I spoke this week on Usercentrics’ Tech That Talks program, taking look at personalized ad targeting and the future of cookies.

Among the issues we discussed:

  • First party data isn’t holy water. It doesn’t absolve all data of sin and still requires a proper legal basis (for GDPR), transparency (all laws); consent or the ability to opt out, etc.
  • Advising clients on their obligations under the various U.S. data protection laws is a bit like playing Sudoku. You have to puzzle out the grid, figure out which bit applies where and then apply the strictest requirement to each type of processing.
  • 2021 has certainly “raised the line” on privacy awareness and enforcement in the U.S. with new state laws (VA CDPA and CO CPA); dozens of privacy bills both state and Federal and a revamp of the FTC promising to provide more enforcement and more guidance.
  • When it comes to your use of personal information for marketing: trust but verify. Consumers are more likely to share information with brands that they trust. But verify that you really are using the data as you say you are and that it isn’t being compromised by the actions of third parties with whom you share data.
  • Anonymization isn’t easy and isn’t a spot in time thing. You need to make sure you tell your attorneys what you have done to anonymize and how this could be re-identified. You need to establish policies and procedures to prevent re-identification by you and your downstream service providers and you need to have a system (preferably automated) to monitor this.