SlideShare a Scribd company logo

TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist for Compliance.pdf

TrustArc
TrustArc

Unlock the definitive guide to managing your online tracking technology vendors effectively. This webinar delves into a comprehensive and actionable set of best practices that every organization needs. From meticulous website scans to in-depth contract reviews, from precise consent categorization to harmonizing diverse frameworks, our checklist ensures you cover all the crucial touchpoints. Equip yourself with this essential framework and confidently navigate the complex landscape of online tracking compliance, using our step-by-step roadmap as your trusted reference. Join our panel of experts in the webinar as they equip you with the knowledge and strategies for navigating vendor relationships under CPRA.

Technology
1 of 29
Download to read offline
© 2023 TrustArc Inc. Proprietary and Confidential Information. Managing Online Tracking Technology Vendors: A Checklist for Compliance
2 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
3 Speakers Taylor A. Bloom Partner BakerHostetler Ryan Ostendorf Product Manager TrustArc Andrew Scott Privacy Counsel TrustArc
Agenda • Levelsetting ○ Ad Tech Vendors ○ Tracking Technologies ○ The Scope of Personal Information • Market Forces ○ CA & Other States ○ FTC and MHMD ○ EU • Managing Your Ad Tech • Putting It All Together • Looking Ahead to 2024 • How TrustArc & BakerHostetler can help
Levelsetting ● Ad Tech Vendors ● Tracking Technologies ● Personal Information in Scope
6 Ad Tech Vendors December 2022: OCR released controversial bulletin calling out vendors: “Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of PHI to tracking technology vendors.” August 2023: Interactive Advertising Bureau released its State Privacy Law Survey Results. The survey highlighted the concern respondents had with respect to their vendor compliance, implicating tracking technology vendors: ● A consensus that a lack of adequate contract controls are in place ● Challenges remain for businesses to enter into contracts with privacy protective provisions with third parties in Ad Tech ecosystem ● Nearly half of respondents do not feel prepared to comply with the vendor due diligence obligations required under the laws. August 2022: California AG’ Alleged Sephora did not have valid service provider contracts in place.
7 The Definition of Personal Information is Broad CCPA’s Definition: “...information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household… a unique personal identifier, an online identifier, an Internet Protocol Address, an email, other similar identifiers, internet or other electronic network activity information, or geolocation.” CCPA § 1798.140(v). ● Unique Identifiers: Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device that is linked to a consumer or family. CCPA § 1798.140(aj). ● Precise Geolocation: Derived from a device that is used or intended to be used to locate a consumer within a geographic area that is not equal to or less than the area of a circle with a radius of 1,850 feet. CCPA § 1798.140(w). ● Internet or other electronic network activity information (e.g. browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement). CCPA § 1798.140(f).
8 Technologies that Can Collect Personal Information Cookies Pixels SDKs Third Party Libraries Web Beacons Session Replay Tech Others
Market Forces California Colorado, Connecticut, Virginia, and Utah Health Sector Litigation EU
10 California’s Enforcement of the Sale/Share What Happened? In August 2022, the California Attorney General’s Enforcement Action--Sephora--, construed the definition of “Sale” when online tracking technologies are involved: “Sale Using Online Tracking Technology means Sale where [1] the business [2] discloses or makes available consumers’ personal information to third parties through the use of online tracking technologies such as [a] pixels, [b] web beacons, [c] software development kits, [d] third party libraries, and [e] cookies, [3] in exchange for monetary or other valuable consideration, including, but not limited to: (a) personal information or other information such as analytics; or (b) free or discounted services.” See Final J. & Permanent Inj., California v. Sephora USA, Inc., No. CGC-22-601380 (S.F. Super. Ct. Aug. 24, 2022). What you need to know Incorporating this new understanding of Sale into your tracking technology vendor management practice is critical. If an organization is engaging in a Sale/Share, this triggers several different enforceable obligations under the law.
11 Assessing Your Ad Tech Vendor 1) Is your organization subject to the CCPA? 2) Does your organization use Online Tracking Technologies? 3) Is your organization disclosing or making available CA consumersʼ personal information to third parties? 4) Is there a monetary or non-monetary benefit exchanged with the third party? a) Monetary Benefit: Direct financial payment (traditional currency) or other financial benefits OR b) Non-Monetary Benefit: a) analytics or b) free or discounted services 5) Are there any exceptions to Sale? 6) Classify your Vendor ● Service Provider or Third Party ● If itʼs a Third Party, you must provide an opt-out
12 Colorado, Connecticut, Virginia, and Utah California Consumer Privacy Act (CCPA) •Right to opt out of Sharing for Cross Context Behavioral Advertising Virginia Consumer Data Protection Act (VCDPA) •Right to opt out of Processing for purposes of Targeted Advertising Colorado Privacy Act (CPA) •Right to opt out of Processing for purposes of Targeted Advertising Connecticut Data Protection Act (CTDPA) •Right to opt out of Processing for purposes of Targeted Advertising Utah Consumer Protection Act (UCPA) •Right to opt out of Processing for purposes of Targeted Advertising
