PRIVACY, PLEASE

FTC and Sensitive Location Data; New Pen Register Class Actions

Date posted – 09/12/2024

FTC takes action against the sale of sensitive data and three major publishers hit with pen register class actions.

California CPPA Issues Notice of Proposed Rulemaking

Date posted – 25/11/2024

News out of California this week. The CPPA moved draft regulations to rulemaking. Meanwhile a CA judge has moved a VPPA case to arbitration based on terms of use.

Mitigating risk under the Video Privacy Protection Act (VPPA)

Date posted – 23/11/2024

Because VPPA is just one of many tools being used in the crackdown against web tracking, adopting a long-term, strategic approach to privacy is the best way to future-proof your organization against microtrends in litigation, enforcement, or new privacy…

CPPA Settles With Unregistered Data Brokers

Date posted – 18/11/2024

Following an investigative sweep of unregistered data brokers, the California Privacy Protection Agency (CPPA) announced its settlement with two data brokers. Plus, the Norway Parliament adopted a new Electronic Communications Act.

Paramount Hit With VPPA Class Action

Date posted – 05/11/2024

A class action complaint was filed in NY alleging that Paramount Global violated the Video Privacy Protection Act (VPPA). CCPA announces enforcement sweep of unregistered data brokers.

Noyb Complaint Alleges Pinterest Personalized Advertising Violates GDPR

Date posted – 28/10/2024

Noyb Complaint Alleges Pinterest Personalized Advertising Violates GDPR

Three notable developments in privacy class actions

Date posted – 21/10/2024

Three notable developments in privacy class actions occurred in the last week, Kochava, NBA and Betterhelp

New Privacy Requirements Took Effect October 1 In Three States

Date posted – 07/10/2024

New Privacy Requirements Took Effect In Montana, Maryland & Connecticut, plus CJEU Interprets GDPR in Favor of Schrems in Case Against Meta

[WEBINAR] Consent is not enough: Protecting against new U.S. privacy litigation risks

Date posted – 02/10/2024

Join Sourcepoint and privacy litigation expert Matthew Pearson, Partner at BakerHostetler, for an essential webinar on mitigating risks in the evolving U.S. privacy landscape.

How Haymarket Uses Sourcepoint to Manage Vendor Compliance

Date posted – 01/10/2024

Haymarket sought to elevate their level of compliance by identifying and removing unreputable adtech partners.

CPPA Publishes Proposed Deletion Mechanism / Draft Regulations

Date posted – 30/09/2024

CPPA Publishes Proposed Deletion Mechanism Draft Regulations

The key tips when choosing a CTV Consent Management Platform

Date posted – 24/09/2024

This blog guides you through the top tips to ensure you choose an effective and compliant CTV consent management platform (CMP).

FTC Report Offers Recommendations to Social Media and Video Streaming Services

Date posted – 23/09/2024

FTC Report Offers Recommendations to Social Media and Video Streaming Services

Appeals Court Concludes that Facebook Failed to Obtain PIPEDA Consent

Date posted – 16/09/2024

Appeals Court Concludes that Facebook Failed to Obtain PIPEDA Consent

Sourcepoint Enhances Privacy Compliance Solutions to Address Complex Digital Tracking Litigation Risks

Date posted –

Integrated technology and services help companies mitigate vulnerabilities across various privacy regulations and implementation challenges NEW YORK, September 16, 2024 — Sourcepoint, a leader in data privacy compliance technology, today announced significant enhancements to its compliance monitoring suite. These…

What is Global Privacy Control? Frequently Asked Questions

Date posted – 12/09/2024

How does Global Privacy Control work? How is it different from Do Not Track? It is applicable in Colorado? Check out our FAQ about GPC.

[WEBINAR] Navigating OOPS, Consent and Global Privacy Controls

Date posted –

Join Sourcepoint and Red Clover Advisors for an essential on-demand webinar on navigating the complex landscape of U.S. sensitive data privacy laws.

California Enforcement Advisory Outlines Consent Dos and Don’ts

Date posted – 09/09/2024

CA Enforcement Advisory Outlines Consent Dos and Don’ts, plus Irish DPC Withdraws Action Against X

Sourcepoint Expands CTV Consent Management Capabilities with HbbTV Support

Date posted – 04/09/2024

Sourcepoint, the privacy software platform for the world’s most influential brands, today announced the addition of HbbTV (Hybrid Broadcast Broadband TV) support to its Connected TV (CTV) Consent Management Platform (CMP) offerings. This expansion further solidifies Sourcepoint’s position as…

California Passes Two Laws Expanding Opt-Out Signals

Date posted – 03/09/2024

California Passes Two Laws Expanding Opt-Out Signals, plus California Age Appropriate Design Code Enforcement Stayed Until March

Chrome Data Collection Class Action Revived on Appeal

Date posted – 26/08/2024

Chrome Data Collection Class Action Revived on Appeal. plus California Bill Mandating Browser Support of Opt-out Signals Is Amended

Five key considerations when choosing a consent management platform (CMP)

Date posted – 23/08/2024

As privacy regulations proliferate, companies face mounting challenges in compliance and UX. A robust CMP has become the key to staying on the right side of both regulators and consumers. Here are five factors to consider.

[WEBINAR] Consent and CTV: Google’s New Rules

Date posted – 22/08/2024

Join Sourcepoint and Red Clover Advisors for an essential on-demand webinar on navigating the complex landscape of U.S. sensitive data privacy laws.

California Age Appropriate Design Code Injunction Vacated in Primary Part

Date posted – 19/08/2024

California Age Appropriate Design Code Injunction Vacated in Primary Part, plus NOYB Takes Action Against X For Use of AI Training Data Without Consent

Sourcepoint Unveils Groundbreaking Universal Consent and Preferences Solution Amidst Evolving Digital Privacy Landscape

Date posted – 14/08/2024

Today Sourcepoint announced the launch of its Universal Consent and Preferences solution. This innovative platform integrates seamlessly with Sourcepoint’s industry-leading consent management platform (CMP) to help enterprises navigate the complex landscape of data privacy regulations while maximizing the value…

California Bill Mandating Browser Opt-Out Support May Pass This Week

Date posted – 12/08/2024

California Bill Mandating Browser Opt-Out Support May Pass This Week, plus X agrees to suspend processing of AI Training Data

NY AG Launches Website Privacy Guides

Date posted – 05/08/2024

NY Attorney General Launches Website Privacy Guides, plus U.S. Senate Passes Kids Online Safety and Privacy Act

[WEBINAR] Navigating the Maze: U.S. Sensitive Data Privacy Laws and Compliance Strategies

Date posted – 31/07/2024

Join Sourcepoint and Red Clover Advisors for an essential on-demand webinar on navigating the complex landscape of U.S. sensitive data privacy laws.

FTC Says Hashed Email Addresses Are Not Anonymous

Date posted – 29/07/2024

FTC says hashed email addresses are not anonymous, plus CPC Network takes action against Meta ‘pay or consent’ model

Introducing our guide to sensitive data and U.S. privacy laws

Date posted – 25/07/2024

One of the most significant developments in privacy law is the growing recognition that sensitive information can be derived from seemingly innocuous data. Our guide explores how different states are tackling this challenge, for example, Washington and Nevada.

FTC Files Second AMENDED Complaint Against Kochava and Collective Data Solutions

Date posted – 22/07/2024

FTC Files Complaint Against Kochava and Collective Data Solutions

Lawsuit Over Patient Portal Trackers Overcomes Motion to Dismiss

Date posted – 15/07/2024

Lawsuit Over Patient Portal Trackers Overcomes Dismissal in California and noyb files GDPR complaint against Microsoft Xandr subsidiary

Unlimited Data Export for Easier Privacy Audits and CMP Disclosures

Date posted – 12/07/2024

Keeping track of all your tracking technology partners to ensure compliance with privacy regulations can be challenging and time-consuming. That’s why we’re excited to introduce a powerful new feature in your Diagnose Compliance Monitoring dashboard: Report Requests. 

Comprehensive Privacy Laws Take Effect in Texas and Oregon

Date posted – 09/07/2024

Now in effect: privacy laws in Texas, Oregon, and Colorado’s GPC requirements. Meanwhile, Oslo court upholds a €5.65M fine against Grindr for GDPR violations involving sensitive data sharing.

[WEBINAR] Is Your Data Strategy ready For the Post-3P-Cookie Reality?

Date posted –

Join Sourcepoint and ThinkMedium for a webinar on navigating increased privacy scrutiny and fragmented regulations in digital advertising. Learn to adapt to Apple’s device-based ID opt-in, Google’s Privacy Sandbox, and other key changes. Gain insights to future-proof your marketing…

Comparing U.S. state privacy laws: personal sensitive data definitions and processing

Date posted – 01/07/2024

How do different U.S. state laws define and protect sensitive personal information? Access a state-by-state comparison of sensitive data definitions.

US Privacy Deadlines You Need to Know

Date posted –

An always up-to-date reference sheet for US state privacy law deadlines. Know when California, Virginia, Colorado, Utah, Connecticut, Tennessee, Indiana, Iowa, Maryland and New Jersey laws go into effect.

The Always-Up-To-Date US State Privacy Law Comparison Chart

Date posted –

Bookmark this post for an always-up-to-date overview of US state privacy laws, and how they compare. 

