January 29, 2023

Volume XIII, Number 29


January 27, 2023

Subscribe to Latest Legal News and Analysis

January 26, 2023

Subscribe to Latest Legal News and Analysis

Ad Industry Group Modifies Its Compliance Program to Address 2023 US State Privacy Laws

The Interactive Advertising Bureau (IAB) and IAB Tech Lab have proposed updates their industry level agreements and privacy signal program to support the efforts of marketers, agencies, publishers, and ad tech companies to comply with the US state privacy laws going into effect in 2023. The comment period on the updates is open until October 27.

The IAB Privacy’s Multi-State Privacy Agreement (MSPA) is intended to update the Limited Service Provider Agreement (LSPA), currently used to ensure compliance with the California Consumer Privacy Act (CCPA). The MSPA is intended to marketers, agencies, publishers, and ad tech companies ensure compliance with the CCPA (as amended by the California Privacy Rights Act (CPRA)), as well as the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CDPA), Utah Consumer Privacy Act (UCPA) and Virginia’s Consumer Data Protection Act (VCDPA), when engaging in digital advertising practices that are subject to opt-out under these laws because they involve the disclosure of digital media viewers’ personal information in order to facilitate the serving of digital ads specific to a consumer viewing connected TV, mobile or website content. Key to the approach is to create service provider relationships amongst various ad ecosystem parties and to provide a means of indicating when a viewer’s data may only be used for limited data processing and in a non-targeted manner.

According to the IAB, the MSPA includes provisions covering:

  • “Gap transactions,” such that it applies contractual terms for those “sales” of personal information where there is ordinarily no contract in place in the digital advertising distribution chain;

  • Measurement and frequency capping, including when undertaking such activities using service providers;

  • Contextual advertising and advertising on a publisher’s first party segments;

  • A “national” approach option to state privacy compliance that is set at the highest common denominator across the new state with privacy laws, as well as a state-by-state approach; and

  • Use of the IAB Tech Lab’s technical specification for US State Signals.

Current LSPA participants will automatically become MSPA participants unless they withdraw. The MSPA builds upon the LSPA to address additional consumer rights and opt-outs under new state privacy laws. One feature of the MSPA is to create a joint service provider relationship for participating measurement and frequency capping vendors with participating advertisers and publishers in an effort to avoid a “sale” of personal data when exchanged for contextual advertising measurement and frequency capping purposes.

The MSPA works in conjunction with the IAB Tech Lab’s US State Signals program, which will manage privacy signals from consumers in California, Colorado, Connecticut, Utah and Virginia. The US State Signals program is proposed to replace the US Privacy Framework, which to date has managed consent signals from California to comply with the CCPA.

Comments on the draft MSPA and US State Signals program are due October 27.

© Copyright 2023 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 297

About this Author

Alan L. Friel Data Privacy & Cybersecurity Attorney Squire Patton Boggs Los Angeles, CA

Alan Friel is the deputy chair of the firm’s Data Privacy & Cybersecurity Practice.

Alan is a thought leader in digital media, intellectual property, and privacy and consumer protection law, with three decades of relevant experience to address the intersection of law and technology.

Prior to joining the firm, Alan was a partner at a US law firm, where he led the US Consumer Privacy practice (in which he counseled clients on compliance with the California Consumer Privacy Act (CCPA) and other data privacy regimes), and the retail, restaurant and e-commerce industry...

Kyle Dull Data Privacy & Cybersecurity Lawyer Squire Patton Boggs Miami Florida

A former assistant attorney general, Kyle has extensive experience investigating and litigating privacy and advertising law violations. He now draws on that experience to advise clients on their own data privacy, cybersecurity and advertising risks, and is regularly retained by corporations to defend and resolve enforcement actions.

Kyle has a solid understanding of domestic and international privacy laws and counsels digital media companies looking to protect their digital property and avoid potential legal issues by negotiating and drafting licensing, joint venture and data...

+1 305 577 2840