SlideShare a Scribd company logo

TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist for Compliance.pdf

TrustArc
TrustArc

Unlock the definitive guide to managing your online tracking technology vendors effectively. This webinar delves into a comprehensive and actionable set of best practices that every organization needs. From meticulous website scans to in-depth contract reviews, from precise consent categorization to harmonizing diverse frameworks, our checklist ensures you cover all the crucial touchpoints. Equip yourself with this essential framework and confidently navigate the complex landscape of online tracking compliance, using our step-by-step roadmap as your trusted reference. Join our panel of experts in the webinar as they equip you with the knowledge and strategies for navigating vendor relationships under CPRA.

1 of 29
Download to read offline
© 2023 TrustArc Inc. Proprietary and Confidential Information.
Managing Online Tracking
Technology Vendors:
A Checklist for Compliance
2
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.
3
Speakers
Taylor A. Bloom
Partner
BakerHostetler
Ryan Ostendorf
Product Manager
TrustArc
Andrew Scott
Privacy Counsel
TrustArc
Agenda
• Levelsetting
○ Ad Tech Vendors
○ Tracking Technologies
○ The Scope of Personal Information
• Market Forces
○ CA & Other States
○ FTC and MHMD
○ EU
• Managing Your Ad Tech
• Putting It All Together
• Looking Ahead to 2024
• How TrustArc & BakerHostetler can help
Levelsetting
● Ad Tech Vendors
● Tracking Technologies
● Personal Information in Scope
6
Ad Tech Vendors
December 2022: OCR released controversial bulletin calling out vendors:
“Regulated entities are not permitted to use tracking technologies in a manner that
would result in impermissible disclosures of PHI to tracking technology vendors.”
August 2023: Interactive Advertising Bureau released its State Privacy Law
Survey Results. The survey highlighted the concern respondents had with
respect to their vendor compliance, implicating tracking technology vendors:
● A consensus that a lack of adequate contract controls are in place
● Challenges remain for businesses to enter into contracts with privacy
protective provisions with third parties in Ad Tech ecosystem
● Nearly half of respondents do not feel prepared to comply with the
vendor due diligence obligations required under the laws.
August 2022: California AG’ Alleged Sephora did not have valid service provider
contracts in place.

Recommended

FOSDEM 2024 Neo in the Matrix
FOSDEM 2024 Neo in the MatrixFOSDEM 2024 Neo in the Matrix
FOSDEM 2024 Neo in the MatrixOlimex Bulgaria
 
Fixing SCADA: How Ignition Reduces Frustration
Fixing SCADA: How Ignition Reduces FrustrationFixing SCADA: How Ignition Reduces Frustration
Fixing SCADA: How Ignition Reduces FrustrationInductive Automation
 
peran visual dlm pembelajaran
peran visual dlm pembelajaranperan visual dlm pembelajaran
peran visual dlm pembelajaranAprilia putri
 
Sampah Masih Tetap Jadi Sampah. Majalah Air Minum dan Penyehatan Lingkungan '...
Sampah Masih Tetap Jadi Sampah. Majalah Air Minum dan Penyehatan Lingkungan '...Sampah Masih Tetap Jadi Sampah. Majalah Air Minum dan Penyehatan Lingkungan '...
Sampah Masih Tetap Jadi Sampah. Majalah Air Minum dan Penyehatan Lingkungan '...Oswar Mungkasa
 
Developing Digital Competency Standards (DCS) as a Tool to Measure Students’ ...
Developing Digital Competency Standards (DCS) as a Tool to Measure Students’ ...Developing Digital Competency Standards (DCS) as a Tool to Measure Students’ ...
Developing Digital Competency Standards (DCS) as a Tool to Measure Students’ ...Fadzliaton Zainudin
 
Геймификация с помощью PowerPoint
Геймификация с помощью PowerPointГеймификация с помощью PowerPoint
Геймификация с помощью PowerPointiSpring Solutions, Inc
 
