Four Boltive team members – and 5,000 of our closest friends – went to the IAPP’s Global Privacy Summit (GPS) in DC earlier this month. GPS is one of the highlights of my conference year: it’s always a great time to connect with friends, meet new people, and learn from peers and luminaries in the privacy world.
This year, as in years past, we had great sessions featuring regulators from around the world. As I went through my notes, thinking about what I wanted to share with those who couldn’t be there, my mind kept returning to the regulator sessions.
I hear so many misconceptions about regulators and enforcement as I talk to people in my day to day:
These are common – and dangerous – blind spots.
The panels and interviews I attended featured regulators at the US federal and state level (California, Colorado, Connecticut, and Oregon), as well as the UK, Ireland, Germany, Italy, France, Finland (who is also the chair of the European Data Protection Board), and Singapore. Regulations differ, as well as details around legal processes, but a number of common themes – busting these myths, and more – emerged.
In this post – part 1 – I will sum up what I heard regulators tell us they want us to know.
And in my next post – part 2 – I will sum up what I heard them tell us they want us to do.
Regulators aren’t trying to play gotcha. They want to help companies understand our obligations under the law, and are investing a lot of time and effort to tell us what “good” looks like.
The rules published by California and Colorado are there to provide nuanced guidance on the statutes, and if you look at a regulator’s website, you will find a range of FAQs, advisories, and guidelines that are published with the intent to educate and clarify.
For example:
Regulators also want us to ask them questions when we are in doubt. The sense in the sessions’ audiences was that it’s uncomfortable to stick your neck out, but several regulators were very clear that they want to help companies get to “yes,” in a lawful way. Guido Scorza, from the Italian Data Protection Authority (Garante per la protezione dei dati personali), noted that while individual privacy is a fundamental right in Europe, so is the right to do business.
Further, to facilitate the ability for companies to function across jurisdictions, regulators are also devoting resources to harmonization. This is actively happening within the US, among state and federal regulators, who speak and cooperate frequently, as well as within the European Economic Area, where member states meet 350 times per year to collaborate and produce unified guidance documents.
As Michele Lucan, Connecticut’s Deputy Associate Attorney General, put it, “We care about being helpful and transparent.”
There is a widespread misconception that regulators don’t understand digital technology in general, and ad tech in particular. My guess is that this comes from the Congressional hearings we’ve all seen, where Big Tech CEOs sit through a series of questions that increasingly reveal how little some members of Congress understand digital.
What companies need to understand is that the regulators are a very different story.
Take the California Privacy Protection Agency (CPPA) as an example. The Executive Director of CPPA is Ashkan Soltani, a technologist with degrees in cognitive science and information management, and a background as a security architect and researcher in a wide range of private and public organizations. Take a look at his LinkedIn profile, paired with his public comments that the CPPA is actively staffing up with technologists, and decide for yourself what this says about the CPPA’s capacity to handle enforcement in digital environments.
Further, even regulators with a legal or policy background live in the world with us, and realize that there are technologies in the marketplace that they can use to power their investigations.
As John Edwards, the UK Information Commissioner, declared, “Our bots are coming for your bots.”
Another common misunderstanding is around what enforcement actually looks like. Many people look at the big public settlements in the news, and think that’s what enforcement is all about: headlines and fines. And because we don’t see those kinds of big announcements often, there can be a sense that enforcement isn’t happening.
In reality, those large public announcements are only one piece of the puzzle.
Enforcement is actually a range of tools, including inquiry letters and subpoenas, reprimands and cure notices, injunctions and deletion orders, which, if ineffective or if the violation is large enough, escalate to the types of settlements and fines – which typically take years to negotiate – that we see in the news.
Regulators begin enforcement as soon as the law goes into effect. Which companies find themselves on the receiving end of a letter is determined by the regulator’s priorities and own research, as well as media reports and consumer complaints. John Edwards (UK) observed that it’s common, in fact, for a customer service issue or an employer/employee dispute to end up in a privacy regulator’s inbox as a complaint.
Each of those complaints becomes a case that needs to be investigated and closed. The regulators in the sessions I attended all concurred strongly on this: if you get a letter from a regulator, please cooperate. The inquiry may just be seeking information that will help them respond to the consumer and close the case. Regulators have limited resources – they want to get through the small matters as quickly as possible so that they can focus on the bigger harms occurring.
Further, several regulators also specifically noted that if you stonewall an investigation, it will raise suspicion that triggers a deeper look into your company, taking resources from other investigations.
As John Edwards (UK) put it, “If you drag it out, you will see that reflected in the fines.”