13 Health Privacy: What Happened and What You Need to Know FTC Enforcement Actions: ○ Definition: Enforcement actions in 2023 indicate Sensitive Health Data is no longer limited to Personal Health Information ("PHI") under HIPAA; the updated definition is very broad, including anything that conveys information or enables inferences about a consumer’s health. ○ Disclosure/Collection: The use of tracking technologies in collection or disclosure of sensitive PI may be deemed an unauthorized disclosure (Health Breach Notification Law) or breaches the promises in its privacy policy without affirmative express consent. ○ Enforcement: Companies need to exercise extreme caution when using online tracking technologies. The FTC will continue doing everything in its powers to protect consumers’ health information from potential misuse and exploitation. Washington’s My Health My Data: Obligations on any-sized businesses that “process” broadly defined “consumer health data.” There are dramatically increased compliance burdens related to notice and consent. The Act goes into effect on March 31, 2024 (for large businesses) and June 30, 2024 (for small & medium businesses). A Private Right of Action is provided.
14 Litigation: What is Happening Recent developments indicate an escalating risk from U.S. lawsuits concerning consent, notice, and disclosure practices associated with online tracking technologies. There is an increasing frequency among plaintiffs’ attorneys to employ creative and unconventional legal theories to test the truth around publicly made statements (notice), consent, and disclosure practices related to online tracking technologies. Lawyers continue using non-traditional privacy laws to allege violations because these laws make available powerful remedies, such as punitive, statutory, and treble damages, in the form of a private right of action that isn’t available in comprehensive privacy laws outside a data breach. Legal theories we have seen used ● Wiretapping laws ● Video Privacy Protection Act ● The California Invasion Of Privacy Act ● RICO Conspiracy ● California Penal Code §§ 631 And 632
15 EU/UK What to know. While the definition of personal information does not specifically include tracking technologies in the GDPR/UK GDPR, the scope is broad enough to interpret trackers (i.e., cookies) as personal information. Importantly, ePrivacy Directive (EU) and the PECR (UK) complements the regulations, specifically addressing cookies and similar technologies. “Cookie” enforcement is a priority of the EU’s data protection authorities. The EDPB’s Cookie Banner Taskforce issued a report about in January 2023, focusing on consent, cookie walls, and ther cookie banner compliance guidance. DPAs (e.g., Belgium, France, Spain, and others) are issuing and harmonizing cookie consent guidance documents. What is happening. The EDPB is currently soliciting comments on recently issued guidelines on the scope of personal information and tracking technologies. What to expect. Cookie enforcement will continue tick up. Also, there is a trend to sharing more transparency around information related to cookie purposes.
Managing Your Ad Tech
17 Explaining Differences Between CMP + TMS ● Consent Management Provider (CMP) provides a notice and choice mechanism ● Tag Management System (TMS) provides ability to centrally control execution of third party code which is what allows collection based on trackers on the users browser. Controlling of tags will allow blocking of cookies/trackers and & data collection
18 Explaining Differences Between CMP + TMS Scanning
19 Explaining Differences Between CMP + TMS Discovery
20 Explaining Differences Between CMP + TMS Notice and Consent
21 Explaining Differences Between CMP + TMS Tag Management ● Controlling which code fires based on the users consent choice in the CMP
22 Explaining Differences Between CMP + TMS Alternatives to Tag Management ● Use a tag blocking solution by the CMP. This will attempt to automatically block requests to third party code ● Use API by the CMP to block your own code and only execute if consent choices are opted-in
23 Auditing Conduct Scans of your Website to validate compliance ● Are trackers dropping in GDPR region prior to user opting in? ● Are Trackers dropping if the user has opted out? ● For CCPA if user has opted out to advertising, are advertising trackers still dropping?
Putting it all together
25 Onboarding an Ad Tech Vendor Stakeholder submits vendor request assessment Privacy Office / outside counsel conducts due diligence Privacy Office / outside counsel negotiate agreement, including DPA Privacy Office Record findings along the way Configure technology with a Consent Manager Platform and Tag Management Solution Implement the technology on website Ensure notice practices reflect tech on site Run an initial scan to ensure opt-out working Develop a cadence for scanning
Looking ahead to 2024
27 Looking Ahead to 2024 1. New solutions with Consent Management Platforms may be needed if Google deprecates third party cookies. 2. The EDPB is looking to expand its scope on personal information and tracking technologies. 3. Anticipate more Data Protection Authorities will continue to harmonize cookie enforcement. 4. FTC enforcement will continue. 5. CPPA will focus more on what’s going on “behind the scenes.” 6. My Health My Data Act will to go into effect. 7. Litigation will continue.
How TrustArc and BakerHostetler Can Help Manage Your Ad Tech Vendors Taylor A. Bloom tbloom@bakerlaw.com Andrew Scott ascott@trustarc.com Ryan Ostendorf rostendorf@trustarc.com
29 Questions & Answers Please use Zoom Q&A function to ask a question.