FTC Finalizes Order With Avast Over Data Collection Without Consent

Date posted –

FTC finalizes order about collection of browsing data without consent, plus Rhode Island enacts privacy law and Sweden cracks down on bank for misconfiguration of Meta pixel.

California AG Settles with Tilting Point Over Children’s Data Collection

Date posted – 24/06/2024

The California AG settled with Tilting Point on allegations they violated CCPA and COPPA by collecting and sharing children’s data for targeted advertising

Vermont Data Privacy Bill Is Vetoed

Date posted – 17/06/2024

Vermont Governor announced his veto of a bill that contained both a data privacy law and an age-appropriate design code

You Are Who You Work With: Cookie Consent and Data Privacy

Date posted – 11/06/2024

Who you work with for consent management and data privacy matters. Cookies, pixels and 3rd-party trackers on your website can pose a threat

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

Date posted – 10/06/2024

Texas Attorney General announced a data privacy and security initiative establishing a team focused on aggressive enforcement of Texas privacy laws.

What are the privacy laws in Canada?

Date posted – 06/06/2024

Everything you need to know about PIPEDA and Quebec’s privacy law, Law 25, and the proposed amendments to PIPEDA.

Alerts: Easy Vendor Governance for CMP Compliance Management

Date posted – 05/06/2024

Keeping track of vendor activities and compliance risks can be challenging, especially on cross-functional teams. That’s why we’re excited to introduce a new feature in your Diagnose dashboard, Alerts. Available now, Alerts are designed to make your CMP compliance…

Minnesota Governor Signs Comprehensive Privacy Law

Date posted – 03/06/2024

Minnesota Consumer Data Privacy Act signed by the Governor, making it the 19th state to enact a privacy law, it takes effect July 31, 2025. Plus, CPPA Seeks Stakeholder Input in Developing Data Broker Regulations

[WEBINAR] Live Demo: Navigating Canada Privacy & Consent

Date posted –

View this Sourcepoint on-demand webinar about consent in Canada for marketing, privacy and legal teams, and a demo of our compliance monitoring solution Diagnose

How PinkNews migrated to Sourcepoint to streamline their consent management strategy

Date posted – 30/05/2024

PinkNews needed to migrate to a new CMP provider with implementation support, customization capabilities, and web and app support.

Revised Version of APRA Advances Out of U.S. House Subcommittee

Date posted – 28/05/2024

New Version of the American Privacy Rights Act of 2024 was published and then passed out of the Innovation, Data and Commerce Subcommittee

Exciting New Diagnose Features: New Filters and More Vendor Details

Date posted – 21/05/2024

New features to help you with vendor governance, including improved customization, greater visibility, and better consent compliance support.

Minnesota Sends Comprehensive Privacy Law to Governor

Date posted – 20/05/2024

Minnesota Sends Privacy Law to Governor. One day before the end of the 2024 legislative session, the legislature passed HF 4757, containing the Consumer Data Privacy Act.

[WEBINAR] Live Demo: Website Third-Party Monitoring

Date posted – 03/05/2024

Join Sourcepoint for an open demo of our compliance monitoring solution, DIAGNOSE, and learn how to address third-party risks lurking on your digital properties.

[WEBINAR] Norway Privacy Workshop

Date posted –

Hear from Sourcepoint and Aller Media in this on-demand webinar for insights and benchmarks to navigate the privacy landscape in Norway

Sourcepoint Expands European Footprint and CTV Offerings Through Strategic Acquisition of Sibbo CMP

Date posted – 25/04/2024

Sourcepoint has announced the expansion of its European operation by acquiring the consent management platform business of Sibbo MADRID, 23 April 2024 — (BUSINESS WIRE) — Sourcepoint, the practical privacy software platform for the world’s most influential brands, has…

Nebraska Becomes 16th State to Enact Comprehensive Privacy Law

Date posted – 22/04/2024

The Nebraska Data Privacy Act will take effect January 1, 2025, the same day as the privacy laws in Iowa, Delaware and New Hampshire.

Bicameral, bipartisan discussion draft of federal privacy bill announced

Date posted – 15/04/2024

If passed, the American Privacy Rights Act, a comprehensive privacy bill, would preempt most U.S. state comprehensive privacy laws.

CPPA issues an enforcement advisory on data minimization

Date posted – 09/04/2024

Their first “enforcement advisory”, reminds companies of their data minimization obligations, specifically in the context of CCPA requests.

Kentucky sends comprehensive privacy bill to governor

Date posted – 01/04/2024

Kentucky’s privacy bill mirrors Virginia’s, is set for 2026. excluding universal opt-outs, is set for 2026.

HHS clarifies application of HIPAA to online tracking technologies

Date posted – 26/03/2024

New guidance from HHS suggests that under some conditions, using tracking technologies is okay for HIPAA-covered groups. Yet, it underlines the need to carefully check and manage the risks of these technologies on websites and mobile apps.

Sourcepoint Partners with Freestar to Provide Access to Portfolio of Leading Privacy Solutions

Date posted – 25/03/2024

Sourcepoint partners with Freestar to offer top privacy solutions, helping clients navigate global regulations for better consent management.

[WEBINAR] The Evolution of “Consent or Pay”: Legal Insights and Best Practices

Date posted – 14/03/2024

Explore the intricate landscape of Consent or Pay models across Europe and the potential learnings that could be applied for consent in the US, in this concise webinar hosted by Goodwin-Procter LLP and Sourcepoint.

FTC says “Browsing and location data are sensitive. Full stop.”

Date posted – 11/03/2024

The Federal Trade Commission posted on its blog a summary of takeaways from its recent proposed settlements with Avast, X-Mode and InMarket. Gaining attention is a bolded statement in the middle of the post: “Browsing and location data are sensitive. Full stop”. 

CPPA hails bill mandating browser support of opt-out signals

Date posted – 04/03/2024

Mandatory adoption across all browsers and devices may lead to a significant uptick in consumers opting out of the sale and sharing of their personal information across all apps and websites, which could lead more websites and apps to…

Doordash to pay $375K in AG settlement over CCPA violations

Date posted – 26/02/2024

California Attorney General Bonta announced a settlement with Doordash based on allegations the company sold customer personal information as part of a marketing cooperative (allowing participants to advertise to each others’ customers) without providing notice or an opportunity for customers to opt…

FTC warns that quietly changing privacy policies could be deceptive

Date posted – 19/02/2024

A blog post from the FTC reminded companies that simply changing the terms of a privacy policy to allow for expanded use of personal data, including to train AI models or to share with third parties, may be unfair or deceptive…

[WEBINAR] Google Consent Mode v2

Date posted – 16/02/2024

Starting March 6, Google Consent Mode v2 will be mandatory for users of Google advertising and analytics products.

CPPA gets green light to enforce regulations immediately

Date posted – 13/02/2024

A California appellate judge ruled that a trial court erred in prohibiting the California Privacy Protection Agency (CPPA) from enforcing regulations under the California Privacy Rights Act of 2020 until one year after the regulation becomes final.

ICO warns that cookie banner enforcement will continue

Date posted – 05/02/2024

After sending warning letters to some of the UK’s top websites in late November, giving them 30 days to bring their cookie banners into compliance, the ICO posted an update on the status of those efforts, including a warning that they…

DPAs seek EDPB position on ‘Consent or Pay’ model

Date posted – 29/01/2024

The Norway, Netherlands and Hamburg data protection authorities have requested that the European Data Protection Board (EDPB) issue a formal statement clarifying under which circumstances a service may legally offer a subscription model that allows users to consent to certain uses…

How heise medien Delivered Flexible ‘Consent or Pay’

Date posted – 23/01/2024

With tightening regulations and stricter requirements from local DPAs, publishers across Europe have been pushed to consider innovative ways to maintain revenue streams while still respecting user privacy rights. One of these innovations has been the Consent or Pay…

[WEBINAR] Consent requirements for mobile games

Date posted –

Google’s new consent requirements went into effect on the 16th of January. Mobile apps using AdMob, AdSense and Ad Manager are now required to use a Google-approved consent management platform (CMP) when serving ads to users in the EEA…

New Hampshire passes comprehensive privacy law

Date posted – 22/01/2024

SB 255 is largely identical to Connecticut’s privacy law, with some differences, including lower consumer data processing thresholds for application of the law to businesses. Like Connecticut and over half of the comprehensive privacy laws enacted so far, the New Hampshire law…

Sourcepoint CMP Tackles Future of US Privacy with New Sensitive Data Opt-in Functionality

Date posted – 17/01/2024

Sourcepoint’s feature supports a new model for consent in the U.S. that has so far been limited to the EU, allowing more customers to be privacy-forward in their approach to navigating such a complex landscape.

New Jersey enacts comprehensive privacy law

Date posted – 15/01/2024

New Jersey S332 passed both houses of the state’s legislature and was signed by the governor, making New Jersey the thirteenth state to pass a comprehensive privacy law. The law will go into effect January 16, 2025.

Privacy Developments in 2023: Year in Review

Date posted – 10/01/2024

With 2023 behind us, we’re looking back on the biggest headlines that shaped the data privacy landscape across Europe and the United States.