Pengertian ICMP, ARP, DHCP, MPLS, OSPF, BGP, Backbone.
Pengertian ICMP, ARP, DHCP, MPLS, OSPF, BGP, Backbone. Pengertian ICMP, ARP, DHCP, MPLS, OSPF, BGP, Backbone.
Pengertian ICMP, ARP, DHCP, MPLS, OSPF, BGP, Backbone. Febry San
 
Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfSecurity Bootcamp
 

More Related Content

Similar to TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist for Compliance.pdf

TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCMassociates
 
Time to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisisTime to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisismrleiser
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
Data opportunities mini whitepaper
Data opportunities mini whitepaperData opportunities mini whitepaper
Data opportunities mini whitepaperRobert Bowstead
 
Government Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 WorldGovernment Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 WorldFranciel
 
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge  October 202...Steve Wood Generative AI and Data Protection Asia Privacy Bridge  October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...stevewood900540
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Kwanko
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketinggaurav jain
 
Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Roger Royse
 
Privacy & Big Data: "What Marketers Need to Know About Privacy"
Privacy & Big Data: "What Marketers Need to Know About Privacy"Privacy & Big Data: "What Marketers Need to Know About Privacy"
Privacy & Big Data: "What Marketers Need to Know About Privacy"iMedia Connection
 

Similar to TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist for Compliance.pdf (20)

TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing Impact
 
Time to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisisTime to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisis
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
 
Data opportunities mini whitepaper
Data opportunities mini whitepaperData opportunities mini whitepaper
Data opportunities mini whitepaper
 
Government Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 WorldGovernment Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 World
 
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge  October 202...Steve Wood Generative AI and Data Protection Asia Privacy Bridge  October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketing
 
Big data: Bringing competition policy to the digital era – Background note – ...
Big data: Bringing competition policy to the digital era – Background note – ...Big data: Bringing competition policy to the digital era – Background note – ...
Big data: Bringing competition policy to the digital era – Background note – ...
 
ClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action Plan
 
Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues
 
Privacy & Big Data: "What Marketers Need to Know About Privacy"
Privacy & Big Data: "What Marketers Need to Know About Privacy"Privacy & Big Data: "What Marketers Need to Know About Privacy"
Privacy & Big Data: "What Marketers Need to Know About Privacy"
 
Case Study Superdrug
Case Study SuperdrugCase Study Superdrug
Case Study Superdrug
 

More from TrustArc

TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act:  Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act:  Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowTrustArc
 
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc
 
Why Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartWhy Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartTrustArc
 
Data Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy QuestionsData Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy QuestionsTrustArc
 
TrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc
 

More from TrustArc (20)

TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act:  Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act:  Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
 
Why Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartWhy Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To Start
 
Data Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy QuestionsData Privacy Perspectives: Get Answers to Your Privacy Questions
Data Privacy Perspectives: Get Answers to Your Privacy Questions
 
TrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA Compliance
 

Recently uploaded

Python For Kids - Sách Lập trình cho trẻ em
Python For Kids - Sách Lập trình cho trẻ emPython For Kids - Sách Lập trình cho trẻ em
Python For Kids - Sách Lập trình cho trẻ emNho Vĩnh
 
AGFM - Toyota Coaster 1HZ Install Guide.pdf
AGFM - Toyota Coaster 1HZ Install Guide.pdfAGFM - Toyota Coaster 1HZ Install Guide.pdf
AGFM - Toyota Coaster 1HZ Install Guide.pdfRodneyThomas28
 
software-quality-assurance question paper 2023
software-quality-assurance question paper 2023software-quality-assurance question paper 2023
software-quality-assurance question paper 2023RohanMistry15
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...ShapeBlue
 
Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeJosh Gellers
 
Key projects in AI, ML and Generative AI
Key projects in AI, ML and Generative AIKey projects in AI, ML and Generative AI
Key projects in AI, ML and Generative AIVijayananda Mohire
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceVijayananda Mohire
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software
 
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024BookNet Canada
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...Neo4j
 
Achieving Excellence IESVE for HVAC Simulation.pdf
Achieving Excellence IESVE for HVAC Simulation.pdfAchieving Excellence IESVE for HVAC Simulation.pdf
Achieving Excellence IESVE for HVAC Simulation.pdfIES VE
 
