Parsing the Data Privacy Law Landscape: What Updates Mean for Advertisers and Consumers

The data privacy law landscape evolves constantly, which leaves us with two big questions: What does this mean for advertisers? And more importantly, how does it impact consumers?

Currently, five U.S. states have comprehensive privacy laws on deck: California, Colorado, Connecticut, Utah, and Virginia, all of which will officially go into effect in 2023. Collectively, these five states are home to more than 61 million people.

Representing just 18% of the total U.S. population, that number may sound like a drop in the bucket. However, privacy law is currently under consideration in five more states with a combined population of more than 50 million. California, Colorado, Connecticut, Utah, and Virginia are just the beginning.

Reviewing the Current Data Privacy Law Landscape

Privacy laws typically focus on the regulation, storage, and usage of people’s data, ranging from device identifiers to more sensitive data like health or financial information. Although laws protecting the most sensitive data have existed for some time, the General Data Protection Regulation (GDPR) — the world’s most sweeping, comprehensive privacy legislation — set the precedent for granting people control over their most basic data, including data companies collect online. Most notably, the GDPR provides consumers with the right to access, delete, edit their consumer data in a company’s possession.

Just one month after the GDPR went into effect, the California Consumer Protection Act (CCPA) was signed into law. Modeled in part after the GDPR, the CCPA gives consumers the right to know what personal information a business collects about them, the option to have that information deleted, and the ability to opt-out of having that information sold.

The newer California Privacy Rights Act (CPRA) functions similarly as the Virginia Consumer Data Protection Act (VCDPA),  the Colorado Privacy Act (CPA), the Utah Consumer Privacy Act, and Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring. They also add more rights like the right to opt-out of a company’s use of a consumer’s sensitive data.

Each state’s privacy law is designed to improve transparency around how consumer data is used by companies and allow consumers to make informed decisions around how their data is used and shared by and between companies. Further, principles like “data minimization” and “purpose minimization” ensure that companies are mindfully using data, collecting it for a specific purpose.

While the GDPR led the wave of new and updated privacy laws across the globe, the GDPR and current U.S. privacy laws have some distinct differences. For example, the GDPR heavily emphasizes the requirement of capturing consent before using consumer data. In the U.S., privacy law tends to focus more on easy, accessible opt-out rather than just consent. In other words, U.S. standards focus on giving consumers the ability to stop unwanted use of their data rather than putting all of the information in front of the consumer — an approach that has led to a phenomenon dubbed by some as “consent spam” in the European Union.

What DeepIntent Has Already Implemented

European guidelines tend to be more stringent than privacy law stateside. Because the pharmaceutical industry is so heavily regulated, at DeepIntent, our privacy compliance standards have been modeled closely after GDPR requirements. These provide a strong foundation for compliance with the CPRA, VCDPA, and CPA as well.

Staying ahead of the curve, we’re able to give advertisers and publishers confidence in DeepIntent and our platform. Here’s what we’ve already implemented so far:

  • Transparency. We maintain a comprehensive policy and contractually require publishers and other downstream partners to do the same. We also include an AdChoices Icon, which takes users to our opt-out page, above each creative.
  • Access and deletion. We share or delete personal information belonging to users with such users who submit access or deletion requests.
  • Opt-out. Our opt-out page enables consumers to stop seeing any personalized advertising from DeepIntent’s network. We do still serve contextual ads, which target based on page content rather than by user.
  • Consent framework. The Interactive Advertising Bureau’s (IAB) CCPA Compliance Framework allows users to submit opt-out signals to us. We have implemented this, allowing us to communicate opt-out signals received from publishers to partners and advertisers that are part of the framework as well.
  • Internal assessments. Our compliance team has evaluated major data processing activities within the DeepIntent platform to determine the best privacy practices to preserve user privacy. The team also regularly conducts internal assessments to measure privacy risks and determine whether we can improve upon methods to compliance.
  • Security incident policy. We have documented protocols for how to handle data breaches and reassess our standards regularly. This ensures we’re covering practices proportionate to the type of standards available for each type of breach that might occur.

How Advertisers Can Leverage Data Privacy Law to Benefit Their Business

With 10 months to go, advertisers should be dedicating time and resources toward re-evaluating their privacy compliance framework. Particularly for those working for healthcare and life sciences companies, dealing with sensitive health data means it’s important to prepare early.

That means updating privacy policies, revisiting contracts, and ensuring databases are optimized for traceability, accessibility, and modification of data. For example, if a user submits a deletion request, does your business have the ability to trace the partners with whom you may have shared such data? Can you easily find all data tied to a user to delete the data without costing a fortune in engineering resources? Of that data, do you know which data is considered “sensitive” under new privacy laws?

While every privacy law is ultimately intended to benefit consumers, companies can also leverage these compliance frameworks to improve business efficiency and stand out. Actively assessing and improving the way your business stores and uses data can reduce duplicate datasets, make datasets more accessible, and allow your teams to consider better ways to store, share, or use data.

The process of assessing data and organizing it translates to educating your team on where data sits and how it is used within your business. This can result in lower data storage costs, innovation in data use, and improved efficiency for teams that regularly need to engage with data and user requests.

How Prioritizing Privacy Helps Patients

At DeepIntent, we’ve also found that balancing privacy considerations with determining the best ways to use and process data can result in improved outcomes for our clients (and consumers). Take our patented Patient Modeled Audiences process, which uses data science to allow us to determine the correlation between demographics and de-identified data related to diseases to create campaign-specific modeled audiences. These custom-built audiences allow clients to target those with a higher likelihood of relevance when compared with targeting patients across the U.S. population while preserving user privacy.

The machine learning algorithms that support the Patient Modeling Audiences process rely on differential privacy. Founded on cybersecurity principles of preserving privacy, this technology preserves and improves privacy, and still enhances the algorithms’ ability to recognize the correlations that determine patient relevance for campaigns. This means healthcare advertisers can benefit from DeepIntent’s strong privacy practices while also improving their reach.

When advertisers improve their reach of patients, patients can also experience better health outcomes. Last year, we found that personalized advertising has the potential to have a huge impact on their health and wellness. More than half the patients we surveyed said pharmaceutical ads are more memorable when they’re relevant to their medical needs and conditions. Conducting an earlier survey, we also found that patients are more likely to take treatment recommendations for something they recognize from advertising.

Searching for relevant medical information can be like finding a needle in a haystack. The good news is that DeepIntent can be your partner in helping to deliver positive, potentially life-changing, messaging to consumers who may really need it, all while keeping their privacy front of mind.

To learn more about how DeepIntent prioritizes privacy law, click here.

More Insights

Amit Chaturvedi
Blog Post
Orchestrating Client and Company Success at DeepIntent
If you think about an orchestra, there are string instruments, wind instruments, percussionists, vocalists, and so on. Like most teams, the orchestra is comprised of...
Read More
Blog Post
Living in the Cookieless Present: Q+A with ID5 Chief Strategy Officer Joanna Burton
With Google on track to deprecate third-party cookies in Chrome in 2024, marketers are getting ready for the cookieless future. But as Joanna Burton —...
Read More
DeepIntent and Matterkind case study: Measuring pharma ad campaigns, proving CTV superiority
Blog Post
How DeepIntent and Matterkind Proved CTV’s Superiority for Measuring Pharma ad Campaigns, Delivering 2X Higher NBRx
The pharmaceutical industry has long favored broadcast television. In fact, linear TV accounted for more than 70% of last year’s ad spend. That’s because linear...
Read More
Back to Top