Navigating Web 3.0: Data Security and Privacy in the Age of GDPR

February 1, 2018

This May, companies on both sides of the pond will see what is arguably the largest overhaul of personal data privacy rules in the Internet Era, otherwise known as the General Data Protection Regulation (GDPR). While only some American businesses that operate on both continents seem to recognize the need to move swiftly and prepare for the enforcement of GDPR, it is clear that all eyes are on privacy regulation this year, and for good reason.

In short, GDPR is the European Union’s 28 members’ 2016 resolution to unify data protections, including those pertaining to the export of personal data outside the EU. More specifically, GDPR regulations will have potentially loud echo effects around the world - especially since privacy and data security issues are an iron triangle for the advertising industry, posing highly interrelated challenges across federal, state, and international boundaries.

According to leading research firm Gartner, less than half of the companies set to be affected by GDPR will be in full compliance by the end of year, and with potential penalties for violations as high as 4% of worldwide revenue, this will create major risks. ANA is committed to helping its members better prepare and understand the latest EU changes. At our upcoming Advertising Law & Public Policy Conference on March 15 and 16, we will present exclusive programming on the implications of GDPR. We also have detailed information on our website and in earlier blog posts.

With the repeal of the FCC’s broadband privacy rules, numerous states and local governments have responded by proposing their own highly restrictive legislation, such as California’s AB375. Last year, more than 20 states and the District of Columbia introduced legislation that would reinstate some version of the Obama Administration FCC’s ISP privacy rules.

ANA believes consumer privacy should certainly be carefully protected, but unnecessary, onerous, overly restrictive, and inconsistent multistate level privacy legislation that would stifle innovation and create confusion in the markets is not the answer.

Although California’s AB375 – one of the most potent domestic threats to the current digital advertising ecosystem – did not pass last year, advocates are ready to fight for the bill in 2018 with reinvigorated momentum. In addition, an even more restrictive privacy ballot initiative has been filed with the California attorney general. If proponents are able to collect enough signatures by April (a good possibility), the ballot initiative will be voted on during the general election this November. It would broaden the widely accepted definition of personal information to include web browsing history, biometric, and geographic information, among other things. Furthermore, the initiative would institute completely inappropriate penalties, regardless of fault, on companies that suffer a data breach – which would have severely hampered companies like Target, Sony, and Home Depot in the wake of their data breaches and driven smaller companies out of business.

Clearly, 2018 is going to be a year where privacy and data security issues are a primary concern, and everyone in the ad community needs to be alert to respond to these challenges.


You must be logged in to submit a comment.