Utah Consumer Privacy Act takes effect

Date posted – 08/01/2024

The UCPA is the least restrictive of the five active state laws, most closely resembling Virginia’s VCDPA. Notably, enforcement under the Utah law requires overcoming a number of procedural hurdles not present in the other laws.

Navigating Privacy in Gaming: Key Insights for 2024

Date posted – 03/01/2024

In 2023, the gaming industry got a clear wake-up call: not investing in privacy will directly hurt your bottom line. Learn about best practices for implementing a CMP, and common misconceptions about CMPs.

VPPA class actions continue, with more targeted approach

Date posted – 18/12/2023

In this case, the plaintiffs are alleging that Rumble’s business model is centered around providing pre-recorded audio-visual content and that, through use of a Meta pixel, Rumble disclosed Facebook IDs, along with specific video titles and video URLs, to…

Spanish Media association alleges Meta’s privacy violations constitute unfair competition

Date posted – 11/12/2023

The Information Media Association (AMI) filed a lawsuit in Spain on behalf of 83 Spanish media outlets alleging that Meta’s “systemic and massive non-compliance” with European data protection regulations, including a failure to obtain user consent for profiling, allowed…

CPPA might require all browsers to offer opt-out preference signals

Date posted – 04/12/2023

A memorandum from the California Privacy Protection Agency (CPPA) staff proposes that the CPPA Board support legislation to require all browsers, platforms and devices to include an opt-out preference signal feature, enabling users to opt out of the sale / sharing…

ICO sends warning letters to top UK sites, citing lack of “Reject All”

Date posted – 27/11/2023

The ICO previously made an announcement on its website warning that the ICO would be assessing cookie banner of the most frequently used websites in the UK and taking action where harmful design was affecting consumers. 

How Publisher Collective supercharged their consent management strategy

Date posted – 20/11/2023

Publisher Collective recognised the importance of collecting consent in order to ensure that all monetisation was compliant. Without this consent, the clients of Publisher Collective would be at risk of regulatory fines. Additionally, offering the user a clear choice…

New metric: Vendors After Opt-out

Date posted – 08/11/2023

Our new Diagnose metric, Vendors After Opt-out, reports on vendors who are found firing even after a user has opted out. It also flags vendors who are not yet signed up to the Multi-State Privacy Agreement (MSPA). With these…

Employee Spotlight: Maria Martinez Diaz

Date posted – 31/10/2023

Maria Martinez Diaz recently joined the New York office as a Senior Director of Enterprise Sales. Here Maria reflects on the risks of digital advertising, what attracted her to working at Sourcepoint, and shares some career advice.

Firefox 120 to Ease Ability to Set Global Privacy Control

Date posted – 30/10/2023

Mozilla released an “Intent to Ship” note disclosing that Firefox 120 will allow users to enable Global Privacy Control by either checking a checkbox in the Firefox privacy settings or by using Private Browsing mode.

California AG appeals decision blocking Age Appropriate Design Code

Date posted – 23/10/2023

California Attorney General Rob Bonta filed a notice of appeal seeking to overturn a preliminary injunction granted last month blocking the California Age Appropriate Design Code (CAADC), a law that was signed by Governor Newsom in 2022 and originally scheduled to…

[WEBINAR] Unpacking privacy litigation trends

Date posted – 20/10/2023

While state law developments have shared in the spotlight for privacy compliance over the last year, that has not slowed the pace of enforcement of existing sectoral federal privacy laws. This webinar will examine:

California governor signs Delete Act into law

Date posted – 16/10/2023

Data broker registration and reporting has been required under California law since 2019, and there are currently about 500 data brokers registered. The Delete Act will include new requirements move the registry from the Attorney General’s Office to the…

Meta to offer ad-free subscription plans in Europe

Date posted – 09/10/2023

Meta plans to offer European users ad-free paid subscription plans for Instagram and Facebook as an alternative to consenting to personalized ads. The move, which will reportedly be implemented in the coming months, would be an attempt to comply…

[WEBINAR] What’s behind the surge in VPPA class actions?

Date posted – 03/10/2023

Sheppard Mullin LLP joins Sourcepoint for this webinar to help us break down the history of VPPA, how it’s been used in class actions, and strategies for compliance and tracking risk mitigation.

Norway DPA’s privacy fine against Grindr affirmed on appeal

Date posted – 02/10/2023

The appeals court found it insufficient that Grindr only included information about sharing personal data to advertising partners in their privacy policy. The court also found that the fact that an individual is a user of Grindr is, in and…

[WEBINAR] Navigating US privacy rules for sensitive data

Date posted –

US state privacy laws are multiplying, and both regulators and class actions have been shining the spotlight on companies collecting or sharing sensitive data without consent. But what is sensitive data, actually?

FTC warns tax prep companies against using trackers without consent

Date posted – 25/09/2023

The Federal Trade Commission sent warning letters to five tax preparation companies warning that the recipients could incur civil penalties up to $50,120 per violation if they misuse personal data in ways counter to the original purpose for which…

Delaware governor signs comprehensive privacy law

Date posted – 18/09/2023

Delaware HB 154, implementing the Delaware Personal Data Privacy Act, was signed into law, making Delaware the twelfth state to enact a comprehensive privacy law. Most of the law will take effect January 1, 2025, with the requirement to respect…

Women say data transparency matters when selecting fertility apps

Date posted – 11/09/2023

A poll conducted by the UK Information Commissioner’s Office (ICO) revealed that 59% of women surveyed said transparency over how their data was used was a bigger concern than cost or ease of use when selecting a period or fertility tracking…

CPPA publishes draft regulations for cybersecurity and risk assessments

Date posted – 05/09/2023

The California Privacy Protection Agency (CPPA), as part of the meeting records for its September 8 board meeting, published two sets of draft regulations, covering cybersecurity and risk assessments, respectively.

Sourcepoint is a Google-certified CMP for EEA/UK

Date posted – 29/08/2023

Google announced that they will soon require their publisher customers to use a CMP. Specifically, a Google-certified CMP. Sourcepoint is pleased to announce that our CMP has been one of the first CMPs to be certified as an approved…

Sports streaming site settles for $2.6MM in VPPA class suit

Date posted – 28/08/2023

This is not the first major VPPA settlement regarding use of the Facebook (Meta) pixel coming out of Massachusetts. Boston Globe entered into a $4MM settlement agreement earlier this year over similar allegations (case 1:22-cv-10195-RGS). As part of the FloSports…

Google faces complaints for collecting sensitive information

Date posted – 21/08/2023

A class action lawsuit alleging violations of federal and state wiretapping laws was filed against Google based on Google’s collection of sensitive financial information from tax filing services H&R Block, TaxAct, and TaxSlayer through use of Google Analytics and the Google…

UK websites urged to add “reject all” button – what that means

Date posted – 14/08/2023

According to a joint paper published by the UK’s ICO and CMA, harmful design practices will be reason to take formal regulatory action. Specifically, the option to not consent cannot require more steps, time, or friction than consenting.

UK ICO & CMA warn against design practices that harm consumer choice

Date posted –

In a joint paper, the UK Information Commissioner’s Office (ICO) and Competition Markets Authority (CMA) set out their shared expectations of how companies should present information and choice to users of digital services about how user personal information is processed,…

Meta to obtain consent for ads in EU, but not UK

Date posted – 07/08/2023

Meta announced, through a blog post update, that it will change the legal basis it uses to process personal data for behavioral advertising for people in the EU, EEA and Switzerland from ‘Legitimate Interest’ to ‘Consent’. The company did not…

13 key takeaways from recent FTC health data cases

Date posted – 31/07/2023

After several recent FTC enforcement actions involving health-related data, FTC staff posted on its “business blog” a list of thirteen “key messages” from the cases that companies need to understand.

Oregon enacts privacy law; Fandom VPPA suit allowed to proceed

Date posted – 24/07/2023

Oregon SB 619 was signed into law, making Oregon the eleventh state to sign a comprehensive privacy law (twelve, if you count Florida), adding to California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah and Virginia.

[WEBINAR] What is TCF v2.2 and why is Google requiring an approved CMP?

Date posted – 19/07/2023

Join Sam Morse, Global Product Lead, Regulation & Privacy at Google and Frances Hudson, VP of Product at Sourcepoint, for a webinar all about Google’s new CMP requirements.

Tax prep companies under scrutiny for use of Meta pixel

Date posted – 17/07/2023

An investigation completed by a group of federal lawmakers revealed that tax prep companies TaxAct, TaxSlayer and H&R Block sent taxpayer information to Meta and Google for years through installation of the Meta pixel and use of Google tools on their…

What to know about BetterHelp’s FTC health data privacy settlement

Date posted – 15/07/2023

The FTC has issued a proposed order requiring online therapy service BetterHelp to pay $7.8M for sharing their customers’ sensitive health information with advertisers, despite promises that the information would be kept private.

What is privacy-safe advertising?

Date posted – 14/07/2023

While the term “privacy safe” has become a bit of a buzzword, at Sourcepoint we define it as due diligence to make sure your advertisements only appear on websites with high levels of privacy compliance. 

