IAB joins push for federal privacy legislation as concern over 'patchwork' state laws grows
- Top representatives from the IAB will testify before the U.S. House and Senate over the next two days to push for federal privacy legislation while also warning against the risks associated with what the group describes as a complicated "patchwork" created by state-level laws, according to news from the trade body shared with Marketing Dive.
- CEO Randall Rothenberg will testify before a U.S. Senate Committee today (Feb. 27) about the digital ad trade body's broad support for federal regulations that assure consumer privacy and security. Rothenberg and IAB EVP of Public Policy Dave Grimaldi will also urge Congress to pass legislation that creates federal privacy regulations versus myriad state-by-state bills, which they see as potentially damaging and causing confusion among businesses and consumers. The IAB will petition for deeper collaboration between the government and advertisers, potentially modeled on how stronger automotive safety legislation was passed in the '60s with the help of the car industry.
- The IAB hopes to create a "new paradigm" for privacy regulation in the U.S. that focuses on four principles, including through the introduction of a law with clearer prohibitions around "harmful and unreasonable" data collection and use. The law would distinguish between data practices that threaten consumers and those that don't. It will incentivize compliance programs and universalize compliance by creating a "safe harbor" process.
The IAB joins other major advertising trade bodies, including the ANA, in putting out the call for comprehensive U.S. privacy legislation. Concerns over "patchwork" privacy laws are rising quickly after the passing of the California Consumer Privacy Act of 2018 (CCPA) last year, which has been followed by bill proposals in other states, such as Washington and New Jersey, that aim to offer similar consumer protections when it comes to data, but which will contain potentially vastly different language and specifications.
The CCPA, which goes into effect in 2020, is in some ways a special case since it was initially a ballot initiative and passed in a short time frame of just five days, leaving little room for industry input. Other state-level privacy laws would likely have a longer lead time and amount of feedback from marketers, but the sheer number of laws that could be introduced might create a compliance headache in any case.
Some brand thought leaders have also pushed for a single U.S. privacy law. Apple CEO Tim Cook did so last year as a means of combating what he called a "data industrial complex," in veiled swipes at Google and Facebook. Cook pointed as the EU's General Data Protection Regulation (GDPR) as a model to look to. However, the IAB seems to be pushing back against the framework both the GDPR and the CCPA are built on as it tries to position a federal privacy law around a new data paradigm.
"While well-intentioned, their rigid frameworks impose significant burdens on consumers, such as rampant over-notification leading to consent fatigue in consumers and creating an indifference to important notices regarding their privacy," Rothenberg said of the CCPA and GDPR in a statement. "At the same time, these regimes fail to stop many practices that are truly harmful to consumers. These laws also display a misguided antagonism toward online advertising and fail to recognize the various ways in which digital advertising subsidizes the rich online content and services that consumers want."
The IAB has recently run into some hot water in regards to GDPR after complaints were filed claiming that its Tech Lab's OpenRTB framework violates the law. The IAB has strongly resisted that OpenRTB runs afoul of GDPR.
A federal regulation could help brands and tech companies regain public trust following high-profile scandals like Cambridge Analytica, which are viewed as helping to spark the current regulatory climate and consumer concerns over how personal information is accrued and applied. Seventy-one percent of surveyed consumers worry about how brands collect and use their personal data, according to ExpressVPN research, and 34% don't trust tech companies with digital privacy.