National Institute of Standards and Technology (NIST) Cybersecurity Framework...
National Institute of Standards and Technology (NIST) Cybersecurity Framework...National Institute of Standards and Technology (NIST) Cybersecurity Framework...
National Institute of Standards and Technology (NIST) Cybersecurity Framework...MichaelBenis1
 
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueShapeBlue
 
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...DianaGray10
 
iOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingeriOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingerssuser9354ce
 
SKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesSKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesNeo4j
 
Low Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsLow Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsScyllaDB
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfinfogdgmi
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewAshraf Fouad
 

Recently uploaded (20)

Python For Kids - Sách Lập trình cho trẻ em
Python For Kids - Sách Lập trình cho trẻ emPython For Kids - Sách Lập trình cho trẻ em
Python For Kids - Sách Lập trình cho trẻ em
 
AGFM - Toyota Coaster 1HZ Install Guide.pdf
AGFM - Toyota Coaster 1HZ Install Guide.pdfAGFM - Toyota Coaster 1HZ Install Guide.pdf
AGFM - Toyota Coaster 1HZ Install Guide.pdf
 
software-quality-assurance question paper 2023
software-quality-assurance question paper 2023software-quality-assurance question paper 2023
software-quality-assurance question paper 2023
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
 
Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human Justice
 
Key projects in AI, ML and Generative AI
Key projects in AI, ML and Generative AIKey projects in AI, ML and Generative AI
Key projects in AI, ML and Generative AI
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial Intelligence
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & Esri
 
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
 
Achieving Excellence IESVE for HVAC Simulation.pdf
Achieving Excellence IESVE for HVAC Simulation.pdfAchieving Excellence IESVE for HVAC Simulation.pdf
Achieving Excellence IESVE for HVAC Simulation.pdf
 
National Institute of Standards and Technology (NIST) Cybersecurity Framework...
National Institute of Standards and Technology (NIST) Cybersecurity Framework...National Institute of Standards and Technology (NIST) Cybersecurity Framework...
National Institute of Standards and Technology (NIST) Cybersecurity Framework...
 
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
 
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
 
iOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingeriOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostinger
 
SKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesSKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologies
 
Low Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsLow Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & Pitfalls
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdf
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book Review
 