Vendor status helps teams collaborate on third-party governance

Date posted – 12/07/2023

Sourcepoint’s Diagnose scanning was designed to shine light on the third-parties operating on your owned and operated properties, and help mitigate the risks that come from your vendor ecosystem. But looking at a map of your adtech and martech…

European Commission adopts EU-U.S. adequacy decision

Date posted – 10/07/2023

A committee made up of EU Member State representatives voted in favor of approving the European Commission’s draft adequacy decision on the EU-US Data Privacy Framework. 24 Member States approved, and 3 Member States abstained from the vote. The European Commission then…

Enforcement of California regulations delayed to 2024

Date posted – 04/07/2023

The California Chamber of Commerce argued (and the Court agreed) that giving companies only three months to comply with the regulations did not align with the intent of the legislation. The Court ruled, therefore, that regulations (both now existing…

Texas privacy bill signed into law

Date posted – 26/06/2023

 The Texas Governor signed HB 4, implementing the Texas Data Privacy and Security Act. Most of the Act will take effect July 1, 2024, with the obligation to respect global opt-out mechanisms taking effect January 1, 2025.

FTC warns against illegal use of algorithm training data

Date posted – 20/06/2023

the FTC made clear that it “will hold companies accountable for how they obtain, retain, and use consumer data that powers algorithms”, that “any company that undermines consumer control of their data can face FTC enforcement action”, and that…

[WEBINAR] The crackdown on tracking pixels in the US

Date posted –

Julie Rubash, Sourcepoint’s Chief Privacy Counsel, presents this webinar on tracking pixels and their growing importance to US privacy enforcement. She’ll be joined by our US Client Services Director, Pat Effinger, to discuss implications for the digital marketing ecosystem….

FTC fines Microsoft over children’s privacy

Date posted – 12/06/2023

The FTC announced that Microsoft will pay a $20 million fine for alleged violations of COPPA. Specifically, the FTC alleged that Microsoft’s Xbox gaming products required users to provide a date of birth and personal info when creating an…

TikTok faces latest class action over pixel tracking

Date posted – 05/06/2023

A class action lawsuit was filed against TikTok in the Central District of California, alleging various California statutory, common law and constitutional claims based on TikTok’s collection and use of ad event information, IP address, and cookie information from…

FTC asserts that COPPA does not preempt state law claims

Date posted – 31/05/2023

Google argued in its appeal that all state-law claims involving children’s online privacy are barred by COPPA’s preemption clause, but the FTC argued that nothing in COPPA’s text purpose, or legislative history supports Google’s argument. If the full appeals court follows…

Safeguarding quality publishing

Date posted – 25/05/2023

The digital age has brought numerous benefits, but it has also given rise to a proliferation of misinformation.

Health data privacy “a high priority” for FTC

Date posted – 22/05/2023

The Premom settlement is the third recent enforcement action by the FTC regarding sensitive data collection by health apps, following actions against online mental health counseling service Betterhelp and telehealth company GoodRx, and they likely won’t be the last. In its…

Indiana privacy law signed; Florida sent to governor

Date posted – 08/05/2023

Indiana’s Governor signed SB 5, enacting a Virginia-style comprehensive privacy law that will take effect January 1, 2026. Meanwhile, an amended version of Florida SB 262 was fast-tracked through the legislature, passing the House and Senate on the same day.

FAQ: Belgian DPA’s decision regarding the IAB’s TCF

Date posted – 05/05/2023

On 11th January 2023, the Belgian DPA approved the IAB Europe’s action plan to align the TCF with their requirements. The IAB Europe challenged this with an appeal in February 2023. On 15th March 2023, the IAB Europe announced…

Everything you need to know about TCF v2.2

Date posted – 02/05/2023

TCF v2.2 introduces changes which the industry can make to address many of the concerns raised in the Belgian DPA ruling that are not dependent on pending answers from the CJEU.  Let’s go over how TCF v2.2 differs from…

Washington’s My Health My Data Act signed into law

Date posted – 01/05/2023

Although the My Health My Data Act only applies to “consumer health data”, the definition and application of such term is broad enough to impact many entities that likely have not previously considered themselves to be involved in the processing…

Montana & Tennessee to enact comprehensive privacy laws

Date posted – 24/04/2023

Montana SB 384, establishing the Montana Consumer Data Privacy Act, and Tennessee HB 1181, establishing the Tennessee Information Protection Act, were both unanimously passed by the States’ respective Legislatures on April 21. Unless the bills are vetoed by their State Governors, the Tennessee…

Indiana to pass comprehensive privacy legislation

Date posted – 17/04/2023

Indiana will be the seventh state to pass comprehensive privacy legislation, joining California and Virginia (already in effect), Colorado and Connecticut (effective July 1, 2023), Utah (effective December 31, 2023) and Iowa (effective January 1, 2025).  

Washington state passes broad health data bill

Date posted – 11/04/2023

Under the My Health My Data Act, consumer health data is broadly defined to include not only information that directly identifies a consumer’s physical or mental health, but also information derived or extrapolated from non-health information, including from algorithms or…

Iowa is sixth U.S. state to enact comprehensive privacy law

Date posted – 29/03/2023

Iowa’s SF262, An Act Relating to Consumer Data Protection, was passed unanimously by the state Senate and House on March 6 and 15 respectively, and signed into law by the Iowa Governor on March 29, 2023. Iowa is the…

Another VPPA class action overcomes a motion to dismiss

Date posted – 27/03/2023

A federal district court judge in the Northern District of Georgia denied defendant Public Broadcasting Service (PBS)’s motion to dismiss a class action alleging PBS’s use of a Facebook pixel in connection with video content violated the Video Privacy Protection Act….

Iowa sends comprehensive privacy bill to governor

Date posted – 20/03/2023

The Iowa legislature passed SF 262, a comprehensive privacy bill, which, if signed by the governor, will make Iowa the sixth U.S. state to pass comprehensive privacy legislation.

What’s up with the Colorado Privacy Act?

Date posted –

How will Colorado’s law impact advertising? Read on for our breakdown of the newest privacy TLA: the CPA.

Health data privacy takes center stage as legislation advances

Date posted – 13/03/2023

Three major developments in health data privacy occurred over the last week. The Washington state House of Representatives passed (moving the legislation to the Senate) HB 1155, a bill that would prohibit the sale of non-HIPAA-protected consumer health data and…

FTC continues health data privacy enforcement

Date posted – 06/03/2023

The FTC made two announcements this week demonstrating its increasing focus on health information privacy enforcement: a proposed settlement with online counseling service BetterHelp regarding the sharing of health information with social media platforms for advertising purposes; and a…

UK ICO issues Privacy by Design guidance

Date posted – 27/02/2023

The UK Information Commissioner’s Office (ICO) issued new guidance titled “Privacy in the product design lifecycle” that reminds companies of recommended data protection practices when designing products, communicating privacy information, obtaining consent and extending user rights.

[WEBINAR] Vendor Trace: Visualizing the vendor supply chain

Date posted – 17/02/2023

In this webinar, we address the importance of vendor governance given increasing scrutiny over third-party data sharing. Then, we demonstrate how you can use Vendor Trace to chart your entire adtech/martech ecosystem, and how to use our consent views…

IAB Europe files challenge to APD validation of action plan

Date posted – 13/02/2023

IAB Europe announced that it has made a formal request to the Belgian Market Court to prevent the Belgian Data Protection Authority (APD) from enforcing changes to the IAB Europe’s Transparency and Consent Framework (TCF), pending a ruling from…

GoodRX faces fines under FTC breach notification rule

Date posted – 07/02/2023

The FTC Health Breach Notification Rule was issued in 2009 and applies to entities that are not covered by HIPAA. In a 2021 statement, the FTC clarified that a “breach” is not limited to cybersecurity intrusions but could also include sharing…

California AG announces new enforcement sweep

Date posted – 30/01/2023

The AG’s office sent letters to popular apps in the retail, travel and food services industries who either don’t offer consumers an opt-out mechanism or fail to comply with consumer opt-out requests.

Sourcepoint announces solution to pinpoint source of third-party scripts that pose privacy risks

Date posted – 25/01/2023

Vendor Trace is the first tool on the market that allows users to visualize the chain of vendor referrals and then apply privacy compliance filters.

Downstream compliance made easy with Vendor Trace

Date posted – 24/01/2023

The interactive flowchart includes the ability to search for and isolate specific vendor paths, as well as apply compliance related filters to highlight bad actors within the vendor supply chain. 

11 US states now have active comprehensive privacy bills

Date posted – 23/01/2023

Massachusetts and Hawaii joined the list of states with active comprehensive privacy bills, bringing the total number of states to 11.  Indiana, Iowa, Mississippi and Oregon all introduced comprehensive privacy bills earlier in January 2023.

APD approves IAB Europe action plan

Date posted – 17/01/2023

The Belgian Data Protection Authority (APD) announced that it approved IAB Europe’s action plan submitted in response to the APD’s February 2022 decision holding IAB Europe’s Transparency and Consent Framework (TCF) in violation of the GDPR. The APD’s approval starts a…

California’s CPRA and Virginia’s VCDPA take effect

Date posted – 09/01/2023

January 1 marked the effective date of the Virginia Consumer Data Protection Act (VCDPA) and the date that the California Privacy Rights Act (CPRA), amending the California Consumer Privacy Act (CCPA), became fully operative. The CPRA includes a 6-month grace period, so…

The Atlantic is the latest to face a video privacy class action suit

Date posted – 19/12/2022

In 2022, class actions have been filed against The Atlantic, the NFL, MLB, Buzzfeed, Healthline Media, Fandom, Paramount, Meredith, Patreon, Meta, Nextstar Media, Discovery Communications, HBO, and WebMD based on violations of the VPPA.

