DrupalCon 2023 Pittsburgh Presentation: Marketing Meets Privacy, what you need to know in 2023. Privacy legislation is rapidly evolving throughout the United States and keeping up with the new laws, regulations, and policies can be a challenge for web and marketing teams. To make it more confusing, these laws are being passed at the state level, with rules and regulations that vary by state. In this session, we will focus on the privacy consent aspect of these laws and how this works with your web and marketing technology stacks. In this session we will discuss: 1. Brief overview of privacy landscape in 2023 2. What do these privacy laws mean for web and marketing teams now and into the near future 3. Consent Management & Tag Managers 4. Q&A YouTube Link: https://www.youtube.com/watch?v=22p14sCxWDQ&list=PLpeDXSh4nHjTZrlCUtl_xp87F3plT7czE&index=65

1. June 6, 2023
Marketing Meets Privacy
What You Need to Know in 2023

2. John Doyle
Digital Polygon
CEO, Technical Architect
E-Mail: john@digitalpolygon.com
Rick Buck
Executive Director, Data Privacy
Officer
● Building a better internet
● Hiking, snowboarding, and
sailing the seven seas
● Use privacy as a competitive advantage
● Biker, Golfer, Music Lover
A BIG Thanks to
Rick Buck!

3. DISCLAIMER: We are not lawyers. Your legal requirements related to these privacy laws should
be determined by your legal council and privacy teams!
1. Current Privacy Landscape in the US
2. Privacy and My Website
3. Useful resources for staying ahead of new privacy laws
4. Q&A
Agenda

4. Privacy Changes are
Moving Fast

6. Copyright © 2023 Digital Polygon | All rights reserved
The evolving privacy landscape

7. State Overview
● California - 1 Jan 2023
● Virginia - 1 Jan 2023
● Colorado - 1 July 2023
● Connecticut - 1 July 2023
● Utah - 31 Dec 2023
● Tennessee - 1 July 2024
● Montana - 1 Oct 2024
● Iowa - 1 Jan 2025
● Indiana - 1 Jan 2026
AS OF 4/7/22

9. State Overview
● All have consumer rights
● All have slightly different
requirements
○ Private Right of Action
○ Rectification
○ Automated Decision Making
○ Sensitive Data
○ Privacy Impact Assessments
○ Do Not Sell Requirements
○ Data Retention
○ Privacy Notices
AS OF 4/7/2022

10. 1. There are an increasing number of international privacy laws.
2. There are an increasing number of US state privacy laws.
3. Most new laws closely resemble GDPR
a. Notice and Choice
b. Privacy Rights
c. Focus on Surveillance and Ad Tech
d. Accountability for Downstream Vendors
e. Heavy Penalties
Privacy is Here to Stay

11. “Who has the data has the power”
Tim O’Reilly
User
Experience
Personalization
Retargeting
Informed
Decision
Making
Improve Product
Features
Advertising
Targeted
Messaging
Improving
Conversions
Segmentation
Predictive
Modeling
Targeted
Campaigns
Connected
Audiences

12. What About My
Website?

13. Your Website Supports 3 Key Pillars of Privacy
Provide Information
Privacy policies are not
anything new, but the
content they must include
is expanding forcing
organizations to be more
transparent about what
data they collect and how
they use it.
Facilitate Requests
Business must now
provide a process for
facilitating user requests
to delete, access, rectify
and port their privacy
related data collected via
cookies, pixels, forms, etc.
Manage Consent
Privacy laws provide a
means to enable users to
take control of their privacy
preferences by opting-in or
-out of various triggers. This
could be cookie consent,
tracking consent, or do not
sell my information consent.

14. Your Website Supports 3 Key Pillars of Privacy
Provide Information
1. Privacy Notice
2. Cookie Usage
Facilitate Requests
1. Delete
2. Access
3. Rectification
4. Portability
Manage Consent
1. Cookie Consent
2. Tracking Consent
3. Do Not Sell Consent
4. Consent for Targeted
Advertising and
Automated Decision
Making
E-MAIL
SOCIAL
Website
CRM CDP
3rd Party
Providers
Analytics Ad Platforms

15. Providing
Information
Say what you do…
● Privacy Notices
● Cookie Usage
● Data Collection Practices
Pillar

16. Facilitate
Requests
Give users access to their rights…
● Delete
● Access
● Rectification
● Portability
Pillar

17. Manage
Consent
Do what you say…
● Cookie Consent
● Tracking Consent
● Do Not Sell Consent
● Consent for Targeted Advertising
and Automated Decision Making
● GPC Signals
Pillar

18. Moving Away from Cookie Banners? Maybe?
● Banner blindness is real
and industry experts are
recognizing that maybe
cookie banners are not the
best approach to privacy.
● The US Privacy Laws do not
dictate the use of cookie
banners.
● There are better user
experiences available.

19. Let’s take a simple
marketing example for
consent

21. When Opt-out is given, don’t load scripts
It is more than cookies - 3rd party scripts that are embedded on your
website can track information about your users without the use of cookies.

22. What’s to Come?
(Sorry in advance to the marketers!)

23. Recap
1. Users need the opportunity to opt-out before they are tracked.
2. Some of the laws have opt-in for certain conditions.
3. GPC Signal covers only Do Not Sell/Share.
….. So what about all of the other consents?

24. State Overview
● All have consumer rights
● All have slightly different
requirements
○ Private Right of Action
○ Rectification
○ Automated Decision Making
○ Sensitive Data
○ Privacy Impact Assessments
○ Do Not Sell Requirements
○ Data Retention
○ Privacy Notices
AS OF 4/7/2022

25. Standards Will Be Introduced
Websites will be
expected to adhere to
these
standards/automatio
n principals (similar to
the TCF 2.0 Framework
in the EU).

32. There are tools to help.

33. Drupal Modules
Open Source Enables!
● COOKiES Consent Management
● General Data Protection Regulation
There are also a number of 3rd party
vendors who provide cookie consent
and privacy integration to streamline
your compliance process.
1. WireWheel
2. UserCentrics
3. OneTrust
4. Didomi
5. Many more!
Tools

34. Global Privacy
Control Signal
Respecting user choices
The Global Privacy Control signal aims
to set a standard for exercising users
privacy rights.
Tools

35. Google Consent
Mode
Google Consent Mode will adjust
the behavior of normal tracking
pings to alter the information that
is collected to respect a users
preferences.
● Consent status pings (Google
Ads and Floodlight tags)
● Conversion pings
● Google Analytics pings
Tools

36. Key Takeaways
Privacy is way more than just a button at the bottom of your screen.
It is...
1. Your organization's responsibility to know the laws and regulations
2. Saying what you do
3. Doing what you say
4. Giving the power for users to choose

37. Together We Can Build a
Better Internet

38. Legislation Related Resources
1. IAPP US State Privacy Legislation Chart:
https://iapp.org/media/pdf/resource_center/State_Comp_Privacy_Law_Chart.pdf
2. IAPP US State Privacy Legislation Tracker:
https://iapp.org/resources/article/us-state-privacy-legislation-tracker/
3. WireWheel’s Privacy Law Comparison Table: https://wirewheel.io/privacy-laws-table/
Additional Resources to Help With Your
Privacy Journey
Consent Automation
1. GPC Signal: https://globalprivacycontrol.org/
2. GPP Spec:
https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/tree/main
3. Google Consent Mode: https://support.google.com/analytics/answer/9976101?hl=en
4. TCF 2.0: https://iabeurope.eu/tcf-2-0/