Recommended

Games In Medical Education
Games In Medical EducationGames In Medical Education
Games In Medical EducationMark Childs
 
Foresight and technology foresight for scg
Foresight and technology foresight for scgForesight and technology foresight for scg
Foresight and technology foresight for scgNares Damrongchai
 
Milgram research evil
Milgram research evilMilgram research evil
Milgram research evilAQUINASPSYCHOLOGY
 
How to Sell Like CRAZY - Online and Offline
How to Sell Like CRAZY - Online and OfflineHow to Sell Like CRAZY - Online and Offline
How to Sell Like CRAZY - Online and OfflineMarie Warner
 
Marketing mix mali
Marketing mix maliMarketing mix mali
Marketing mix maliNimali Kanakarathna
 
What's a digital trend?
What's a digital trend?What's a digital trend?
What's a digital trend?Laurent François
 
Obedience and authority
Obedience and authorityObedience and authority
Obedience and authorityCol Mukteshwar Prasad
 
PSY 239 401 Chapter 5 SLIDES
PSY 239 401 Chapter 5 SLIDESPSY 239 401 Chapter 5 SLIDES
PSY 239 401 Chapter 5 SLIDESkimappel
 

Recommended

Games In Medical Education
Games In Medical EducationGames In Medical Education
Games In Medical EducationMark Childs
 
Foresight and technology foresight for scg
Foresight and technology foresight for scgForesight and technology foresight for scg
Foresight and technology foresight for scgNares Damrongchai
 
Milgram research evil
Milgram research evilMilgram research evil
Milgram research evilAQUINASPSYCHOLOGY
 
How to Sell Like CRAZY - Online and Offline
How to Sell Like CRAZY - Online and OfflineHow to Sell Like CRAZY - Online and Offline
How to Sell Like CRAZY - Online and OfflineMarie Warner
 
Marketing mix mali
Marketing mix maliMarketing mix mali
Marketing mix maliNimali Kanakarathna
 
What's a digital trend?
What's a digital trend?What's a digital trend?
What's a digital trend?Laurent François
 
Obedience and authority
Obedience and authorityObedience and authority
Obedience and authorityCol Mukteshwar Prasad
 
