By Ronan Shields • February 2, 2024 • 3 min read •
Ivy Liu
Earlier this week, the IAB hosted its annual leadership meeting where the concept of privacy underscored almost every conversation, even those where participants tried to spin a rosy future induced by generative AI.
At the core of such conversations was how the lack of a U.S. federal privacy law significantly contributed to the industry’s hardship.
Executives at the trade org pointed out how the current fragmented state of privacy legislation – currently, there are 13 states with updated privacy laws, with the IAB estimating this will double throughout 2024 – is one of the sternest logistical challenges facing the sector.
The scale of the challenge becomes apparent when examining some of the requirements under the California Privacy Rights Act, an approach that legislators are emulating in many other U.S. states. This statute places responsibility on parties in the advertising ecosystem to ensure compliance among their supply chain partners.
Given that major advertisers can partner with thousands of vendors in their ad tech supply chain, this scale of such requirements appears daunting.
Hence, the IAB used its flagship ALM to unfurl its “Diligence Platform,” an initiative that aims to standardize how publishers and advertisers vet their ad tech supply chain via a partnership with SafeGuard Privacy.
The platform helps IAB members attempting to audit their ad tech supply chain to standardize their approach with a set of industry vertical business questions pertaining to compliance with the myriad U.S. state law requirements.
In a blog post announcing the partnership, IAB general counsel and evp, Michael Hahn, stated, “Historically, privacy diligence has relied on two things. First, you obtained a representation and warranty in the contract that the business partner would comply with applicable law and then indemnity if it failed to do so. Second, you typically sent out a generic questionnaire. This approach will no longer do.”
SafeGuard Privacy CEO Richy Glassberg told Digiday the approach would combine his outfit’s independent state law assessment and automated vendor-compliance software with the IAB’s industry vertical questionnaires.
“So if you’re a major advertiser, you would use this platform to do an assessment on your agencies, your ad tech providers, publishers, data providers… anybody that touches digital ad ecosystem,” explained Glassberg. “What’s scary for a lot of advertisers is that they often don’t have direct relationships with them [ad tech providers], yet the law requires you to do your due diligence on them.”
Speaking separately, Arielle Garcia, founder of ASG Solutions and former chief privacy officer at UM, welcomed the introduction of the Diligence Platform but warned those in the sector to adopt a more rigorous approach.
She added, “Prudent advertisers and agencies should recognize that it is easy to tick a box on ‘consent’ or ‘affirming there’s no processing of SPI’ [sensitive personal information] as defined by this or that state law without providing real insight into one’s data practices, and perform supplemental due diligence as required.”
After all, the degree of rigor recommended by the IAB can be influenced by its major shareholders, such as Big Tech, whose company valuations often rely on data-driven advertising.
https://digiday.com/?p=533810