To get a sense of what enforcement is happening across the range of tools regulators use, look for the reports that they publish periodically. For example, Connecticut recently published a report covering the first six months of the Connecticut Data Privacy Act. These reports are also a form of guidance in themselves, containing helpful explanations intended to help others understand the regulation and improve their compliance.
As Commissioner Rebecca Slaughter of the Federal Trade Commission remarked on a panel, “We’re not trying to be mean.”
Sometimes, I think it can feel like regulators are out to get us, so to speak, because in digital, we’re used to operating in a pretty freewheeling manner. And as we all adjust to a more regulated business environment, I hear very black and white thinking sometimes – all data collection is bad, all data collection is good.
As with most things, the truth probably lies somewhere in the middle. Data collection enables businesses to offer great products and services. And data collection also has caused real-world harms. Good regulation can help us get to a more balanced point, where businesses can grow and innovate, while consumers can be protected.
Every day, Boltive helps companies work through questions about whether their technology stack is keeping up with both their obligations under the law and their promise to consumers. And with our AI and automation tools, we help them cover more ground when validating compliance across their entire consumer-facing footprint, including their offsite digital ad campaigns. To find out more about how we can help you, as well as get a complimentary scan of your site, please reach out!
Boltive Launches New Product Ad Monitor: Revolutionizing Ad Insights with AI-Powered Discovery Engine
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 2: What Regulators Want Us To Do – The Value of Proactivity
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 1: What Regulators Want Us To Know – Busting Common Myths
Go to Post
Text LinkPrioritizing Children's Privacy: Strategies for Ethical Advertising and the Use of AI
Go to Post
Text LinkBusiness Ninjas Podcast - Secure Protection for Advertisers Against Invasive Media
Go to Post
Text LinkBoltive and Slalom Consulting Join Forces to Bolster Data Privacy: A Powerful Alliance Against Emerging Risks
Go to Post
Text LinkAutomating Threat Detection: How Boltive is Harnessing Artificial Intelligence to Reshape Ad Security
Go to Post
Text LinkForbes Article - The Privacy Prescription: Rules Restricting Health Data Use And How To Employ More Holistic Security Measures
Go to Post
Text LinkOur CEO, Dan Frechtling, featured on Leadership Live podcast with Daphna Horowitz
Go to Post
Text LinkWhy Data Privacy is Being Overhauled in 2023: Dan Frechtling featured on the Security Weekly Productions podcast
Go to Post
Text LinkOur Director of Product, Christine Desrosiers, discusses the current state of Ad Tech with Brand Safety Institute
Go to Post
Text LinkGeekwire wrote about the heartening link that brought our CEO and CFO to Boltive.
Go to Post
Text LinkHow do businesses handle more consumer demand for proactive control over their personal information when regulatory bodies are giving them what they want?
Read MoreWith U.S. privacy laws in flux, Boltive's Privacy Guard simplifies compliance and empowers consumers with control over their data.
Read MoreEmpowering Brands and Publishers with Advanced AI Technology for Real-Time Ad Compliance and Enhanced Security
Read MoreLearn how BuzzFeed expanded their partnership with Boltive to protect consumers on their mobile app.
Read MoreReview the latest ad security data gathered by Boltive's Ad Lightning product.
Read MoreFrom ad security to data privacy, discover all of the major milestones Boltive has achieved over the years.
Read MoreCatch up on Part 2 of Christine Desrosiers’s thoughts from IAPP GPS as she dives into What Regulators Want Us To Do.
Read MoreFollow along as Boltive team member, Christine Desrosiers, shares her notes from the IAPP Global Privacy Risk Summit.
Read MoreIn this blog post, we’ll delve into the world of deceptive non-compliant ads discussing how our Boltive AI Engine is helping combat this problem.
Read MoreDiscover how the Boltive Object Identification Engine revolutionizes the way we manage tags and cookies, making manual searches a thing of the past.
Read MoreBoltive and CG Infinity have partnered to provide a data privacy solution in a time where privacy regulations are beginning to really ramp up.
Read MoreDiscover the secrets behind cookies, pixels, and tags and gain a deeper understanding of these tools and how they affect your data privacy practices.
Read MoreAs children and teens become more exposed to the dangers of social media and online advertising, regulators are stepping in to help protect them.
Read MoreCatch up on the latest updates from the ScamClub Active Threat that the Ad Lightning product has identified.
Read MoreExplore Boltive’s use of artificial intelligence in the world of ad security and the ability to quickly identify and mitigate unwanted content.