PSY 239 401 Chapter 5 SLIDES
PSY 239 401 Chapter 5 SLIDESPSY 239 401 Chapter 5 SLIDES
PSY 239 401 Chapter 5 SLIDESkimappel
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCMassociates
 
Time to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisisTime to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisismrleiser
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfAdzappier
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
Data opportunities mini whitepaper
Data opportunities mini whitepaperData opportunities mini whitepaper
Data opportunities mini whitepaperRobert Bowstead
 
Government Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 WorldGovernment Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 WorldFranciel
 
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...stevewood900540
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Kwanko
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketinggaurav jain
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfRiley Claire
 
Big data: Bringing competition policy to the digital era – Background note – ...
Big data: Bringing competition policy to the digital era – Background note – ...Big data: Bringing competition policy to the digital era – Background note – ...
Big data: Bringing competition policy to the digital era – Background note – ...OECD Directorate for Financial and Enterprise Affairs
 
ClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanDebra Farber, JD, CISSP, CIPP/US, CIPT, CIPM
 
Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Roger Royse
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 

More Related Content

Similar to TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist for Compliance.pdf

TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCMassociates
 
Time to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisisTime to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisismrleiser
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfAdzappier
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
Data opportunities mini whitepaper
Data opportunities mini whitepaperData opportunities mini whitepaper
Data opportunities mini whitepaperRobert Bowstead
 
Government Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 WorldGovernment Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 WorldFranciel
 
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...stevewood900540
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Kwanko
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketinggaurav jain
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfRiley Claire
 
Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Roger Royse
 

Similar to TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist for Compliance.pdf (20)

TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing Impact
 
Time to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisisTime to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisis
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdf
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
 
Data opportunities mini whitepaper
Data opportunities mini whitepaperData opportunities mini whitepaper
Data opportunities mini whitepaper
 
Government Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 WorldGovernment Policy Needs in a Web 2.0 World
Government Policy Needs in a Web 2.0 World
 
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketing
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdf
 
Big data: Bringing competition policy to the digital era – Background note – ...
Big data: Bringing competition policy to the digital era – Background note – ...Big data: Bringing competition policy to the digital era – Background note – ...
Big data: Bringing competition policy to the digital era – Background note – ...
 
ClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action Plan
 
Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues
 

More from TrustArc

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowTrustArc
 
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc
 
Why Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartWhy Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartTrustArc
 

More from TrustArc (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
TrustArc Webinar - Rise of Information Technology: How Does it Impact Privacy?
 
Why Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartWhy Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To Start
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist for Compliance.pdf

