a higher standard. Prioritize user transparency, informed consent, and responsible data practices. 

Partner ethically, leverage PETs, and at the end, always remember that user data represents real lives — treat it with the respect it deserves.

So, let's move beyond legal compliance and co-create an ethical future for data-driven advertising, one that earns, not exploits, user trust. 

‍