3. Many states will pass new data protection laws and regulations similar to GDPR.
Online marketing has been around for more than 25 years, and programmatic for more than 10. It’s simply time for everyone – advertisers, ad tech providers, and consumers – to unite behind higher standards. GDPR was the first step in that direction for the EU, and I expect U.S. regulations will quickly follow.
Already several states have introduced legislation to expand data privacy for their residents, giving them more control over how their personal data is collected and used. California’s Consumer Privacy Act goes a step further, requiring companies to make significant changes to their data handling and processing procedures. In Vermont, new legislation also requires data brokers to register with the state, better inform consumers about their options, and notify authorities of any security breaches.
While U.S. regulations will mirror many of GDPR’s protections, it is doubtful that states will deem data privacy a civil right, as it is in the EU. Instead, most states are looking to give consumers the right to demand that companies disclose what information they collect, to block that data from being sold, and to sue noncompliant companies. However, even if lawmakers in every state set the stage for these regulations, the laws and enforcement likely won’t go into effect for several years. For instance, Vermont’s changes for data brokers don’t kick off until 2019, and California’s Consumer Privacy Act doesn’t take effect until 2020.
In the meantime, if you’re looking for the most effective ways to reach your target audience in a post-GDPR world, you may want to start by auditing your data management program. Review your data protection policies with your legal and compliance teams. Then, develop a real-time process for handling customer requests and opt outs.