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
 

TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist for Compliance.pdf

  • 1. © 2023 TrustArc Inc. Proprietary and Confidential Information. Managing Online Tracking Technology Vendors: A Checklist for Compliance
  • 2. 2 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
  • 3. 3 Speakers Taylor A. Bloom Partner BakerHostetler Ryan Ostendorf Product Manager TrustArc Andrew Scott Privacy Counsel TrustArc
  • 4. Agenda • Levelsetting ○ Ad Tech Vendors ○ Tracking Technologies ○ The Scope of Personal Information • Market Forces ○ CA & Other States ○ FTC and MHMD ○ EU • Managing Your Ad Tech • Putting It All Together • Looking Ahead to 2024 • How TrustArc & BakerHostetler can help
  • 5. Levelsetting ● Ad Tech Vendors ● Tracking Technologies ● Personal Information in Scope
  • 6. 6 Ad Tech Vendors December 2022: OCR released controversial bulletin calling out vendors: “Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of PHI to tracking technology vendors.” August 2023: Interactive Advertising Bureau released its State Privacy Law Survey Results. The survey highlighted the concern respondents had with respect to their vendor compliance, implicating tracking technology vendors: ● A consensus that a lack of adequate contract controls are in place ● Challenges remain for businesses to enter into contracts with privacy protective provisions with third parties in Ad Tech ecosystem ● Nearly half of respondents do not feel prepared to comply with the vendor due diligence obligations required under the laws. August 2022: California AG’ Alleged Sephora did not have valid service provider contracts in place.
  • 7. 7 The Definition of Personal Information is Broad CCPA’s Definition: “...information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household… a unique personal identifier, an online identifier, an Internet Protocol Address, an email, other similar identifiers, internet or other electronic network activity information, or geolocation.” CCPA § 1798.140(v). ● Unique Identifiers: Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device that is linked to a consumer or family. CCPA § 1798.140(aj). ● Precise Geolocation: Derived from a device that is used or intended to be used to locate a consumer within a geographic area that is not equal to or less than the area of a circle with a radius of 1,850 feet. CCPA § 1798.140(w). ● Internet or other electronic network activity information (e.g. browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement). CCPA § 1798.140(f).
  • 8. 8 Technologies that Can Collect Personal Information Cookies Pixels SDKs Third Party Libraries Web Beacons Session Replay Tech Others
  • 9. Market Forces California Colorado, Connecticut, Virginia, and Utah Health Sector Litigation EU
  • 10. 10 California’s Enforcement of the Sale/Share What Happened? In August 2022, the California Attorney General’s Enforcement Action--Sephora--, construed the definition of “Sale” when online tracking technologies are involved: “Sale Using Online Tracking Technology means Sale where [1] the business [2] discloses or makes available consumers’ personal information to third parties through the use of online tracking technologies such as [a] pixels, [b] web beacons, [c] software development kits, [d] third party libraries, and [e] cookies, [3] in exchange for monetary or other valuable consideration, including, but not limited to: (a) personal information or other information such as analytics; or (b) free or discounted services.” See Final J. & Permanent Inj., California v. Sephora USA, Inc., No. CGC-22-601380 (S.F. Super. Ct. Aug. 24, 2022). What you need to know Incorporating this new understanding of Sale into your tracking technology vendor management practice is critical. If an organization is engaging in a Sale/Share, this triggers several different enforceable obligations under the law.
  • 11. 11 Assessing Your Ad Tech Vendor 1) Is your organization subject to the CCPA? 2) Does your organization use Online Tracking Technologies? 3) Is your organization disclosing or making available CA consumersʼ personal information to third parties? 4) Is there a monetary or non-monetary benefit exchanged with the third party? a) Monetary Benefit: Direct financial payment (traditional currency) or other financial benefits OR b) Non-Monetary Benefit: a) analytics or b) free or discounted services 5) Are there any exceptions to Sale? 6) Classify your Vendor ● Service Provider or Third Party ● If itʼs a Third Party, you must provide an opt-out
  • 12. 12 Colorado, Connecticut, Virginia, and Utah California Consumer Privacy Act (CCPA) •Right to opt out of Sharing for Cross Context Behavioral Advertising Virginia Consumer Data Protection Act (VCDPA) •Right to opt out of Processing for purposes of Targeted Advertising Colorado Privacy Act (CPA) •Right to opt out of Processing for purposes of Targeted Advertising Connecticut Data Protection Act (CTDPA) •Right to opt out of Processing for purposes of Targeted Advertising Utah Consumer Protection Act (UCPA) •Right to opt out of Processing for purposes of Targeted Advertising