  • 1. © 2023 TrustArc Inc. Proprietary and Confidential Information. Managing Online Tracking Technology Vendors: A Checklist for Compliance
  • 2. 2 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
  • 3. 3 Speakers Taylor A. Bloom Partner BakerHostetler Ryan Ostendorf Product Manager TrustArc Andrew Scott Privacy Counsel TrustArc
  • 4. Agenda • Levelsetting ○ Ad Tech Vendors ○ Tracking Technologies ○ The Scope of Personal Information • Market Forces ○ CA & Other States ○ FTC and MHMD ○ EU • Managing Your Ad Tech • Putting It All Together • Looking Ahead to 2024 • How TrustArc & BakerHostetler can help
  • 5. Levelsetting ● Ad Tech Vendors ● Tracking Technologies ● Personal Information in Scope
  • 6. 6 Ad Tech Vendors December 2022: OCR released controversial bulletin calling out vendors: “Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of PHI to tracking technology vendors.” August 2023: Interactive Advertising Bureau released its State Privacy Law Survey Results. The survey highlighted the concern respondents had with respect to their vendor compliance, implicating tracking technology vendors: ● A consensus that a lack of adequate contract controls are in place ● Challenges remain for businesses to enter into contracts with privacy protective provisions with third parties in Ad Tech ecosystem ● Nearly half of respondents do not feel prepared to comply with the vendor due diligence obligations required under the laws. August 2022: California AG’ Alleged Sephora did not have valid service provider contracts in place.
  • 7. 7 The Definition of Personal Information is Broad CCPA’s Definition: “...information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household… a unique personal identifier, an online identifier, an Internet Protocol Address, an email, other similar identifiers, internet or other electronic network activity information, or geolocation.” CCPA § 1798.140(v). ● Unique Identifiers: Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device that is linked to a consumer or family. CCPA § 1798.140(aj). ● Precise Geolocation: Derived from a device that is used or intended to be used to locate a consumer within a geographic area that is not equal to or less than the area of a circle with a radius of 1,850 feet. CCPA § 1798.140(w). ● Internet or other electronic network activity information (e.g. browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement). CCPA § 1798.140(f).
  • 8. 8 Technologies that Can Collect Personal Information Cookies Pixels SDKs Third Party Libraries Web Beacons Session Replay Tech Others
  • 9. Market Forces California Colorado, Connecticut, Virginia, and Utah Health Sector Litigation EU
  • 10. 10 California’s Enforcement of the Sale/Share What Happened? In August 2022, the California Attorney General’s Enforcement Action--Sephora--, construed the definition of “Sale” when online tracking technologies are involved: “Sale Using Online Tracking Technology means Sale where [1] the business [2] discloses or makes available consumers’ personal information to third parties through the use of online tracking technologies such as [a] pixels, [b] web beacons, [c] software development kits, [d] third party libraries, and [e] cookies, [3] in exchange for monetary or other valuable consideration, including, but not limited to: (a) personal information or other information such as analytics; or (b) free or discounted services.” See Final J. & Permanent Inj., California v. Sephora USA, Inc., No. CGC-22-601380 (S.F. Super. Ct. Aug. 24, 2022). What you need to know Incorporating this new understanding of Sale into your tracking technology vendor management practice is critical. If an organization is engaging in a Sale/Share, this triggers several different enforceable obligations under the law.
  • 11. 11 Assessing Your Ad Tech Vendor 1) Is your organization subject to the CCPA? 2) Does your organization use Online Tracking Technologies? 3) Is your organization disclosing or making available CA consumersʼ personal information to third parties? 4) Is there a monetary or non-monetary benefit exchanged with the third party? a) Monetary Benefit: Direct financial payment (traditional currency) or other financial benefits OR b) Non-Monetary Benefit: a) analytics or b) free or discounted services 5) Are there any exceptions to Sale? 6) Classify your Vendor ● Service Provider or Third Party ● If itʼs a Third Party, you must provide an opt-out
  • 12. 12 Colorado, Connecticut, Virginia, and Utah California Consumer Privacy Act (CCPA) •Right to opt out of Sharing for Cross Context Behavioral Advertising Virginia Consumer Data Protection Act (VCDPA) •Right to opt out of Processing for purposes of Targeted Advertising Colorado Privacy Act (CPA) •Right to opt out of Processing for purposes of Targeted Advertising Connecticut Data Protection Act (CTDPA) •Right to opt out of Processing for purposes of Targeted Advertising Utah Consumer Protection Act (UCPA) •Right to opt out of Processing for purposes of Targeted Advertising