Italy’s Garante fines social audio app Clubhouse for GDPR violations

Date posted – 12/12/2022

The Garante found that, since there was a lack of an establishment in a specific territory in the European Union, each Supervisory Authority is competent to assess the company’s compliance with respect to its own territory. Therefore the Garante…

Introducing: Bulk Cookie Disclosures

Date posted – 07/12/2022

Turn your cookie scan results into informative cookie disclosures, with the new addition of bulk cookie disclosureses to the Dialogue CMP vendor list management workflow.  This feature simplifies the process of mapping cookie disclosures to their respective vendors, which…

IAB Canada launches Transparency Consent Framework

Date posted – 05/12/2022

 IAB Canada announced the launch of the Transparency and Consent Framework for Canada (TCF Canada), a set of technical specifications and policy documents designed to help the digital marketing and advertising ecosystem to communicate with and extend options to…

FTC rulemaking and CPRA comment periods close

Date posted – 28/11/2022

Comments from the News/Media Alliance requested that any FTC rules be consistent with existing laws and regulations, that obligations be apportioned based on company size and risk, that enforcement and remedies be restricted to instances of direct and proximate…

Google settles in multi-state location tracking suit

Date posted – 21/11/2022

Google settled a multistate privacy lawsuit with 40 state Attorneys General based on allegations Google violated various state consumer protection laws by deceptively tracking user location even when location tracking had been turned off. In addition to the payment, the settlement requires…

Colorado Posts Public Comments to CPA Draft Rules

Date posted – 14/11/2022

The Data Protection and Digital Information Bill, which was designed to replace the UK’s version of GDPR, will undergo further consultation in the coming weeks. Additional consultation will reportedly focus on ensuring adequacy with the EU.

UK’s GDPR replacement bill consultations will focus on EU adequacy

Date posted – 07/11/2022

The Data Protection and Digital Information Bill, which was designed to replace the UK’s version of GDPR, will undergo further consultation in the coming weeks. Additional consultation will reportedly focus on ensuring adequacy with the EU.

[WEBINAR] How many vendors is enough?

Date posted – 03/11/2022

In this webinar, you’ll learn the importance of curating your CMP vendor list and how The Independent team used Sourcepoint’s Diagnose tool to dramatically improve their compliance score without sacrificing revenue.

CPPA concludes first meetings on updated CPRA Regulations

Date posted – 31/10/2022

The board’s modification to address “good faith efforts to comply” and the timeline for compliance are intended to provide companies some assurance regarding these delays, but companies are still in a position to have at least a “good faith”…

Vendor list cautionary tales: what you can do to protect your site

Date posted –

When was the last time you took a look at the different vendors accessing data from your website? If it’s been a while, it’s time to take a look under the hood with a cookie and tracker scanner. There…

California agency releases updated draft CPRA regulations

Date posted – 24/10/2022

Among other changes, the modifications include the addition of a list of factors to consider when determining whether a company’s practices are within the consumer’s “reasonable expectations” as well as changes to clarify the “symmetry-in-choice” principle, including changes to…

U.S. State Signal specs released for comment as part of Global Privacy Platform 

Date posted – 17/10/2022

The new US State Signals will supersede the US Privacy Framework and will likely continue to evolve as more comprehensive state privacy laws are enacted across the United States. The US State Signals and the Multi-State Privacy Agreement address…

What’s the IAB Tech Lab’s Global Privacy Platform (GPP) framework?

Date posted – 13/10/2022

It’s not just GDPR and CCPA anymore. Data protection laws are emerging all over the world. With so many US state-level data protection laws soon going into effect and privacy laws in South America and Asia on the rise…

FAQ: Executive Order on US-EU data transfers

Date posted – 10/10/2022

On October 7, 2022, President Biden signed an Executive Order providing for binding safeguards and redress mechanisms for Europeans whose data is transferred to the U.S. The European Commission has said that this Executive Order will be the basis…

European commission to draft U.S. adequacy decision

Date posted – 09/10/2022

In response to an executive order signed by U.S. President Biden, implementing new binding safeguards and redress mechanisms for Europeans, the European Commission released a Q&A revealing that they “will now prepare a draft adequacy decision, as well as…

Class action against Twitter seeks profits from targeted ads

Date posted – 26/09/2022

A Twitter user is reportedly seeking to recover, as part of a class action lawsuit, any profits Twitter earned from targeted ads served using personal information that was allegedly deceptively collected. Papers filed in the Northern District of California…

Global Privacy Control and the Sourcepoint CMP

Date posted – 19/09/2022

The requirement to honor global privacy control is already being enforced in California — and enforcement is escalating. Here’s how you can use the Sourcepoint CMP to start honoring the GPC signal today, and as regulations evolve.

California governor signs children’s privacy bill

Date posted –

Application of this California law is much broader than the current federal Children’s Online Privacy Protection Act (COPPA), which applies to services “directed to children” under the age of 13. Therefore, many websites and services that have never had…

Belgian market court refers questions in IAB Europe case to CJEU

Date posted – 12/09/2022

In response to IAB Europe’s appeal of a February ruling finding IAB Europe’s TCF Framework in violation of the GDPR, the Belgian Market Court issued a judgment rejecting in part and accepting in part certain procedural grounds for appeal and referring…

Update on the Belgian ruling on IAB Europe’s TCF

Date posted – 08/09/2022

The Belgian Market Court has issued a new judgment re the IAB Europe’s appeal of the Belgian DPA’s decision on the legality of the TCF. 

FTC sues data broker Kochava for selling precise location information

Date posted – 05/09/2022

FTC sues data broker Kochava for selling precise location information. California passes children’s privacy bill. Plus, revised Swiss data protection law to take effect and New Zealand considers closing notification gap for indirect data collection.

The noyb Cookie Banner GDPR Complaints: What You Need to Know

Date posted – 31/08/2022

The European Center for Digital Rights, also known as noyb (None of Your Business), is a non-profit organization started in 2017 by Austrian privacy activist, lawyer, and author, Max Schrems. On May 31, 2021 noyb launched a new…

Uncover all cookies with the new Diagnose dashboard

Date posted – 30/08/2022

Diagnose Compliance Monitoring has always helped you spot vendor behavior that puts you at risk. Now, our newest dashboard goes even further to give you full visibility into your tech stack at all times.  Introducing: the new All Cookies Found dashboard.  With…

Sephora Settles in GPC Enforcement Sweep

Date posted – 29/08/2022

California Attorney General Bonta announced reaching a $1.2 million settlement with Sephora based on allegations the retailer violated the California Consumer Privacy Act (CCPA). According to the announcement, Sephora failed to disclose its sale of personal information collected from…

[WEBINAR] Global Privacy Control

Date posted – 25/08/2022

In this webinar, Sourcepoint will present an overview on Global Privacy Control (GPC), a technical specification for transmitting universal opt-out signals. You’ll learn best practices for honoring the GPC signal as of today, and as new jurisdictions become relevant.

Soltani to Pelosi: “ADPPA Represents a False Choice”

Date posted – 22/08/2022

In a letter to Speaker Pelosi and Minority Leader McCarthy, Ashkan Soltani, Executive Director of the California Privacy Protection Agency (CPPA), expressed his opposition to the proposed American Data Privacy and Protection Act (ADPPA). The letter stated that the…

FTC kicks off commercial surveillance rulemaking process

Date posted – 15/08/2022

The California Privacy Protection Agency (CPPA) unanimously voted to oppose HR 8152, the federal bill implementing the American Data Privacy and Protection Act (ADPPA), citing the bill’s broad preemption language as the reason for its opposition.

CJEU Ruling Broadens Scope of Sensitive Data Under GDPR

Date posted – 08/08/2022

The California Privacy Protection Agency (CPPA) unanimously voted to oppose HR 8152, the federal bill implementing the American Data Privacy and Protection Act (ADPPA), citing the bill’s broad preemption language as the reason for its opposition.

[WEBINAR] Benchmark Report: US Privacy Compliance

Date posted – 03/08/2022

In this webinar, Sourcepoint presents its US Privacy Benchmark Report for a look into the current state of compliance with CCPA requirements. We’ll provide an overview of the US privacy patchwork and discuss what lies ahead, such as the…

California Agency Opposes Federal ADPPA

Date posted – 02/08/2022

The California Privacy Protection Agency (CPPA) unanimously voted to oppose HR 8152, the federal bill implementing the American Data Privacy and Protection Act (ADPPA), citing the bill’s broad preemption language as the reason for its opposition.