  • 13. 13 Health Privacy: What Happened and What You Need to Know FTC Enforcement Actions: ○ Definition: Enforcement actions in 2023 indicate Sensitive Health Data is no longer limited to Personal Health Information ("PHI") under HIPAA; the updated definition is very broad, including anything that conveys information or enables inferences about a consumer’s health. ○ Disclosure/Collection: The use of tracking technologies in collection or disclosure of sensitive PI may be deemed an unauthorized disclosure (Health Breach Notification Law) or breaches the promises in its privacy policy without affirmative express consent. ○ Enforcement: Companies need to exercise extreme caution when using online tracking technologies. The FTC will continue doing everything in its powers to protect consumers’ health information from potential misuse and exploitation. Washington’s My Health My Data: Obligations on any-sized businesses that “process” broadly defined “consumer health data.” There are dramatically increased compliance burdens related to notice and consent. The Act goes into effect on March 31, 2024 (for large businesses) and June 30, 2024 (for small & medium businesses). A Private Right of Action is provided.
  • 14. 14 Litigation: What is Happening Recent developments indicate an escalating risk from U.S. lawsuits concerning consent, notice, and disclosure practices associated with online tracking technologies. There is an increasing frequency among plaintiffs’ attorneys to employ creative and unconventional legal theories to test the truth around publicly made statements (notice), consent, and disclosure practices related to online tracking technologies. Lawyers continue using non-traditional privacy laws to allege violations because these laws make available powerful remedies, such as punitive, statutory, and treble damages, in the form of a private right of action that isn’t available in comprehensive privacy laws outside a data breach. Legal theories we have seen used ● Wiretapping laws ● Video Privacy Protection Act ● The California Invasion Of Privacy Act ● RICO Conspiracy ● California Penal Code §§ 631 And 632
  • 15. 15 EU/UK What to know. While the definition of personal information does not specifically include tracking technologies in the GDPR/UK GDPR, the scope is broad enough to interpret trackers (i.e., cookies) as personal information. Importantly, ePrivacy Directive (EU) and the PECR (UK) complements the regulations, specifically addressing cookies and similar technologies. “Cookie” enforcement is a priority of the EU’s data protection authorities. The EDPB’s Cookie Banner Taskforce issued a report about in January 2023, focusing on consent, cookie walls, and ther cookie banner compliance guidance. DPAs (e.g., Belgium, France, Spain, and others) are issuing and harmonizing cookie consent guidance documents. What is happening. The EDPB is currently soliciting comments on recently issued guidelines on the scope of personal information and tracking technologies. What to expect. Cookie enforcement will continue tick up. Also, there is a trend to sharing more transparency around information related to cookie purposes.
  • 17. 17 Explaining Differences Between CMP + TMS ● Consent Management Provider (CMP) provides a notice and choice mechanism ● Tag Management System (TMS) provides ability to centrally control execution of third party code which is what allows collection based on trackers on the users browser. Controlling of tags will allow blocking of cookies/trackers and & data collection
  • 18. 18 Explaining Differences Between CMP + TMS Scanning
  • 19. 19 Explaining Differences Between CMP + TMS Discovery
  • 20. 20 Explaining Differences Between CMP + TMS Notice and Consent
  • 21. 21 Explaining Differences Between CMP + TMS Tag Management ● Controlling which code fires based on the users consent choice in the CMP
  • 22. 22 Explaining Differences Between CMP + TMS Alternatives to Tag Management ● Use a tag blocking solution by the CMP. This will attempt to automatically block requests to third party code ● Use API by the CMP to block your own code and only execute if consent choices are opted-in
  • 23. 23 Auditing Conduct Scans of your Website to validate compliance ● Are trackers dropping in GDPR region prior to user opting in? ● Are Trackers dropping if the user has opted out? ● For CCPA if user has opted out to advertising, are advertising trackers still dropping?
  • 24. Putting it all together
  • 25. 25 Onboarding an Ad Tech Vendor Stakeholder submits vendor request assessment Privacy Office / outside counsel conducts due diligence Privacy Office / outside counsel negotiate agreement, including DPA Privacy Office Record findings along the way Configure technology with a Consent Manager Platform and Tag Management Solution Implement the technology on website Ensure notice practices reflect tech on site Run an initial scan to ensure opt-out working Develop a cadence for scanning
  • 27. 27 Looking Ahead to 2024 1. New solutions with Consent Management Platforms may be needed if Google deprecates third party cookies. 2. The EDPB is looking to expand its scope on personal information and tracking technologies. 3. Anticipate more Data Protection Authorities will continue to harmonize cookie enforcement. 4. FTC enforcement will continue. 5. CPPA will focus more on what’s going on “behind the scenes.” 6. My Health My Data Act will to go into effect. 7. Litigation will continue.
  • 28. How TrustArc and BakerHostetler Can Help Manage Your Ad Tech Vendors Taylor A. Bloom tbloom@bakerlaw.com Andrew Scott ascott@trustarc.com Ryan Ostendorf rostendorf@trustarc.com
  • 29. 29 Questions & Answers Please use Zoom Q&A function to ask a question.