Our own Julie Rubash has been featured in this article from AdExchanger's Allison Schiff, discussing the significance of understanding UOOMs for publishers.
www.adexchanger.com/data-privacy...
We'd like to hear your thoughts: How are you approaching universal opt-outs?
#PrivacySky
Allstate is facing lawsuits from the Texas Attorney General and Illinois drivers for sharing sensitive location data without consent through driving apps. In a related move, the FTC has targeted companies like General Motors for selling location data w/o consent.
sourcepoint.com/blog/unautho...
Privacy laws in four more U.S. states went into effect last week, and five more states now require respect of Universal Opt-Out Mechanisms (#UOOMs). Read more: sourcepoint.com/blog/four-ad...
#privacysky #privacy #GPC
I write about why privacy compliance maybe just needs to be rebranded for the marketing rank-and-file over on the @sourcepoint-tech.bsky.social blog: sourcepoint.com/blog/what-iv...
#privacysky
Illustration of a patchwork quilt showing the outlines of different US states in each square, with Oregon prominently featured at the center
Oregon is kicking off a public awareness campaign about their privacy law, releasing new survey data showing that 80% of residents prioritize privacy.
Notably, Oregon consumers have the right to request a list of third parties who have been sold their data.
#PrivacySky
New from the FTC: settlements targeting data brokers Mobilewalla and Gravy Analytics over mishandling of sensitive location data.
Meanwhile, publishers Politico, Gannett, and Nexstar face class action lawsuits for allegedly using web trackers w/o consent.
bit.ly/49qPla3
#PrivacySky
More out of California this week: the CPPA has initiated formal rulemaking for significant new privacy regulations and a California court ruling on a VPPA case has reinforced the importance of maintaining robust consent documentation.
Read this week's newsletter: bit.ly/3Zmqkt9
#privacysky
The latest EDPB guidance about the controller-processor-subprocessor relationship as well as emerging AI and Data Act considerations are reshaping contract requirements and supplier dynamics.
Join us for a webinar w/ the TaylorWessing team
Register 👉 hs.sourcepoint.com/digital-supp...
#privacy
At 'The U.S. Privacy Patchwork: Practical Considerations for GDPR Companies', where the map (below) was shared showing the now 19 comprehensive US state privacy laws #DPC24
Also “informed” - but not necessarily “meaningful”
California plaintiffs’ attorney panelist: Pop-up notices saying "we share your info" might not cut it anymore. CA requires privacy waivers to be knowing & intentional.
#IABStatePrivacy
Key takeaway from #IABStatePrivacySummit: CIPA litigation claims are moving away from session replay toward pixel tracking & data sharing. Plaintiffs are watching your TikTok pixels closer than your heatmaps.
Marina Pappa from
@sourcepoint-tech.bsky.social
talking about the risks associated with Chatbots, Session Replay and Pixel Tracking at
#IAB State Privacy Law Summit.
Interesting insight from #IAB panel: State privacy laws may differ, but AG offices actively collaborate to align enforcement approaches where possible.
#StatePrivacy
Key vendor management lesson from CT: You can delegate responsibilities, but with sensitive data comes the duty to verify protection measures. Monitor your vendors!
#StatePrivacy
CT and NJ's privacy regulators discuss enforcement priorities: Data minimization, partner accountability, and making sure consent for sensitive data is specific - no more blanket terms. #StatePrivacy
NJ's privacy team continues to grow. From 2 attorneys general 4 years ago to 10, with 2 more on the way. Garden State taking data protection seriously. #PrivacyMatters #NJLaw #IAB
2/ NY AG's stance is clear: "Do what you say, say what you do." Generic privacy policy templates from software providers can make you a target. Customize your policies to match actual practices.
1/ Avoid absolute statements in privacy policies. A major company claimed phone numbers were "only for security" but used them differently. Follow industry trends and stick to what you actually do.
State #UDAP laws matter for privacy compliance across all 50 states. Recent litigation targets deceptive privacy disclosures. Companies need proactive mitigation strategies to avoid violations: 🧵
Managing vendor contracts is challenging. #IAB aworking on standardization through #MSPA. Meanwhile, map your data flows and understand downstream pixel implications.
#PrivacyOps #DataManagement
Cross-context behavioral advertising needs careful third-party tracking disclosure. Get ahead by reaching out to vendors now about listing them as third parties. Some may push back - plan accordingly. #AdTech #StatePrivacy
Different states = different requirements. #HomeDepot initially aimed for uniform rights across states but had to adapt some state-specific approaches. One size doesn't fit all in privacy compliance.
Oregon's privacy law requires specific third-party disclosure lists, not just categories. 45 days to respond to access requests. Consider blackout periods (like holidays) in your compliance planning.
Third-party vendor management is complex but critical. Tools like Sourcepoint can help track pixels and tags, but you need people and processes too. Automated scans alone aren't enough - vendors change frequently!
"Start before you need to." Disclosures of third parties are required now by Oregon, and more laws are coming (MN - July 2025, RI - Jan 2026). Don't wait for investigation letters. Begin your work now, especially for third-party tracking disclosure requirements.
#StatePrivacy #IAB
On navigating multi-state privacy disclosures:
👋 It’s all blue ocean (sky?) here, Jonathan. #CCPA #GDPR #StatePrivacy and #IAB!
If a regulator comes to you about your app, you need to make sure you have a CMP and some form of data mapping in place.
“Apps are a black box. The identifiers differ from SDK. You know what’s going in, but you don’t know what’s going out.”
— @chipblock.bsky.social