US Federal Privacy Bill Advances to House Floor

Date posted – 25/07/2022

The House Committee on Energy and Commerce voted to report an amended version of HR 8152 (implementing the American Data Privacy and Protection Act) favorably to the House. The amended version of the bill, among other changes, expands the definition of “sensitive…

How to collect consent for GA4

Date posted – 19/07/2022

In recent years, increasing regulatory activity around cookie consent has led to a move away from third-party tracking. Google Analytics 4 and new features like Google Consent Mode signal an industry shift towards privacy-minded design in analytics and advertising. …

TikTok Pauses Legitimate Interest for Targeted Ads After Warning from DPAs

Date posted – 18/07/2022

According to the Garante’s warning, TikTok’s administration of personalized commercial advertising, at least to the extent based on information stored on the user’s device, cannot legally be based on legitimate interest under the ePrivacy Directive, and to the…

Horizon Media partners with Sourcepoint to help drive privacy-first advertising

Date posted –

Sourcepoint, the privacy compliance platform of record for the digital marketing ecosystem, has partnered with Horizon Media to provide their clients with access to Sourcepoint’s privacy measurement technology, Privacy Lens. Sourcepoint’s proprietary platform allows advertisers to ensure media quality…

Meta settles with DOJ in housing ads discrimination case

Date posted – 27/06/2022

The U.S. Department of Justice announced a $115,054 settlement with Facebook’s parent company, Meta, over allegations that Facebook’s advertising tool enabled advertisers to use user characteristics such as race, color, religion, sex, disability, familial status and national origin, to…

UK government responds to data reform consultation

Date posted – 19/06/2022

The consultation, which ran for 10 weeks ending in November 2021, involved collection of feedback from stakeholders in response to a consultation paper outlining a range of data reform proposals. Several of the consultation’s proposals involved removing consent requirements…

Sourcepoint and MediaMath Announce First-of-its-kind Partnership to Provide ‘Privacy-Safe’ Inventory Segments

Date posted – 16/06/2022

Sourcepoint has integrated its privacy safety data with MediaMath, in order to provide MediaMath customers with pre-bid access to inventory segments that meet their privacy compliance standards. The integration helps responsible advertisers easily reach consumers in environments they have…

Ad industry says draft federal privacy legislation falls short

Date posted – 13/06/2022

Privacy for America, a coalition that includes several ad industry trade bodies, expressed support for a bipartisan federal data privacy bill but said the recent draft bill “falls short in terms of protecting responsible data use”.

Draft U.S. federal privacy legislation released

Date posted – 07/06/2022

According to a press release from the House Committee on Energy & Commerce, the draft is “the first comprehensive privacy proposal to gain bipartisan, bicameral support”. 

California agency issues draft privacy regulations

Date posted – 31/05/2022

The draft regulations include multiple changes that would impact the digital advertising industry, including a requirement to to treat universal opt-out preferences signals as valid opt-out requests.

FTC to enforce COPPA in EdTech

Date posted – 23/05/2022

The FTC committed to fully enforce COPPA’s limitations on edtech operators’ ability to collect, use and retain children’s personal data, including in school and learning settings.

The new playground: why we need to re-architect the internet to prioritize child privacy

Date posted – 19/05/2022

Even as data privacy becomes an increasingly priority in the US, legislation remains fragmented, making it difficult for companies to stay in compliance with sensitive rules such as those concerning children’s privacy.

FTC to vote on COPPA enforcement in edtech

Date posted – 16/05/2022

This week: FTC to vote on COPPA enforcement, and has a Democratic majority, plus Greece DPA warns about consent non-compliance.

Connecticut enacts privacy law: what you need to know

Date posted – 13/05/2022

Connecticut is the latest state to join California, Virginia, Colorado, and Utah in enacting comprehensive privacy laws which will take effect in 2023. What’s going on with Connecticut’s new privacy law?  Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring was passed by the state Senate…

Preparing for the “privacy tsunami”

Date posted – 11/05/2022

As recent rulings against IAB Europe’s TCF, Google and Facebook both illustrate, the privacy landscape is in a state of near-constant change. For privacy professionals that don’t have specific expertise in digital advertising, this can represent a complex and…

In the privacy-first era, what responsibility do advertisers have?

Date posted – 09/05/2022

Increasingly, instead of blindly rolling the dice on the open web, shrewd advertisers are moving data privacy and data ethics to the center of their brand’s strategy. If personalized advertising is to continue, it’s clear that current market dynamics…

Connecticut privacy bill becomes law

Date posted –

This week’s news: Connecticut passes their privacy law, California prepares for CPRA regulations, and the UK moves closer to reform.

EU Council / Parliament reach agreement on Digital Services Act

Date posted – 02/05/2022

Connecticut SB 6, which closely resembles the Colorado Privacy Act, was unanimously passed by the Senate after an amendment making changes to the applicability threshold and the age of children’s data (from 18 to 16) and removing authentication requirements…

Connecticut privacy bill passes Senate

Date posted – 25/04/2022

Connecticut SB 6, which closely resembles the Colorado Privacy Act, was unanimously passed by the Senate after an amendment making changes to the applicability threshold and the age of children’s data (from 18 to 16) and removing authentication requirements…

The new Utah data privacy law: what you need to know

Date posted –

Did you have Utah on your US state privacy patchwork bingo card? Probably not! But the Beehive State is indeed the latest state to enact a data privacy law, following Colorado and Virginia, to pass a privacy law. Read…

Virginia amendment impacts third-party treatment of deletion requests

Date posted – 18/04/2022

The purpose of this amendment was to prevent companies that receive data indirectly from other businesses from deleting consumer data in response to a request and then re-collecting data about the same consumer from an indirect business source, without…

German DPA says Google must fix consent banners

Date posted – 11/04/2022

The Hamburg Commissioner’s position is consistent with previous sentiments from other EU DPAs, including the CNIL in France, which issued sanctions against Google and Facebook early this year based on a finding that the companies’ respective cookie banners did…

Why publishers need to stop using dark patterns

Date posted – 10/04/2022

Dark patterns – or website designs that manipulate users into performing specific actions – are widespread these days. In fact, one recent study from Princeton examined 11,000 shopping websites and found 1,818 instances and 15 different types of dark patterns. As…

IAB Europe submits action plan to Belgium DPA

Date posted – 04/04/2022

If the APD approves the action plan, IAB Europe will have 6 months from the date of such approval to implement the plan. However, IAB Europe has also appealed the decision, including a request to suspend the Order pending…

Tentative transatlantic data flow agreement reached

Date posted – 28/03/2022

Biden announced that their countries had “reached a major breakthrough in transatlantic data flows” with a “new agreement [that] will enhance the Privacy Shield Framework; promote growth and innovation in Europe and the United States; and help companies, both…

Utah privacy bill awaits signature; Google to sunset analytics solution storing IP address

Date posted – 21/03/2022

Like the Colorado and Virginia laws, the UCPA does provide a right to opt out of sales and targeted advertising, but it does not provide a right to opt out of profiling. The law adopts Virginia’s narrow definition of…

For publishers: 5 tips for optimizing your vendor assessment process

Date posted – 15/03/2022

Know you need to dig deeper into the data processors on your page, but don’t know where to start? We’ve got you covered.

Trans-atlantic data transfer agreements a “high priority”

Date posted – 28/02/2022

The United States and European Union will need to either agree on sufficient safeguards to protect EU data subjects or reconcile the differences between the EU Charter and U.S. Surveillance laws. Meanwhile, the new UK Information Commissioner criticizes EU’s…

California Privacy Agency rulemaking delay; IAB Europe clarifies Belgian DPA decision for pubs

Date posted – 23/02/2022

CPPA announces delayed rulemaking. Facebook settles cookie tracking lawsuit. IAB Europe to publishers: the TCF is not illegal.

IAB Europe to appeal Belgian DPA decision; ICCL calls on deletion of TCF data

Date posted – 15/02/2022

Irish Council of Civil Liberties send letters to major advertisers calling on the deletion on digital advertising data collected via the TCF. The IAB Europe announces plans to appeal the Belgian DPA decision. And an Australian court reject’s Facebooks…

23 US states now have active privacy legislation; Belgium fines IAB Europe for GDPR violations

Date posted – 07/02/2022

Indiana, Washington, and Massachusetts privacy bills make progress; Wisconsin bill introduced. Meanwhile, the Belgian DPA fines IAB Europe for GDPR violations.

It’s not about the TCF, it’s about the future of advertising

Date posted – 03/02/2022

This recent ruling by the APD is an urgent reminder that we as an industry still have work to do to protect the ecosystem of digital utility that has been built over the past 30 years. 

US states sue Google over dark patterns and German ad industry criticizes third-party cookie deprecation

Date posted – 31/01/2022

State attorneys general sue Google re dark patterns, ANA urges FTC to reject surveillance ad ban, Indiana privacy bill advances to senate floor, German ad industry criticizes deprecation of third-party cookies, EDPB issues guidance re right of access, and…

Even more US state privacy bills, plus European Parliament approves Digital Services Act

Date posted – 24/01/2022

Privacy bills from more US state states, including Mississippi, Nebraska, and Pennsylvania. Plus, Europe’s Digital Services Act was approved.

Connecting the dots on: global privacy controls

Date posted –

You might have heard of an initiative to create a technical specification for universal opt-out signals, called Global Privacy Control. But the term ‘global privacy controls” (lowercase) is also sometimes used to refer to universal opt-out mechanisms, or any…

More US state privacy bills and new CNIL guidance on subcontractors

Date posted – 17/01/2022

US state privacy bills pour in from Alaska, Florida, Indiana, Vermont, Virginia (amending the VCDPA), and Washington.