Read MoreRead how Sovrn Holdings leveraged Ad Lightning capabilities to defend against offensive ads.
Read MoreWith new state regulations around consumer data collection going into effect in 2024, top companies are taking action to ensure they are staying compliant.
Read MoreAre health websites sharing personal or sensitive data? Read this report from Boltive and Consumer Reports on our findings.
Read MoreDetected and blocked a reoccurring redirect campaign impacting 50 domains.
Read MoreRedirect campaign targeting both mobile and desktop users with fake update messages.
Read MoreRedirect campaign spanning almost 1,500 sites over the past 7-days.
Read MoreFraudsters hosting obfuscated scripts on AWS & Yahoo platforms, attempted to deliver malicious redirects to over 300 different domains.
Read MoreThis malicious campaign has two methods of triggering the redirect.
Read MoreReview the ad security data gathered by Boltive's Ad Lightning product in this month's Risk Report.
Read MoreCatch up on the latest Active Threats that the Ad Lightning product has identified.
Read MoreWith the TCF v2.2 being released in November 2023 and an updated GPP coming in January 2024, are you prepared to be compliant with these new releases.
Read MoreBoltive CEO Dan Frechtling joins Kelsey McDonald on the WriteForMe podcast "Business Ninjas" to discuss data privacy.
Read MoreThe new partnership provides customers with the ability to build privacy programs that stand up to growing scrutiny in data privacy regulations and evolving privacy threats.
Read MoreCatch up on the latest Active Threats that the Ad Lightning product has identified.
Read MoreThe Boltive team is leveraging the use of Artificial Intelligence to enhance the way publishers identify and mitigate threats.
Read MoreThough there are laws in place to protect health data, there are many compliance loopholes when it comes to data sharing.
Read MoreThough there are laws addressing Children's Data Privacy, there is much room for improvement to protect them.
Read MoreAd Security threats come in many forms - are you prepared to identify and address them?
Read MoreWith new regulations recently released and more coming, are your privacy programs and technologies ready?
Read MoreIn this More Than a Refresh episode the panel takes a deep dive into Digital Privacy. Join along as the group further explore data privacy regulations and how to best combat non-compliance.
Read MoreBoltive CEO Dan Frechtling joins Intuizi's Ron Donaire on The Data Deep Dive to discuss Boltive and how it fits into the Privacy world.
Read MoreTechnology Council Member and Boltive CEO, Dan Frechtling dives into the evolution of data privacy.
Read MoreChristine Desrosiers, our Director of Product, shares an insightful and informative whitepaper on the current state of privacy compliance.
Read MoreDan talks about his journey from marketing to data privacy. He is on a mission to protect consumers from invasive media. He shares his personal story about being tracked online and how the hyper targeting he was victim of started him on his journey to Boltive.
Read MoreToday on That Tech Pod, Laura and Kevin speak with CCPA & CPRA Co-author Rich Arney and Boltive CEO Dan Frechtling.
Read MoreGiven the uncertain macroeconomic climate, the outlook for digital ad spending is spotty at best. Over the last year we have seen that large advertisers are pulling back budgets, and it’s looking like that will only continue this year.
Read MoreOur CEO Boltive, Dan Frechtling, has been accepted into Forbes Technology Council, an invitation-only community for world-class CEOs, CIOs, CTOs, and other technology executives
Read MoreDon’t miss this episode of Leadership Live where Dan Frechtling discusses loss, leadership, and data privacy – what every CEO needs to think about.
Read MoreGet the scoop about why Sephora was recently fined, and why data privacy is being overhauled in 2023
Read MoreAssuming CMPs are infallible could be detrimental to your data privacy efforts, resulting in broken relationships with your consumers, damaged business reputations, and hefty fines.
Read MoreOur Director of Product, Christine Desrosiers, discusses the current state of Ad Tech with Brand Safety Institute
Read MoreBoltive featured in Quirk's Media article on how to comply with changing data privacy regulation
Read MoreGeekwire wrote about the heartening link that brought our CEO and CFO to Boltive.
Read MoreBoltive's Privacy Guard was recently featured in Consumer Reports
Read MoreWe recently published our 2021 Q2 Malware Recap, so take a look at what has been plaguing website publishers and users this quarter.
Read MoreSix months ago, we partnered with Setupad and replaced their legacy ad quality solution to improve their coverage against bad ads.
Read MoreCheck out our our 2021 Guide to Blocking Bad Ads and Ensuring Ad Quality – a comprehensive roadmap that platforms and publishers can utilize to successfully navigate the frontlines in the battle of ad quality.