  • 13. 13 Health Privacy: What Happened and What You Need to Know FTC Enforcement Actions: ○ Definition: Enforcement actions in 2023 indicate Sensitive Health Data is no longer limited to Personal Health Information ("PHI") under HIPAA; the updated definition is very broad, including anything that conveys information or enables inferences about a consumer’s health. ○ Disclosure/Collection: The use of tracking technologies in collection or disclosure of sensitive PI may be deemed an unauthorized disclosure (Health Breach Notification Law) or breaches the promises in its privacy policy without affirmative express consent. ○ Enforcement: Companies need to exercise extreme caution when using online tracking technologies. The FTC will continue doing everything in its powers to protect consumers’ health information from potential misuse and exploitation. Washington’s My Health My Data: Obligations on any-sized businesses that “process” broadly defined “consumer health data.” There are dramatically increased compliance burdens related to notice and consent. The Act goes into effect on March 31, 2024 (for large businesses) and June 30, 2024 (for small & medium businesses). A Private Right of Action is provided.
  • 14. 14 Litigation: What is Happening Recent developments indicate an escalating risk from U.S. lawsuits concerning consent, notice, and disclosure practices associated with online tracking technologies. There is an increasing frequency among plaintiffs’ attorneys to employ creative and unconventional legal theories to test the truth around publicly made statements (notice), consent, and disclosure practices related to online tracking technologies. Lawyers continue using non-traditional privacy laws to allege violations because these laws make available powerful remedies, such as punitive, statutory, and treble damages, in the form of a private right of action that isn’t available in comprehensive privacy laws outside a data breach. Legal theories we have seen used ● Wiretapping laws ● Video Privacy Protection Act ● The California Invasion Of Privacy Act ● RICO Conspiracy ● California Penal Code §§ 631 And 632
  • 15. 15 EU/UK What to know. While the definition of personal information does not specifically include tracking technologies in the GDPR/UK GDPR, the scope is broad enough to interpret trackers (i.e., cookies) as personal information. Importantly, ePrivacy Directive (EU) and the PECR (UK) complements the regulations, specifically addressing cookies and similar technologies. “Cookie” enforcement is a priority of the EU’s data protection authorities. The EDPB’s Cookie Banner Taskforce issued a report about in January 2023, focusing on consent, cookie walls, and ther cookie banner compliance guidance. DPAs (e.g., Belgium, France, Spain, and others) are issuing and harmonizing cookie consent guidance documents. What is happening. The EDPB is currently soliciting comments on recently issued guidelines on the scope of personal information and tracking technologies. What to expect. Cookie enforcement will continue tick up. Also, there is a trend to sharing more transparency around information related to cookie purposes.
  • 17. 17 Explaining Differences Between CMP + TMS ● Consent Management Provider (CMP) provides a notice and choice mechanism ● Tag Management System (TMS) provides ability to centrally control execution of third party code which is what allows collection based on trackers on the users browser. Controlling of tags will allow blocking of cookies/trackers and & data collection
  • 18. 18 Explaining Differences Between CMP + TMS Scanning
  • 19. 19 Explaining Differences Between CMP + TMS Discovery
  • 20. 20 Explaining Differences Between CMP + TMS Notice and Consent
  • 21. 21 Explaining Differences Between CMP + TMS Tag Management ● Controlling which code fires based on the users consent choice in the CMP
  • 22. 22 Explaining Differences Between CMP + TMS Alternatives to Tag Management ● Use a tag blocking solution by the CMP. This will attempt to automatically block requests to third party code ● Use API by the CMP to block your own code and only execute if consent choices are opted-in
  • 23. 23 Auditing Conduct Scans of your Website to validate compliance ● Are trackers dropping in GDPR region prior to user opting in? ● Are Trackers dropping if the user has opted out? ● For CCPA if user has opted out to advertising, are advertising trackers still dropping?
  • 24. Putting it all together
  • 25. 25 Onboarding an Ad Tech Vendor Stakeholder submits vendor request assessment Privacy Office / outside counsel conducts due diligence Privacy Office / outside counsel negotiate agreement, including DPA Privacy Office Record findings along the way Configure technology with a Consent Manager Platform and Tag Management Solution Implement the technology on website Ensure notice practices reflect tech on site Run an initial scan to ensure opt-out working Develop a cadence for scanning
  • 27. 27 Looking Ahead to 2024 1. New solutions with Consent Management Platforms may be needed if Google deprecates third party cookies. 2. The EDPB is looking to expand its scope on personal information and tracking technologies. 3. Anticipate more Data Protection Authorities will continue to harmonize cookie enforcement. 4. FTC enforcement will continue. 5. CPPA will focus more on what’s going on “behind the scenes.” 6. My Health My Data Act will to go into effect. 7. Litigation will continue.
  • 28. How TrustArc and BakerHostetler Can Help Manage Your Ad Tech Vendors Taylor A. Bloom tbloom@bakerlaw.com Andrew Scott ascott@trustarc.com Ryan Ostendorf rostendorf@trustarc.com
  • 29. 29 Questions & Answers Please use Zoom Q&A function to ask a question.