Luxembourg court suspends Amazon decision; CNIL fines Google & Facebook

Date posted – 10/01/2022

Luxembourg court suspends decision against Amazon. CNIL issues fines against Google & Facebook. UK confirms new information commissioner. Biden re-nominates Bedoya for FTC commissioner. New York Privacy Act is reintroduced. Jordan introduces draft data protection law.

OpenX to pay $2M for FTC privacy settlement; Google settles over children’s privacy

Date posted – 20/12/2021

OpenX to pay $2M for FTC privacy settlement. Google settles with New Mexico AG re children’s privacy. FTC provides notice of privacy rulemaking process consideration. California CPPA releases public comments. CNIL issues new developer guide re cookies. CNIL issues…

Ebook: A Publisher’s Guide to Vendor List Curation

Date posted – 16/12/2021

How to review your vendor list to mitigate compliance gaps and protect revenue.

Week of December 6, 2021

Date posted – 13/12/2021

Ohio hears testimony in fourth hearing of the Ohio Personal Privacy Act. US dark patterns legislation would prohibit online services with more than 100M users from designing UI that obscures user choice. US Senate holds hearing on tech privacy/…

WTF is a CMP and how to select the right one?

Date posted – 10/12/2021

With a constant stream of new privacy regulations, including GDPR, CCPA, LGPD and POPI, it can be difficult for publishers to stay on top of the latest laws coming into force around the world. In response to the ever-expanding…

Advocacy group pushes the FTC for elevated privacy reform

Date posted – 07/12/2021

Bedoya FTC nomination on delay. Advocacy group pushes FTC for elevated privacy reform. Germany telecom privacy law in effect. CJEU advocate general suggests GDPR allows for national representative GPDR action. Spain DPA says public key can be personal data….

Connecting the dots on: cookie consent

Date posted – 01/12/2021

Activity around cookie consent has been steadily ramping throughout Europe, with DPAs and privacy activists scrutinizing the effectiveness of consent in protecting user privacy. From dark patterns in cookie banners to depositing non-essential third-party tracking cookies on users’ computers…

Belgian DPA finalizes draft IAB decision

Date posted – 30/11/2021

Belgian DPA finalizes draft IAB decision for DPA feedback. ICO and CNIL publish expectations for new online advertising initiatives and identifier-based solutions. India data protection bill moves forward and UAE adopt data protection law.

Federal online privacy act reintroduced

Date posted – 22/11/2021

Bedoya testifies in FTC nomination hearing, plus federal online privacy act reintroduced. More details from the ICO regarding approach to children’s code enforcement. Brazil issues LGPD report and there is industry concern about AI in advertising.

UK Supreme Court denies privacy class action against Google

Date posted – 15/11/2021

UK denies privacy class action against Google. European commission questions Belgian DPA’s independence. Israel pushes forward privacy amendments. Several companies announce ad targeting changes.

China’s privacy law goes into effect

Date posted – 07/11/2021

China’s privacy law goes into effect. In the US, two federal privacy bills are announced. Virginia privacy report emphasizes a global opt-out as a best practice and the Belgian DPA issues a draft ruling re the TCF.

Firefox to roll out Global Privacy Control

Date posted – 02/11/2021

Will the FTC to do privacy rulemaking? Australia privacy draft legislation and India data protection bill to be circulated, and Firefox rolls out Global Privacy Control.

FTC report reveals ISP investigation findings

Date posted – 25/10/2021

FTC report on ISPs advertising with “supercookies”. Ukraine publishes draft privacy law. Brave browser announces that their own search engine will become the default and Google rolls out privacy form in Google Play.

Norwegian DPA criticizes consent through browser settings

Date posted – 19/10/2021

Amazon appeals Luxembourg fine, the Norwegian DPA questions browser-level consent, and Massachusetts holds a privacy legislation hearing.

Week of October 4, 2021

Date posted – 10/10/2021

Ashkan Soltani will lead the new California Privacy Protection Agency, FTC Commissioner talks data minimization, and the Digital Services Act could ban some targeted advertising.

Week of September 27, 2021

Date posted – 03/10/2021

A taskforce for cookie banner harmonization under GDPR is formed, and the IAB Europe steps up TCF policy enforcement.

Week of September 20, 2021

Date posted – 27/09/2021

In the US, senators have taken a series of actions in pursuit of federal privacy regulation.

Week of September 13, 2021

Date posted – 20/09/2021

FTC’s new privacy expert commissioner and $1B in funding. Finland says browser-level cookie controls aren’t sufficient and Saudi Arabia’s new law.

Week of September 6, 2021

Date posted – 12/09/2021

Oklahoma proposes a privacy law and Congress seeks to fund the FTC for data privacy and security enforcement. Plus, the ICO looks to implement cookie reforms.

An overview of Consent Management Platforms

Date posted – 09/09/2021

Since the emergence of data privacy laws and regulations like the General Data Protection Regulation (GDPR) in 2018, businesses have been looking for solutions to efficiently manage getting consent to collect personal data when users visit a brand’s digital…

The GDPR vs. CCPA: Two major privacy laws impacting your business

Date posted – 08/09/2021

Data privacy continues to be a major topic of interest for consumers and businesses around the world. It almost feels like there is a discussion over a new privacy regulation or law going into effect every day—we’ve outlined a…

Week of August 30, 2021

Date posted – 07/09/2021

UK’s Children’s Code, likely to influence legislation worldwide, goes into effect. Brazil moves forward with constitutional amendment that makes personal data protection a fundamental right.

Week of August 23, 2021

Date posted – 30/08/2021

UK Digital Secretary announces plans for a data law ‘shake-up’, Malta releases cookie consent guidance, and news in children’s privacy.

Week of August 16, 2021

Date posted – 23/08/2021

China passes personal data protection law, Canada releases updated guidance, and the first GDPR lawsuit in US court is dismissed.

Week of August 9, 2021

Date posted – 16/08/2021

Noyb GDPR complaints are filed, CNIL releases guidelines re children, and Google blocks ad targeting of children.

Startpagina Chooses Sourcepoint’s Flexible CMP for Consent Optimization

Date posted –

Since 1998, Startpagina, a popular link directory in the Netherlands, has been curating high-quality, relevant links on a daily basis, and their properties see over 10 million visits a month. Unfortunately, their old CMP contributed to a high percentage…

A Little Privacy: week of August 2

Date posted – 09/08/2021

Faceboook disables accounts of university researchers, Amazon’s unprecedented GDPR fine, IAB Europe releases guide to contextual advertising.

A Little Privacy: June/July Trends

Date posted – 05/08/2021

There’s no summer off for privacy. June and July saw plenty of major developments in the world of data privacy over the past month or so, particularly in the US. We think three major trends deserve our attention.

Looking at the Zoom story: privacy missteps in the CCPA era

Date posted – 01/08/2021

As millions of people find themselves quarantined at home to curb the spread of the coronavirus, the video conferencing software Zoom has surged in popularity. But the trajectory of Zoom in recent weeks serves as an object lesson in…

A Little Privacy: week of July 26

Date posted – 30/07/2021

New federal privacy legislation introduced in the US. Ad industry groups question Global Privacy Control mandate in California. Read “A Little Privacy.”

A Little Privacy: week of July 20

Date posted – 27/07/2021

California’s new Consumer Privacy Interactive Tool lets consumers notify companies of CCPA violations. CNIL issues another round of notices. Schrems v Facebook moves to the CJEU. TikTok fined by Dutch DPA for privacy policy violation.

A Little Privacy: week of July 16

Date posted – 23/07/2021

The California Attorney General’s Office sent out new letters of enforcements backing requirements to honor GPC signal. In Europe, new cookie guidelines have been issued by the Italian DPA and proposals are pending for new EU digital privacy rights.

A little privacy: week of July 5

Date posted – 09/07/2021

Colorado signs privacy act into law and Biden signs a competition executive order. In the UK, the ICO announced a new code governing digital design practices for children.

Apple’s IDFA privacy update: How to optimize user opt-in on iOS 14.5 and beyond

Date posted – 07/07/2021

Apple first announced in September 2020 that as part of the new AppTrackingTransparency (ATT) Framework, app developers will be required to ask users for consent before accessing their IDFA (Identifier for Advertisers) for tracking and personalization. As of December…

A little privacy: week of June 28

Date posted – 02/07/2021

FTC settles over COPPA violations. CNIL confirms compliance of orgs put on notice. Adequacy decision for UK under GDPR adopted. Read “A Little Privacy.”

OTT is the next frontier for ‘consent everywhere’

Date posted – 30/06/2021

As the targeted advertising on connected TV and over-the-top (OTT) platforms continues to grow, there are obstacles that need to be overcome for obtaining consent from audiences for use of their personal data.

A little privacy: week of June 21

Date posted – 28/06/2021

FTC cracks down on sharing sensitive data without consent and Google stalls the deprecation of the third-party cookie.

Employee Spotlight: Veronica Sirotic

Date posted –

Veronica Sirotic joined us as a Recruiting Intern before moving into her current role as Operations Coordinator. Veronica coordinates our recruiting efforts while implementing the company’s DEI initiatives, including leading our DEI council and organizing diversity training. In her…

A little privacy: week of June 14

Date posted – 18/06/2021

US federal privacy legislation is reintroduced, a UK task force recommends a new framework to replace GDPR, and Amazon blocks Google FLOC testing.