Read MoreCheck out our recap of the state of ad quality in Q1 2021
Read MoreWe're delighted to tell you about the significant uptick Ad Lightning has seen in platform partnerships in recent months.
Read MoreWe place so much importance on NPS, I wanted to take a few minutes to explain what it is and how we use it at Ad Lightning
Read More2020 was historic, and I don’t mean that in a good way. But there’s always a silver lining, even in the most trying of times.
Read MoreFraudsters were still up to no good in Q4, relying on everything from old standards to newer malicious horizons as their assault on publishers, platforms, consumers, and stakeholders continued full throttle.
Read MoreAd Lightning's video QA tool maximizes publisher ROI by identifying issues before ads go live. Fast, easy, and effective. Learn more at Boltive.
Read MoreThis is what Ad Lightning is providing to the ecosystem with our Look at the Digital Advertising Industry in 2021 – a prescient, thoughtful, practical group of insights that publishers and platforms can use to successfully navigate an uncertain future.
Read MoreWe take a moment to revisit a handful of topics discussed in our 2020 State of Ad Quality report, how they played out during the year, and look at what publishers can do to protect themselves from the bad guys.
Read MoreWe're going to show you some of the most common gaps in the ad quality armor we’ve seen in the ecosystem and discuss what you can do to fill them.
Read MoreChanges to CCPA Put Retargeting in the Regulatory Bullseye
Read MoreCheck out a presentation our CEO, Dan Frechtling, gave at the recent IAPP conference.
Read MoreHaving a Consent Management Platform (CMP) does not let you off the hook if your partners accidently (or intentionally) expose your customers’ data. You need to ensure information sharing consent is given in 4 key areas or you risk brand and profit damage.
Read MoreOnline ads can violate privacy in a number of ways, learn more about how user data may be at risk
Read MoreUnderstand the ad ecosystem and how Privacy Guard's technology provides tailored solutions to detect and resolve privacy issues.
Read MoreLearn more about how Boltive's new tool Privacy Guard delivers key insights you need to keep your consumer data -- and your brand reputation -- safe.
Read MoreGet an overview of the online ad ecosystem, and how Boltive's new tool Privacy Guard can help keep your consumer data -- and your brand reputation -- safe.
Read More63 of F100 Companies Don’t Meet CCPA Standards, 33 Use Methods That Often Fail
Read MoreDid you know 15-30% of consent opt-outs designed to protect personal data routinely fail?
Read MoreAn interview with Rick Arney, board member of Californians for Consumer Privacy (CCP), and co-author of CCPA and CPRA
Read MoreAn interview with Rick Arney, board member of Californians for Consumer Privacy (CCP), and co-author of CCPA and CPRA
Read MoreThe ad ecosystem is like the wild west. Legitimate advertisers and publishers are leaving themselves and their partners exposed to consequences due to non-compliance.
Read MoreThe perception and tolerance of digital advertising is changing.
Read MoreOur forecast of what's to come in 2022
Read MoreWhile 2023 may seem like a long way off, it will come around quicker than you think. It is never too early to prepare - particularly when it comes to updating your data privacy processes to remain compliant.
Read MoreThere has been a lot going on in the world of ad privacy. Here’s what you may have missed this quarter.
Read MoreAs a member of the Coalition of Better Ads, Google has long been an advocate for blocking ads that hamper the user experience. But they took in one step further in fall 2020.
Read MoreCurrent technologies and methods used today routinely interfere with Consumer Rights to Opt-Out. As important as it is to address dark patterns, it’s just as important to address dark signals.
Read MoreOur Privacy Guard solution proves to be a success by identifying critical problems for Fortune 500 brands.
Read More3 To-Dos to Ensure Compliance & Stop Ad Privacy Violations
Read MoreSeveral key takeaways from presentations related to California regulations.
Read MoreWednesday, August 24 marked the end of the quiet period for enforcement of the California Consumer Privacy Act (CCPA).
Read MoreAdvertisers and brands are liable for any unauthorized data sharing in their digital advertising campaigns. Comply with regulations and protect your reputation.
Read MoreThe digital advertising ecosystem is large and complex. And it’s expanding.
Read MoreStay ahead of the game with our article on 5 Ad Security Malware Trends for 2022 and Beyond. Protect your business from evolving threats. Read now on Boltive.
Read MoreWe recently published our 2022 Q1 Ad Quality Report, so take a look at the key trends we’ve identified and how publisher’s are fighting back.
Read MoreWe're fresh out of content!
All the news that's fit to print.
