What Publishers Need to Know About Data Privacy

Content publishers, media, and other ad-supported websites have already had to grapple with the privacy requirements in the EU General Data Protection Regulation (GDPR). Similar regulations are also in force in several other countries in the Americas, Europe, and Asia.

In addition, publishers must comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) by January 2023. Still, more privacy regulations are being advanced and debated in other U.S. states and worldwide.

In fact, more than ten different U.S. states, including Massachusetts and Texas, are considering privacy laws along the lines of the CCPA. With these unfolding developments, it is increasingly critical that publishers understand and manage the risks associated with consumer data privacy.

Financial Risks of Non-Compliance with Regulations are Significant

For example, under the CCPA, businesses are subject to civil action by the California Attorney General’s Office. They can face penalties of up to $7,500 per intentional violation or $2,500 per unintentional violation if not cured within 30 days of being given notice.

The CCPA also provides a private right of action to California residents whose personal information is subject to unauthorized access, theft, or disclosure.

In addition to financial penalties for violations, the resulting negative publicity can also cost a publisher or media company through loss of consumer goodwill and brand trust, with an accompanying reduction in revenues and brand value.

How Can You Ensure Ad-Supported Websites are Privacy Law Compliant?

In order to manage these risks and support your compliance efforts, the privacy experts recommend the following specific practices and solutions.

These solutions offer a broad range of configuration options to enable publishers to move forward with a comprehensive privacy compliance program that balances your risk profile with current and planned monetization strategies.

    • Conduct privacy assessments (PIAs, DPIAs) and understand where and why your practices may not align with regulations so you can define remediation with Assessment Manager
    • Build a data inventory and data flow maps with Data Inventory Hub to help assess vulnerabilities and risks involving the flow of consumer data throughout your ecosystem
    • Consent for tracking cookies – Use Cookie Consent Manager to gain consumer consent to collect and share data, which is a key provision in many data privacy regulations
    • Self-Regulation via industry ad program – Become part of the digital advertising industry’s self regulation program AdChoices and manage users’ advertising preferences in both cookie and non-cookie environments with Ads Compliance Manager
    • Manage individual rights to meet legally mandated requirements for data subject rights requests with Individual Rights Manager
    • Independent certification helps ensure a publisher or media company has effectively addressed privacy concerns and advances brand credibility; learn more about TrustArc certifications
    • Consent for direct marketing – Support requirements under GDPR and other regulations that mandate consumer consent to engage in direct marketing surveys, newsletters, and other communications with Consent and Preferences Manager

Learn more about how privacy laws and regulations affect ad-supported websites and media companies, as well as best practices to support your privacy risk management efforts.