Advertiser sollten die schwarzen Schafe beim Consent Management aussortieren

Date posted – 01/06/2021

Consent Management ist im Zuge der DSGVO zu einem der Top-Themen in der Digitalwerbung geworden. Für die Datenverarbeitung, die im Rahmen der Personalisierung von Werbeanzeigen anfällt, muss nahezu immer eine Zustimmung des Nutzers vorliegen – es sei denn, die…

Employee Spotlight: Aroan Kebede

Date posted – 28/05/2021

Aroan joined our Sourcepoint family as a Data Analyst after we acquired Redbud in October 2020. He joined Redbud in March 2020 as a recent graduate of University of Nottingham with a Bachelor of Engineering. Aroan has been an…

TCF v2.0: everything you need to know

Date posted – 17/05/2021

Along with improved transparency and control for publishers and consumers, TCF v2.0 also eliminates ambiguity and supports better legitimate interest data processing. Let’s walk through some of the changes. …

What publishers need to know about managing consent on AMP

Date posted – 07/05/2021

When it comes to privacy and monetization, AMP pages are one piece of the puzzle that can’t be left unaddressed. Given the high volume of traffic driven by mobile and AMP views, foregoing something like a CMP to manage…

Employee Spotlight: André Herculano

Date posted – 29/04/2021

What is your role at Sourcepoint? I am the Mobile Engineering Manager. I started out as a contractor with Sourcepoint and I actually had fairly little mobile experience prior to joining the team. To see how my experience with…

Employee Spotlight: Melanie Deneau

Date posted – 15/04/2021

Melanie Deneau is our Director of Client Services in the EU (non-DACH). She first joined Sourcepoint as an account manager in 2018. She also previously worked as an account manager for ResearchGate and a Team Lead for Medigo.  How…

Virginia’s Consumer Data Protection Act (CDPA): What you need to know

Date posted – 12/04/2021

In March 2021, Virginia became the latest US state to sign a data privacy law. Governor Ralph Northam signed the Consumer Data Protection Act, otherwise known as the CDPA, into law, with plans for it to go into effect…

Employee Spotlight: Yuliya Yasenetska

Date posted – 23/03/2021

Yuliya Yasenetska recently joined our team as a Software Engineer. Prior to joining our team, she worked as a software engineer at Hana and an adtech engineer at Billboard. She is also an artist and works primarily in acrylic…

Wondering how to improve Core Web Vitals? Don’t overlook your adtech stack

Date posted – 19/03/2021

In May 2021, Google will add Core Web Vital measurements to its SEO ranking factors. It is also experimenting with a badging system that will display a poor quality indicator on pages that take too long to load or…

Employee Spotlight Series: Maria Fernanda Abella Avila

Date posted – 16/03/2021

Maria recently joined Sourcepoint as a Technical Account Manager based out of our Berlin offices. Previously, she worked as a Partner and Customer Success Manager with Nosto and as a Publishers Business Development and Account Manager at BidderPlace.  What…

Employee Spotlight Series: Chloe Grutchfield

Date posted – 08/03/2021

Chloe Grutchfield joined us as SVP of Product when Sourcepoint acquired the software company she co-founded in April 2018, Redbud. Chloe brings over 10 years of adtech product expertise, maintaining leading roles at agencies, large data platforms and mobile monetization…

Three dimensions of privacy UX all brands need to understand

Date posted – 01/03/2021

In the past few years, numerous privacy regulations have come into force to provide consumers greater control over their data. But the patchwork of regulations and varying approaches means compliance remains complex.  The regulatory landscape is tightening; GDPR fines…

A new approach to ethical digital advertising: Privacy Lens

Date posted –

Today, we are proud to announce our new product, Privacy Lens, the first privacy measurement and analytics platform for digital advertising.  Much like ad viewability or brand safety tools provide insights about campaign effectiveness and suitability, Privacy Lens allows…

Planet49 and TCF v2.1 changed cookie notices: How to update your CMP

Date posted – 02/02/2021

What is TCF v2.1? What is the Planet49 ruling? How did the Planet49 ruling inform TCF v2.1? How does TCF v2.1 affect my CMP implementation? Do I need to collect re-consent for vendors? Should I be concerned about long…

What does the California Privacy Rights Act (CPRA) mean for the future of your privacy program?

Date posted – 05/11/2020

In 2020, Californians passed the California Privacy Rights Act (CPRA), an initiative put forward by the same group behind CCPA: California for Consumer Privacy. What does CPRA mean for advertising operations and the data privacy space? In short: more…

[WEBINAR] Vendor assessments: Looking at cookies and beyond

Date posted – 04/11/2020

Sourcepoint acquired RedBud to provide deeper privacy compliance insights for our customers. With the integration of RedBud’s DIAGNOSE technology, you can get a comprehensive view of what’s happening on your properties, understand specific areas of exposure, and optimize your…

How the Sourcepoint CMP helps you comply with IAB TCF v2.0

Date posted – 03/11/2020

We’ve seen many successful transitions to TCF v2 with our CMP. Our client services team has worked closely with some of the world’s largest media companies to ensure compliance while maximizing monetization.  Here are some ways that we help…

Why we acquired RedBud: enabling a truly compliant and ethical media ecosystem

Date posted – 08/10/2020

Today, we announced that Sourcepoint has acquired RedBud, an innovative UK-based software technology company which provides privacy-compliance analytics for buyers and sellers of media and data. It’s an exciting development because not only does this acquisition make our privacy…

Oracle: The Challenges and Opportunities New Data Privacy Laws Present to Digital Marketers

Date posted – 24/09/2020

Oracle’s Dan Feuer recently spoke with Sourcepoint CEO, Ben Barokas, about the challenges marketers face as privacy regulations like GDPR and CCPA have evolved. Marketers must provide consumers with transparency and control over their data while minimizing friction as…

Your TCF v2.0 transition: a practical checklist for publishers

Date posted – 15/07/2020

The August 15 deadline to switch over is rapidly approaching. The Transparency & Consent Framework v2.0 is complex, but with the proper preparation and the right partner, you can ensure no impact on your revenue. For a good overview…

[Webinar recording] Switching to TCF v2.0: What publishers need to know

Date posted – 17/05/2020

In this video of our live webinar, Sourcepoint experts Michael Krauss, VP of Product, and Melanie Deneau, Client Services Director for the EU, present what’s new in version 2.0 of the Transparency and Consent Framework.

Deadline to switch over to TCF v2.0 extended to August 15

Date posted – 15/05/2020

The IAB Europe Transparency & Consent Framework (TCF) Steering Group has voted to extend the deadline to switch over to TCF v2.0 to August 15, 2020. What does this mean for you?

[Webinar] Switching to TCF v2.0: What publishers need to know

Date posted – 04/05/2020

Join Sourcepoint experts Michael Krauss, VP of Product, and Melanie Deneau, Client Services Director for the EU, on May 11 @ 11:00 ET for a live presentation of what’s new in version 2.0 of the Transparency and Consent Framework.

Cookies, consent, and user experience – the great disconnect

Date posted – 12/12/2019

Without third-party cookies, media owners must find another way to provide relevant ad experiences, analytics and reporting associated with ad inventory – and even to collect regulatory consent signals. It’s a pivotal change to digital publishing as we know…

ICYMI: New data privacy bills from the Senate

Date posted – 06/12/2019

It’s not quite the bipartisan reckoning many businesses have hoped for, but the two pieces of legislation appear to be “closer together on most issues than they are apart.” Both bills include individual rights such as access, correction,…

[Product update] New consent reporting features are here

Date posted –

With this release, we have made information in your consent reporting dashboard more actionable and easier to visualize.

UK regulator steps up warning to ad tech industry about GDPR violations in programmatic advertising

Date posted – 22/11/2019

This week, the UK Information Commissioner’s Office (ICO) gathered with industry players in London in a closed-door meeting to discuss their latest findings since the kick-off of their investigation into the real-time bidding industry in June.

EVENTS | See you at TV of Tomorrow on Dec. 4

Date posted – 21/11/2019

Our co-founder and CEO, Ben Barokas, will be speaking on the panel “Preparing for the CCPA” at TV of Tomorrow in NYC. The discussion will cover the overall scope of CCPA and focus in on its impact on television….

What you need to know about the IAB CCPA Compliance Framework v1

Date posted – 19/11/2019

The first version of the technical specifications for the IAB CCPA Compliance Framework has been published. Previously, the Framework Draft was in public comment until November 5th. Changes have been incorporated and now the IAB Tech Lab working group…

[Research]: What do publishers think about the impact of CCPA and other U.S. privacy laws?

Date posted – 11/11/2019

A majority of publishers surveyed by Sourcepoint believe that local (79%) and global (83%) privacy regulation will impact their business, with around half feeling it will have significant impact. Four in ten respondents cite the California Consumer Privacy Act…

Reaching global equilibrium: the value of consent and user preference

Date posted – 23/09/2019

This article originally appeared in Marketing Land. The introduction of the General Data Protection Regulation (GDPR) this year started a ripple of privacy legislation across the globe, with governments evaluating whether current laws are enough to protect the personal…

When do consumers find digital ads engaging?

Date posted – 29/08/2019

Research compiled by eMarketer suggests that digital buyers are more likely to have positive feelings towards ads when they’re receiving free content in exchange – or when the ads are relevant.

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]