Content publishers, media and other advertising-supported websites have already had to grapple with the privacy requirements put forth in the EU General Data Protection Regulation (GDPR). Similar regulations are also in force in a number of other countries in the Americas, Europe and Asia. In addition, at the start of 2020, publishers will have to comply with the California Consumer Privacy Act (CCPA). Still more privacy regulations are being advanced and debated in other U.S. states, and around the world. In fact, more than ten different U.S. states, including Massachusetts and Texas, are in the process of considering privacy laws along the lines of the CCPA. With these unfolding developments, it is increasingly critical that publishers understand and manage the risks associated with consumer data privacy.
The financial risks of non-compliance with these regulations are significant. For example, under the CCPA, businesses are subject to civil action by the California Attorney General’s Office and can face penalties of up to $7,500 per intentional violation or $2,500 per unintentional violation, if not cured within 30 days of being given notice of such violation. The CCPA also provides a private right of action to California residents where their personal information is subject to unauthorized access, theft, or disclosure. In addition to financial penalties from a violation, the resulting negative publicity can also cost a publisher or media company through loss of consumer goodwill and brand trust, with an accompanying reduction in revenues and brand value.
In order to manage these risks and support your compliance efforts, the privacy experts at TrustArc recommend the following specific practices and TrustArc solutions. The solutions offer a broad range of configuration options to enable publishers to move forward with a comprehensive privacy compliance program that balances your risk profile with current and planned monetization strategies.
- Conduct privacy assessments (PIAs, DPIAs) and understand where and why your practices may not align with regulations so you can define remediation with Assessment Manager
- Build a data inventory and data flow maps with Data Flow Manager to help assess vulnerabilities and risks involving the flow of consumer data throughout your ecosystem
- Consent for tracking cookies – Use Cookie Consent Manager to gain consumer consent to collect and share data, which is a key provision in many data privacy regulations
- Self-Regulation via industry ad program – Become part of the digital advertising industry’s self regulation program AdChoices and manage users’ advertising preferences in both cookie and non-cookie environments with Ads Compliance Manager
- Manage individual rights to meet legally mandated requirements for data subject rights requests with Individual Rights Manager
- Independent certification helps ensure a publisher or media company has effectively addressed privacy concerns and advances brand credibility; learn more about TrustArc certifications
- Consent for direct marketing – Support requirements under GDPR and other regulations that mandate consumer consent to engage in direct marketing surveys, newsletters and other consumer communications with Marketing Consent Manager
To learn more read our new solutions brief Publishers and Privacy. This brief provides an overview of privacy laws and regulations – for example the California Consumer Privacy Act (CCPA) – and how they affect ad-supported websites and media companies along with recommended best practices and solutions to support your compliance and privacy risk management efforts.
To learn more about the TrustArc solutions, visit https://www.trustarc.com/products/.