October 7, 2022

Volume XII, Number 280

Advertisement

October 06, 2022

Subscribe to Latest Legal News and Analysis

October 05, 2022

Subscribe to Latest Legal News and Analysis

October 04, 2022

Subscribe to Latest Legal News and Analysis

How Do State Statutes Differ in Terms of Their “Targeted Advertising” Exemptions?

The term “targeted advertising” is defined relatively consistently between and among modern U.S. data privacy statutes with the noticeable exception of California which deviates somewhat in the California Privacy Rights Act’s (CPRA) definition of the similar term “cross-context behavioral advertising” by omitting any reference to tracking a person over time, or making predictions about a person’s interests. As the following chart indicates, California also deviates in that it does not provide the same exemptions for the types of activities that constitute targeted advertising or cross-context behavioral advertising.  Specifically, unlike the other state privacy statutes, the CPRA does not contain an express exemption for advertisements that are selected based upon search queries, contextual visits to a website, or requests for information. Nor does the California Privacy Rights Act contain an express exemption from its definition of “sharing” for data that is shared for the purpose of reporting advertising performance metrics.

It should be noted that these omissions may not lead to a substantive difference in terms of what activities constitute cross-context behavioral advertising or targeted advertising.  For example, it is possible that while an activity, such as targeting an advertisement based upon a search query, may not fall under an express exemption within the CPRA, it may not satisfy the definition of cross-context behavioral advertising in the first place such that it would necessitate an exemption.

Explicit Exemption from Definition of “Targeted Advertising”

California 2022

CCPA

California 2023

CPRA

Virginia 2023

VCDPA

Colorado 2023

CPA

Utah 2023

UCPA

Conn. 2023

CTDPA

Based on controller’s properties.  Ads selected based on activities within the controller’s own websites or applications are not considered targeted advertising. N/A

✔[1]

(Implied in definition of cross-context behavioral advertising)

✔[2] ✔[3] ✔[4] ✔[5]
Based on controller-affiliates’ properties.  Ads selected based on activities within a controller’s affiliates websites or applications are not considered targeted advertising. N/A

✔[6]

(Implied in definition of cross-context behavioral advertising)

✔[7]

(Implied in definition of targeted advertising)

✔[8]

(Implied in definition of targeted advertising)

✔[9]

✔[10]

(Implied in definition of targeted advertising)

Based on search query.  Ads selected based on the context of a consumer’s current search query are not considered targeted advertising. N/A ✔[11] ✔[12] ✔[13] ✔[14]
Based on visit to a website.  Ads selected based on the context of a consumer’s current visit to a website are not considered targeted advertising. N/A ✔[15] ✔[16] ✔[17] ✔[18]
Based on request for information.  Ads selected based on a consumer’s request for information or feedback are not considered targeted advertising. N/A ✔[19] ✔[20] ✔[21] ✔[22]
Metrics.  Sharing of data solely to measure or report advertising frequency, performance, or reach are not considered targeted advertising. N/A ✔[23] ✔[24] ✔[25] ✔[26]

FOOTNOTES 

[1] Cal. Civ. Code 1798.140(k) (West 2021) (relates to definition of cross-context behavioral advertising).

[2] Va. Code 59.1-571 (2022).

[3] C.R.S. 6-1-1303(24)(b) (2022).

[4] Utah Code Ann. 13-61-101(34)(b)(i) (2022).

[5] Connecticut Substitute Bill No. 6, § 1(28)(A) (2022) (pending governor approval).

[6] Cal. Civ. Code 1798.140(k) (West 2021) (relates to definition of cross-context behavioral advertising).

[7] Va. Code 59.1-571 (2022).

[8] C.R.S. 6-1-1303(24)(b) (2022).

[9] Utah Code Ann. 13-61-101(34)(b)(i) (2022).

[10] Connecticut Substitute Bill No. 6, § 1(28)(A) (2022) (pending governor approval).

[11] Va. Code 59.1-571 (2022).

[12] C.R.S. 6-1-1303(24)(b) (2022).

[13] Utah Code Ann. 13-61-101(34)(b)(ii) (2022).

[14] Connecticut Substitute Bill No. 6, § 1(28)(B) (2022).

[15] Va. Code 59.1-571 (2022).

[16] C.R.S. 6-1-1303(24)(b) (2022).

[17] Utah Code Ann. 13-61-101(34)(b)(ii) (2022).

[18] Connecticut Substitute Bill No. 6, § 1(28)(B) (2022).

[19] Va. Code 59.1-571 (2022).

[20] C.R.S. 6-1-1303(24)(b) (2022).

[21] Utah Code Ann. 13-61-101(34)(b)(iii) (2022).

[22] Connecticut Substitute Bill No. 6, § 1(28)(C) (2022).

[23] Va. Code 59.1-571 (2022).

[24] C.R.S. 6-1-1303(24)(b) (2022).

[25] Utah Code Ann. 13-61-101(34)(b)(iv) (2022).

[26] Connecticut Substitute Bill No. 6, § 1(28)(D) (2022).

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 151
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement