PRIVACY, PLEASE
FTC and Sensitive Location Data; New Pen Register Class Actions
Date posted – 09/12/2024FTC takes action against the sale of sensitive data and three major publishers hit with pen register class actions.
California CPPA Issues Notice of Proposed Rulemaking
Date posted – 25/11/2024News out of California this week. The CPPA moved draft regulations to rulemaking. Meanwhile a CA judge has moved a VPPA case to arbitration based on terms of use.
Mitigating risk under the Video Privacy Protection Act (VPPA)
Date posted – 23/11/2024Because VPPA is just one of many tools being used in the crackdown against web tracking, adopting a long-term, strategic approach to privacy is the best way to future-proof your organization against microtrends in litigation, enforcement, or new privacy…
CPPA Settles With Unregistered Data Brokers
Date posted – 18/11/2024Following an investigative sweep of unregistered data brokers, the California Privacy Protection Agency (CPPA) announced its settlement with two data brokers. Plus, the Norway Parliament adopted a new Electronic Communications Act.
Paramount Hit With VPPA Class Action
Date posted – 05/11/2024A class action complaint was filed in NY alleging that Paramount Global violated the Video Privacy Protection Act (VPPA). CCPA announces enforcement sweep of unregistered data brokers.
Noyb Complaint Alleges Pinterest Personalized Advertising Violates GDPR
Date posted – 28/10/2024Noyb Complaint Alleges Pinterest Personalized Advertising Violates GDPR
Three notable developments in privacy class actions
Date posted – 21/10/2024Three notable developments in privacy class actions occurred in the last week, Kochava, NBA and Betterhelp
New Privacy Requirements Took Effect October 1 In Three States
Date posted – 07/10/2024New Privacy Requirements Took Effect In Montana, Maryland & Connecticut, plus CJEU Interprets GDPR in Favor of Schrems in Case Against Meta
[WEBINAR] Consent is not enough: Protecting against new U.S. privacy litigation risks
Date posted – 02/10/2024Join Sourcepoint and privacy litigation expert Matthew Pearson, Partner at BakerHostetler, for an essential webinar on mitigating risks in the evolving U.S. privacy landscape.
How Haymarket Uses Sourcepoint to Manage Vendor Compliance
Date posted – 01/10/2024Haymarket sought to elevate their level of compliance by identifying and removing unreputable adtech partners.
CPPA Publishes Proposed Deletion Mechanism / Draft Regulations
Date posted – 30/09/2024CPPA Publishes Proposed Deletion Mechanism Draft Regulations
The key tips when choosing a CTV Consent Management Platform
Date posted – 24/09/2024This blog guides you through the top tips to ensure you choose an effective and compliant CTV consent management platform (CMP).
FTC Report Offers Recommendations to Social Media and Video Streaming Services
Date posted – 23/09/2024FTC Report Offers Recommendations to Social Media and Video Streaming Services
Appeals Court Concludes that Facebook Failed to Obtain PIPEDA Consent
Date posted – 16/09/2024Appeals Court Concludes that Facebook Failed to Obtain PIPEDA Consent
Sourcepoint Enhances Privacy Compliance Solutions to Address Complex Digital Tracking Litigation Risks
Date posted –Integrated technology and services help companies mitigate vulnerabilities across various privacy regulations and implementation challenges NEW YORK, September 16, 2024 — Sourcepoint, a leader in data privacy compliance technology, today announced significant enhancements to its compliance monitoring suite. These…
What is Global Privacy Control? Frequently Asked Questions
Date posted – 12/09/2024How does Global Privacy Control work? How is it different from Do Not Track? It is applicable in Colorado? Check out our FAQ about GPC.
[WEBINAR] Navigating OOPS, Consent and Global Privacy Controls
Date posted –Join Sourcepoint and Red Clover Advisors for an essential on-demand webinar on navigating the complex landscape of U.S. sensitive data privacy laws.
California Enforcement Advisory Outlines Consent Dos and Don’ts
Date posted – 09/09/2024CA Enforcement Advisory Outlines Consent Dos and Don’ts, plus Irish DPC Withdraws Action Against X
Sourcepoint Expands CTV Consent Management Capabilities with HbbTV Support
Date posted – 04/09/2024Sourcepoint, the privacy software platform for the world’s most influential brands, today announced the addition of HbbTV (Hybrid Broadcast Broadband TV) support to its Connected TV (CTV) Consent Management Platform (CMP) offerings. This expansion further solidifies Sourcepoint’s position as…
California Passes Two Laws Expanding Opt-Out Signals
Date posted – 03/09/2024California Passes Two Laws Expanding Opt-Out Signals, plus California Age Appropriate Design Code Enforcement Stayed Until March
Chrome Data Collection Class Action Revived on Appeal
Date posted – 26/08/2024Chrome Data Collection Class Action Revived on Appeal. plus California Bill Mandating Browser Support of Opt-out Signals Is Amended
Five key considerations when choosing a consent management platform (CMP)
Date posted – 23/08/2024As privacy regulations proliferate, companies face mounting challenges in compliance and UX. A robust CMP has become the key to staying on the right side of both regulators and consumers. Here are five factors to consider.
[WEBINAR] Consent and CTV: Google’s New Rules
Date posted – 22/08/2024Join Sourcepoint and Red Clover Advisors for an essential on-demand webinar on navigating the complex landscape of U.S. sensitive data privacy laws.
California Age Appropriate Design Code Injunction Vacated in Primary Part
Date posted – 19/08/2024California Age Appropriate Design Code Injunction Vacated in Primary Part, plus NOYB Takes Action Against X For Use of AI Training Data Without Consent
Sourcepoint Unveils Groundbreaking Universal Consent and Preferences Solution Amidst Evolving Digital Privacy Landscape
Date posted – 14/08/2024Today Sourcepoint announced the launch of its Universal Consent and Preferences solution. This innovative platform integrates seamlessly with Sourcepoint’s industry-leading consent management platform (CMP) to help enterprises navigate the complex landscape of data privacy regulations while maximizing the value…
California Bill Mandating Browser Opt-Out Support May Pass This Week
Date posted – 12/08/2024California Bill Mandating Browser Opt-Out Support May Pass This Week, plus X agrees to suspend processing of AI Training Data
NY AG Launches Website Privacy Guides
Date posted – 05/08/2024NY Attorney General Launches Website Privacy Guides, plus U.S. Senate Passes Kids Online Safety and Privacy Act
[WEBINAR] Navigating the Maze: U.S. Sensitive Data Privacy Laws and Compliance Strategies
Date posted – 31/07/2024Join Sourcepoint and Red Clover Advisors for an essential on-demand webinar on navigating the complex landscape of U.S. sensitive data privacy laws.
FTC Says Hashed Email Addresses Are Not Anonymous
Date posted – 29/07/2024FTC says hashed email addresses are not anonymous, plus CPC Network takes action against Meta ‘pay or consent’ model
Introducing our guide to sensitive data and U.S. privacy laws
Date posted – 25/07/2024One of the most significant developments in privacy law is the growing recognition that sensitive information can be derived from seemingly innocuous data. Our guide explores how different states are tackling this challenge, for example, Washington and Nevada.
FTC Files Second AMENDED Complaint Against Kochava and Collective Data Solutions
Date posted – 22/07/2024FTC Files Complaint Against Kochava and Collective Data Solutions
Lawsuit Over Patient Portal Trackers Overcomes Motion to Dismiss
Date posted – 15/07/2024Lawsuit Over Patient Portal Trackers Overcomes Dismissal in California and noyb files GDPR complaint against Microsoft Xandr subsidiary
Unlimited Data Export for Easier Privacy Audits and CMP Disclosures
Date posted – 12/07/2024Keeping track of all your tracking technology partners to ensure compliance with privacy regulations can be challenging and time-consuming. That’s why we’re excited to introduce a powerful new feature in your Diagnose Compliance Monitoring dashboard: Report Requests.
Comprehensive Privacy Laws Take Effect in Texas and Oregon
Date posted – 09/07/2024Now in effect: privacy laws in Texas, Oregon, and Colorado’s GPC requirements. Meanwhile, Oslo court upholds a €5.65M fine against Grindr for GDPR violations involving sensitive data sharing.
[WEBINAR] Is Your Data Strategy ready For the Post-3P-Cookie Reality?
Date posted –Join Sourcepoint and ThinkMedium for a webinar on navigating increased privacy scrutiny and fragmented regulations in digital advertising. Learn to adapt to Apple’s device-based ID opt-in, Google’s Privacy Sandbox, and other key changes. Gain insights to future-proof your marketing…
Comparing U.S. state privacy laws: personal sensitive data definitions and processing
Date posted – 01/07/2024How do different U.S. state laws define and protect sensitive personal information? Access a state-by-state comparison of sensitive data definitions.
US Privacy Deadlines You Need to Know
Date posted –An always up-to-date reference sheet for US state privacy law deadlines. Know when California, Virginia, Colorado, Utah, Connecticut, Tennessee, Indiana, Iowa, Maryland and New Jersey laws go into effect.
The Always-Up-To-Date US State Privacy Law Comparison Chart
Date posted –Bookmark this post for an always-up-to-date overview of US state privacy laws, and how they compare.
FTC Finalizes Order With Avast Over Data Collection Without Consent
Date posted –FTC finalizes order about collection of browsing data without consent, plus Rhode Island enacts privacy law and Sweden cracks down on bank for misconfiguration of Meta pixel.
California AG Settles with Tilting Point Over Children’s Data Collection
Date posted – 24/06/2024The California AG settled with Tilting Point on allegations they violated CCPA and COPPA by collecting and sharing children’s data for targeted advertising
Vermont Data Privacy Bill Is Vetoed
Date posted – 17/06/2024Vermont Governor announced his veto of a bill that contained both a data privacy law and an age-appropriate design code
You Are Who You Work With: Cookie Consent and Data Privacy
Date posted – 11/06/2024Who you work with for consent management and data privacy matters. Cookies, pixels and 3rd-party trackers on your website can pose a threat
Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws
Date posted – 10/06/2024Texas Attorney General announced a data privacy and security initiative establishing a team focused on aggressive enforcement of Texas privacy laws.
What are the privacy laws in Canada?
Date posted – 06/06/2024Everything you need to know about PIPEDA and Quebec’s privacy law, Law 25, and the proposed amendments to PIPEDA.
Alerts: Easy Vendor Governance for CMP Compliance Management
Date posted – 05/06/2024Keeping track of vendor activities and compliance risks can be challenging, especially on cross-functional teams. That’s why we’re excited to introduce a new feature in your Diagnose dashboard, Alerts. Available now, Alerts are designed to make your CMP compliance…
Minnesota Governor Signs Comprehensive Privacy Law
Date posted – 03/06/2024Minnesota Consumer Data Privacy Act signed by the Governor, making it the 19th state to enact a privacy law, it takes effect July 31, 2025. Plus, CPPA Seeks Stakeholder Input in Developing Data Broker Regulations
[WEBINAR] Live Demo: Navigating Canada Privacy & Consent
Date posted –View this Sourcepoint on-demand webinar about consent in Canada for marketing, privacy and legal teams, and a demo of our compliance monitoring solution Diagnose
How PinkNews migrated to Sourcepoint to streamline their consent management strategy
Date posted – 30/05/2024PinkNews needed to migrate to a new CMP provider with implementation support, customization capabilities, and web and app support.
Revised Version of APRA Advances Out of U.S. House Subcommittee
Date posted – 28/05/2024New Version of the American Privacy Rights Act of 2024 was published and then passed out of the Innovation, Data and Commerce Subcommittee
Exciting New Diagnose Features: New Filters and More Vendor Details
Date posted – 21/05/2024New features to help you with vendor governance, including improved customization, greater visibility, and better consent compliance support.
Minnesota Sends Comprehensive Privacy Law to Governor
Date posted – 20/05/2024Minnesota Sends Privacy Law to Governor. One day before the end of the 2024 legislative session, the legislature passed HF 4757, containing the Consumer Data Privacy Act.
[WEBINAR] Live Demo: Website Third-Party Monitoring
Date posted – 03/05/2024Join Sourcepoint for an open demo of our compliance monitoring solution, DIAGNOSE, and learn how to address third-party risks lurking on your digital properties.
[WEBINAR] Norway Privacy Workshop
Date posted –Hear from Sourcepoint and Aller Media in this on-demand webinar for insights and benchmarks to navigate the privacy landscape in Norway
Sourcepoint Expands European Footprint and CTV Offerings Through Strategic Acquisition of Sibbo CMP
Date posted – 25/04/2024Sourcepoint has announced the expansion of its European operation by acquiring the consent management platform business of Sibbo MADRID, 23 April 2024 — (BUSINESS WIRE) — Sourcepoint, the practical privacy software platform for the world’s most influential brands, has…
Nebraska Becomes 16th State to Enact Comprehensive Privacy Law
Date posted – 22/04/2024The Nebraska Data Privacy Act will take effect January 1, 2025, the same day as the privacy laws in Iowa, Delaware and New Hampshire.
Bicameral, bipartisan discussion draft of federal privacy bill announced
Date posted – 15/04/2024If passed, the American Privacy Rights Act, a comprehensive privacy bill, would preempt most U.S. state comprehensive privacy laws.
CPPA issues an enforcement advisory on data minimization
Date posted – 09/04/2024Their first “enforcement advisory”, reminds companies of their data minimization obligations, specifically in the context of CCPA requests.
Kentucky sends comprehensive privacy bill to governor
Date posted – 01/04/2024Kentucky’s privacy bill mirrors Virginia’s, is set for 2026. excluding universal opt-outs, is set for 2026.
HHS clarifies application of HIPAA to online tracking technologies
Date posted – 26/03/2024New guidance from HHS suggests that under some conditions, using tracking technologies is okay for HIPAA-covered groups. Yet, it underlines the need to carefully check and manage the risks of these technologies on websites and mobile apps.
Sourcepoint Partners with Freestar to Provide Access to Portfolio of Leading Privacy Solutions
Date posted – 25/03/2024Sourcepoint partners with Freestar to offer top privacy solutions, helping clients navigate global regulations for better consent management.
[WEBINAR] The Evolution of “Consent or Pay”: Legal Insights and Best Practices
Date posted – 14/03/2024Explore the intricate landscape of Consent or Pay models across Europe and the potential learnings that could be applied for consent in the US, in this concise webinar hosted by Goodwin-Procter LLP and Sourcepoint.
FTC says “Browsing and location data are sensitive. Full stop.”
Date posted – 11/03/2024The Federal Trade Commission posted on its blog a summary of takeaways from its recent proposed settlements with Avast, X-Mode and InMarket. Gaining attention is a bolded statement in the middle of the post: “Browsing and location data are sensitive. Full stop”.
CPPA hails bill mandating browser support of opt-out signals
Date posted – 04/03/2024Mandatory adoption across all browsers and devices may lead to a significant uptick in consumers opting out of the sale and sharing of their personal information across all apps and websites, which could lead more websites and apps to…
Doordash to pay $375K in AG settlement over CCPA violations
Date posted – 26/02/2024California Attorney General Bonta announced a settlement with Doordash based on allegations the company sold customer personal information as part of a marketing cooperative (allowing participants to advertise to each others’ customers) without providing notice or an opportunity for customers to opt…
FTC warns that quietly changing privacy policies could be deceptive
Date posted – 19/02/2024A blog post from the FTC reminded companies that simply changing the terms of a privacy policy to allow for expanded use of personal data, including to train AI models or to share with third parties, may be unfair or deceptive…
[WEBINAR] Google Consent Mode v2
Date posted – 16/02/2024Starting March 6, Google Consent Mode v2 will be mandatory for users of Google advertising and analytics products.
CPPA gets green light to enforce regulations immediately
Date posted – 13/02/2024A California appellate judge ruled that a trial court erred in prohibiting the California Privacy Protection Agency (CPPA) from enforcing regulations under the California Privacy Rights Act of 2020 until one year after the regulation becomes final.
ICO warns that cookie banner enforcement will continue
Date posted – 05/02/2024After sending warning letters to some of the UK’s top websites in late November, giving them 30 days to bring their cookie banners into compliance, the ICO posted an update on the status of those efforts, including a warning that they…
DPAs seek EDPB position on ‘Consent or Pay’ model
Date posted – 29/01/2024The Norway, Netherlands and Hamburg data protection authorities have requested that the European Data Protection Board (EDPB) issue a formal statement clarifying under which circumstances a service may legally offer a subscription model that allows users to consent to certain uses…
How heise medien Delivered Flexible ‘Consent or Pay’
Date posted – 23/01/2024With tightening regulations and stricter requirements from local DPAs, publishers across Europe have been pushed to consider innovative ways to maintain revenue streams while still respecting user privacy rights. One of these innovations has been the Consent or Pay…
[WEBINAR] Consent requirements for mobile games
Date posted –Google’s new consent requirements went into effect on the 16th of January. Mobile apps using AdMob, AdSense and Ad Manager are now required to use a Google-approved consent management platform (CMP) when serving ads to users in the EEA…
New Hampshire passes comprehensive privacy law
Date posted – 22/01/2024SB 255 is largely identical to Connecticut’s privacy law, with some differences, including lower consumer data processing thresholds for application of the law to businesses. Like Connecticut and over half of the comprehensive privacy laws enacted so far, the New Hampshire law…
Sourcepoint CMP Tackles Future of US Privacy with New Sensitive Data Opt-in Functionality
Date posted – 17/01/2024Sourcepoint’s feature supports a new model for consent in the U.S. that has so far been limited to the EU, allowing more customers to be privacy-forward in their approach to navigating such a complex landscape.
New Jersey enacts comprehensive privacy law
Date posted – 15/01/2024New Jersey S332 passed both houses of the state’s legislature and was signed by the governor, making New Jersey the thirteenth state to pass a comprehensive privacy law. The law will go into effect January 16, 2025.
Privacy Developments in 2023: Year in Review
Date posted – 10/01/2024With 2023 behind us, we’re looking back on the biggest headlines that shaped the data privacy landscape across Europe and the United States.
Utah Consumer Privacy Act takes effect
Date posted – 08/01/2024The UCPA is the least restrictive of the five active state laws, most closely resembling Virginia’s VCDPA. Notably, enforcement under the Utah law requires overcoming a number of procedural hurdles not present in the other laws.
Navigating Privacy in Gaming: Key Insights for 2024
Date posted – 03/01/2024In 2023, the gaming industry got a clear wake-up call: not investing in privacy will directly hurt your bottom line. Learn about best practices for implementing a CMP, and common misconceptions about CMPs.
VPPA class actions continue, with more targeted approach
Date posted – 18/12/2023In this case, the plaintiffs are alleging that Rumble’s business model is centered around providing pre-recorded audio-visual content and that, through use of a Meta pixel, Rumble disclosed Facebook IDs, along with specific video titles and video URLs, to…
Spanish Media association alleges Meta’s privacy violations constitute unfair competition
Date posted – 11/12/2023The Information Media Association (AMI) filed a lawsuit in Spain on behalf of 83 Spanish media outlets alleging that Meta’s “systemic and massive non-compliance” with European data protection regulations, including a failure to obtain user consent for profiling, allowed…
CPPA might require all browsers to offer opt-out preference signals
Date posted – 04/12/2023A memorandum from the California Privacy Protection Agency (CPPA) staff proposes that the CPPA Board support legislation to require all browsers, platforms and devices to include an opt-out preference signal feature, enabling users to opt out of the sale / sharing…
ICO sends warning letters to top UK sites, citing lack of “Reject All”
Date posted – 27/11/2023The ICO previously made an announcement on its website warning that the ICO would be assessing cookie banner of the most frequently used websites in the UK and taking action where harmful design was affecting consumers.
How Publisher Collective supercharged their consent management strategy
Date posted – 20/11/2023Publisher Collective recognised the importance of collecting consent in order to ensure that all monetisation was compliant. Without this consent, the clients of Publisher Collective would be at risk of regulatory fines. Additionally, offering the user a clear choice…
New metric: Vendors After Opt-out
Date posted – 08/11/2023Our new Diagnose metric, Vendors After Opt-out, reports on vendors who are found firing even after a user has opted out. It also flags vendors who are not yet signed up to the Multi-State Privacy Agreement (MSPA). With these…
Employee Spotlight: Maria Martinez Diaz
Date posted – 31/10/2023Maria Martinez Diaz recently joined the New York office as a Senior Director of Enterprise Sales. Here Maria reflects on the risks of digital advertising, what attracted her to working at Sourcepoint, and shares some career advice.
Firefox 120 to Ease Ability to Set Global Privacy Control
Date posted – 30/10/2023Mozilla released an “Intent to Ship” note disclosing that Firefox 120 will allow users to enable Global Privacy Control by either checking a checkbox in the Firefox privacy settings or by using Private Browsing mode.
California AG appeals decision blocking Age Appropriate Design Code
Date posted – 23/10/2023California Attorney General Rob Bonta filed a notice of appeal seeking to overturn a preliminary injunction granted last month blocking the California Age Appropriate Design Code (CAADC), a law that was signed by Governor Newsom in 2022 and originally scheduled to…
[WEBINAR] Unpacking privacy litigation trends
Date posted – 20/10/2023While state law developments have shared in the spotlight for privacy compliance over the last year, that has not slowed the pace of enforcement of existing sectoral federal privacy laws. This webinar will examine:
California governor signs Delete Act into law
Date posted – 16/10/2023Data broker registration and reporting has been required under California law since 2019, and there are currently about 500 data brokers registered. The Delete Act will include new requirements move the registry from the Attorney General’s Office to the…
Meta to offer ad-free subscription plans in Europe
Date posted – 09/10/2023Meta plans to offer European users ad-free paid subscription plans for Instagram and Facebook as an alternative to consenting to personalized ads. The move, which will reportedly be implemented in the coming months, would be an attempt to comply…
[WEBINAR] What’s behind the surge in VPPA class actions?
Date posted – 03/10/2023Sheppard Mullin LLP joins Sourcepoint for this webinar to help us break down the history of VPPA, how it’s been used in class actions, and strategies for compliance and tracking risk mitigation.
Norway DPA’s privacy fine against Grindr affirmed on appeal
Date posted – 02/10/2023The appeals court found it insufficient that Grindr only included information about sharing personal data to advertising partners in their privacy policy. The court also found that the fact that an individual is a user of Grindr is, in and…
[WEBINAR] Navigating US privacy rules for sensitive data
Date posted –US state privacy laws are multiplying, and both regulators and class actions have been shining the spotlight on companies collecting or sharing sensitive data without consent. But what is sensitive data, actually?
FTC warns tax prep companies against using trackers without consent
Date posted – 25/09/2023The Federal Trade Commission sent warning letters to five tax preparation companies warning that the recipients could incur civil penalties up to $50,120 per violation if they misuse personal data in ways counter to the original purpose for which…
Delaware governor signs comprehensive privacy law
Date posted – 18/09/2023Delaware HB 154, implementing the Delaware Personal Data Privacy Act, was signed into law, making Delaware the twelfth state to enact a comprehensive privacy law. Most of the law will take effect January 1, 2025, with the requirement to respect…
Women say data transparency matters when selecting fertility apps
Date posted – 11/09/2023A poll conducted by the UK Information Commissioner’s Office (ICO) revealed that 59% of women surveyed said transparency over how their data was used was a bigger concern than cost or ease of use when selecting a period or fertility tracking…
CPPA publishes draft regulations for cybersecurity and risk assessments
Date posted – 05/09/2023The California Privacy Protection Agency (CPPA), as part of the meeting records for its September 8 board meeting, published two sets of draft regulations, covering cybersecurity and risk assessments, respectively.
Sourcepoint is a Google-certified CMP for EEA/UK
Date posted – 29/08/2023Google announced that they will soon require their publisher customers to use a CMP. Specifically, a Google-certified CMP. Sourcepoint is pleased to announce that our CMP has been one of the first CMPs to be certified as an approved…
Sports streaming site settles for $2.6MM in VPPA class suit
Date posted – 28/08/2023This is not the first major VPPA settlement regarding use of the Facebook (Meta) pixel coming out of Massachusetts. Boston Globe entered into a $4MM settlement agreement earlier this year over similar allegations (case 1:22-cv-10195-RGS). As part of the FloSports…
Google faces complaints for collecting sensitive information
Date posted – 21/08/2023A class action lawsuit alleging violations of federal and state wiretapping laws was filed against Google based on Google’s collection of sensitive financial information from tax filing services H&R Block, TaxAct, and TaxSlayer through use of Google Analytics and the Google…
UK websites urged to add “reject all” button – what that means
Date posted – 14/08/2023According to a joint paper published by the UK’s ICO and CMA, harmful design practices will be reason to take formal regulatory action. Specifically, the option to not consent cannot require more steps, time, or friction than consenting.
UK ICO & CMA warn against design practices that harm consumer choice
Date posted –In a joint paper, the UK Information Commissioner’s Office (ICO) and Competition Markets Authority (CMA) set out their shared expectations of how companies should present information and choice to users of digital services about how user personal information is processed,…
Meta to obtain consent for ads in EU, but not UK
Date posted – 07/08/2023Meta announced, through a blog post update, that it will change the legal basis it uses to process personal data for behavioral advertising for people in the EU, EEA and Switzerland from ‘Legitimate Interest’ to ‘Consent’. The company did not…
13 key takeaways from recent FTC health data cases
Date posted – 31/07/2023After several recent FTC enforcement actions involving health-related data, FTC staff posted on its “business blog” a list of thirteen “key messages” from the cases that companies need to understand.
Oregon enacts privacy law; Fandom VPPA suit allowed to proceed
Date posted – 24/07/2023Oregon SB 619 was signed into law, making Oregon the eleventh state to sign a comprehensive privacy law (twelve, if you count Florida), adding to California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah and Virginia.
[WEBINAR] What is TCF v2.2 and why is Google requiring an approved CMP?
Date posted – 19/07/2023Join Sam Morse, Global Product Lead, Regulation & Privacy at Google and Frances Hudson, VP of Product at Sourcepoint, for a webinar all about Google’s new CMP requirements.
Tax prep companies under scrutiny for use of Meta pixel
Date posted – 17/07/2023An investigation completed by a group of federal lawmakers revealed that tax prep companies TaxAct, TaxSlayer and H&R Block sent taxpayer information to Meta and Google for years through installation of the Meta pixel and use of Google tools on their…
What to know about BetterHelp’s FTC health data privacy settlement
Date posted – 15/07/2023The FTC has issued a proposed order requiring online therapy service BetterHelp to pay $7.8M for sharing their customers’ sensitive health information with advertisers, despite promises that the information would be kept private.
What is privacy-safe advertising?
Date posted – 14/07/2023While the term “privacy safe” has become a bit of a buzzword, at Sourcepoint we define it as due diligence to make sure your advertisements only appear on websites with high levels of privacy compliance.
Vendor status helps teams collaborate on third-party governance
Date posted – 12/07/2023Sourcepoint’s Diagnose scanning was designed to shine light on the third-parties operating on your owned and operated properties, and help mitigate the risks that come from your vendor ecosystem. But looking at a map of your adtech and martech…
European Commission adopts EU-U.S. adequacy decision
Date posted – 10/07/2023A committee made up of EU Member State representatives voted in favor of approving the European Commission’s draft adequacy decision on the EU-US Data Privacy Framework. 24 Member States approved, and 3 Member States abstained from the vote. The European Commission then…
Enforcement of California regulations delayed to 2024
Date posted – 04/07/2023The California Chamber of Commerce argued (and the Court agreed) that giving companies only three months to comply with the regulations did not align with the intent of the legislation. The Court ruled, therefore, that regulations (both now existing…
Texas privacy bill signed into law
Date posted – 26/06/2023The Texas Governor signed HB 4, implementing the Texas Data Privacy and Security Act. Most of the Act will take effect July 1, 2024, with the obligation to respect global opt-out mechanisms taking effect January 1, 2025.
FTC warns against illegal use of algorithm training data
Date posted – 20/06/2023the FTC made clear that it “will hold companies accountable for how they obtain, retain, and use consumer data that powers algorithms”, that “any company that undermines consumer control of their data can face FTC enforcement action”, and that…
[WEBINAR] The crackdown on tracking pixels in the US
Date posted –Julie Rubash, Sourcepoint’s Chief Privacy Counsel, presents this webinar on tracking pixels and their growing importance to US privacy enforcement. She’ll be joined by our US Client Services Director, Pat Effinger, to discuss implications for the digital marketing ecosystem….
FTC fines Microsoft over children’s privacy
Date posted – 12/06/2023The FTC announced that Microsoft will pay a $20 million fine for alleged violations of COPPA. Specifically, the FTC alleged that Microsoft’s Xbox gaming products required users to provide a date of birth and personal info when creating an…
TikTok faces latest class action over pixel tracking
Date posted – 05/06/2023A class action lawsuit was filed against TikTok in the Central District of California, alleging various California statutory, common law and constitutional claims based on TikTok’s collection and use of ad event information, IP address, and cookie information from…
FTC asserts that COPPA does not preempt state law claims
Date posted – 31/05/2023Google argued in its appeal that all state-law claims involving children’s online privacy are barred by COPPA’s preemption clause, but the FTC argued that nothing in COPPA’s text purpose, or legislative history supports Google’s argument. If the full appeals court follows…
Safeguarding quality publishing
Date posted – 25/05/2023The digital age has brought numerous benefits, but it has also given rise to a proliferation of misinformation.
Health data privacy “a high priority” for FTC
Date posted – 22/05/2023The Premom settlement is the third recent enforcement action by the FTC regarding sensitive data collection by health apps, following actions against online mental health counseling service Betterhelp and telehealth company GoodRx, and they likely won’t be the last. In its…
Indiana privacy law signed; Florida sent to governor
Date posted – 08/05/2023Indiana’s Governor signed SB 5, enacting a Virginia-style comprehensive privacy law that will take effect January 1, 2026. Meanwhile, an amended version of Florida SB 262 was fast-tracked through the legislature, passing the House and Senate on the same day.
FAQ: Belgian DPA’s decision regarding the IAB’s TCF
Date posted – 05/05/2023On 11th January 2023, the Belgian DPA approved the IAB Europe’s action plan to align the TCF with their requirements. The IAB Europe challenged this with an appeal in February 2023. On 15th March 2023, the IAB Europe announced…
Everything you need to know about TCF v2.2
Date posted – 02/05/2023TCF v2.2 introduces changes which the industry can make to address many of the concerns raised in the Belgian DPA ruling that are not dependent on pending answers from the CJEU. Let’s go over how TCF v2.2 differs from…
Washington’s My Health My Data Act signed into law
Date posted – 01/05/2023Although the My Health My Data Act only applies to “consumer health data”, the definition and application of such term is broad enough to impact many entities that likely have not previously considered themselves to be involved in the processing…
Montana & Tennessee to enact comprehensive privacy laws
Date posted – 24/04/2023Montana SB 384, establishing the Montana Consumer Data Privacy Act, and Tennessee HB 1181, establishing the Tennessee Information Protection Act, were both unanimously passed by the States’ respective Legislatures on April 21. Unless the bills are vetoed by their State Governors, the Tennessee…
Indiana to pass comprehensive privacy legislation
Date posted – 17/04/2023Indiana will be the seventh state to pass comprehensive privacy legislation, joining California and Virginia (already in effect), Colorado and Connecticut (effective July 1, 2023), Utah (effective December 31, 2023) and Iowa (effective January 1, 2025).
Washington state passes broad health data bill
Date posted – 11/04/2023Under the My Health My Data Act, consumer health data is broadly defined to include not only information that directly identifies a consumer’s physical or mental health, but also information derived or extrapolated from non-health information, including from algorithms or…
Iowa is sixth U.S. state to enact comprehensive privacy law
Date posted – 29/03/2023Iowa’s SF262, An Act Relating to Consumer Data Protection, was passed unanimously by the state Senate and House on March 6 and 15 respectively, and signed into law by the Iowa Governor on March 29, 2023. Iowa is the…
Another VPPA class action overcomes a motion to dismiss
Date posted – 27/03/2023A federal district court judge in the Northern District of Georgia denied defendant Public Broadcasting Service (PBS)’s motion to dismiss a class action alleging PBS’s use of a Facebook pixel in connection with video content violated the Video Privacy Protection Act….
Iowa sends comprehensive privacy bill to governor
Date posted – 20/03/2023The Iowa legislature passed SF 262, a comprehensive privacy bill, which, if signed by the governor, will make Iowa the sixth U.S. state to pass comprehensive privacy legislation.
What’s up with the Colorado Privacy Act?
Date posted –How will Colorado’s law impact advertising? Read on for our breakdown of the newest privacy TLA: the CPA.
Health data privacy takes center stage as legislation advances
Date posted – 13/03/2023Three major developments in health data privacy occurred over the last week. The Washington state House of Representatives passed (moving the legislation to the Senate) HB 1155, a bill that would prohibit the sale of non-HIPAA-protected consumer health data and…
FTC continues health data privacy enforcement
Date posted – 06/03/2023The FTC made two announcements this week demonstrating its increasing focus on health information privacy enforcement: a proposed settlement with online counseling service BetterHelp regarding the sharing of health information with social media platforms for advertising purposes; and a…
UK ICO issues Privacy by Design guidance
Date posted – 27/02/2023The UK Information Commissioner’s Office (ICO) issued new guidance titled “Privacy in the product design lifecycle” that reminds companies of recommended data protection practices when designing products, communicating privacy information, obtaining consent and extending user rights.
[WEBINAR] Vendor Trace: Visualizing the vendor supply chain
Date posted – 17/02/2023In this webinar, we address the importance of vendor governance given increasing scrutiny over third-party data sharing. Then, we demonstrate how you can use Vendor Trace to chart your entire adtech/martech ecosystem, and how to use our consent views…
IAB Europe files challenge to APD validation of action plan
Date posted – 13/02/2023IAB Europe announced that it has made a formal request to the Belgian Market Court to prevent the Belgian Data Protection Authority (APD) from enforcing changes to the IAB Europe’s Transparency and Consent Framework (TCF), pending a ruling from…
GoodRX faces fines under FTC breach notification rule
Date posted – 07/02/2023The FTC Health Breach Notification Rule was issued in 2009 and applies to entities that are not covered by HIPAA. In a 2021 statement, the FTC clarified that a “breach” is not limited to cybersecurity intrusions but could also include sharing…
California AG announces new enforcement sweep
Date posted – 30/01/2023The AG’s office sent letters to popular apps in the retail, travel and food services industries who either don’t offer consumers an opt-out mechanism or fail to comply with consumer opt-out requests.
Sourcepoint announces solution to pinpoint source of third-party scripts that pose privacy risks
Date posted – 25/01/2023Vendor Trace is the first tool on the market that allows users to visualize the chain of vendor referrals and then apply privacy compliance filters.
Downstream compliance made easy with Vendor Trace
Date posted – 24/01/2023The interactive flowchart includes the ability to search for and isolate specific vendor paths, as well as apply compliance related filters to highlight bad actors within the vendor supply chain.
11 US states now have active comprehensive privacy bills
Date posted – 23/01/2023Massachusetts and Hawaii joined the list of states with active comprehensive privacy bills, bringing the total number of states to 11. Indiana, Iowa, Mississippi and Oregon all introduced comprehensive privacy bills earlier in January 2023.
APD approves IAB Europe action plan
Date posted – 17/01/2023The Belgian Data Protection Authority (APD) announced that it approved IAB Europe’s action plan submitted in response to the APD’s February 2022 decision holding IAB Europe’s Transparency and Consent Framework (TCF) in violation of the GDPR. The APD’s approval starts a…
California’s CPRA and Virginia’s VCDPA take effect
Date posted – 09/01/2023January 1 marked the effective date of the Virginia Consumer Data Protection Act (VCDPA) and the date that the California Privacy Rights Act (CPRA), amending the California Consumer Privacy Act (CCPA), became fully operative. The CPRA includes a 6-month grace period, so…
The Atlantic is the latest to face a video privacy class action suit
Date posted – 19/12/2022In 2022, class actions have been filed against The Atlantic, the NFL, MLB, Buzzfeed, Healthline Media, Fandom, Paramount, Meredith, Patreon, Meta, Nextstar Media, Discovery Communications, HBO, and WebMD based on violations of the VPPA.
Italy’s Garante fines social audio app Clubhouse for GDPR violations
Date posted – 12/12/2022The Garante found that, since there was a lack of an establishment in a specific territory in the European Union, each Supervisory Authority is competent to assess the company’s compliance with respect to its own territory. Therefore the Garante…
Introducing: Bulk Cookie Disclosures
Date posted – 07/12/2022Turn your cookie scan results into informative cookie disclosures, with the new addition of bulk cookie disclosureses to the Dialogue CMP vendor list management workflow. This feature simplifies the process of mapping cookie disclosures to their respective vendors, which…
IAB Canada launches Transparency Consent Framework
Date posted – 05/12/2022IAB Canada announced the launch of the Transparency and Consent Framework for Canada (TCF Canada), a set of technical specifications and policy documents designed to help the digital marketing and advertising ecosystem to communicate with and extend options to…
FTC rulemaking and CPRA comment periods close
Date posted – 28/11/2022Comments from the News/Media Alliance requested that any FTC rules be consistent with existing laws and regulations, that obligations be apportioned based on company size and risk, that enforcement and remedies be restricted to instances of direct and proximate…
Google settles in multi-state location tracking suit
Date posted – 21/11/2022Google settled a multistate privacy lawsuit with 40 state Attorneys General based on allegations Google violated various state consumer protection laws by deceptively tracking user location even when location tracking had been turned off. In addition to the payment, the settlement requires…
Colorado Posts Public Comments to CPA Draft Rules
Date posted – 14/11/2022The Data Protection and Digital Information Bill, which was designed to replace the UK’s version of GDPR, will undergo further consultation in the coming weeks. Additional consultation will reportedly focus on ensuring adequacy with the EU.
UK’s GDPR replacement bill consultations will focus on EU adequacy
Date posted – 07/11/2022The Data Protection and Digital Information Bill, which was designed to replace the UK’s version of GDPR, will undergo further consultation in the coming weeks. Additional consultation will reportedly focus on ensuring adequacy with the EU.
[WEBINAR] How many vendors is enough?
Date posted – 03/11/2022In this webinar, you’ll learn the importance of curating your CMP vendor list and how The Independent team used Sourcepoint’s Diagnose tool to dramatically improve their compliance score without sacrificing revenue.
CPPA concludes first meetings on updated CPRA Regulations
Date posted – 31/10/2022The board’s modification to address “good faith efforts to comply” and the timeline for compliance are intended to provide companies some assurance regarding these delays, but companies are still in a position to have at least a “good faith”…
Vendor list cautionary tales: what you can do to protect your site
Date posted –When was the last time you took a look at the different vendors accessing data from your website? If it’s been a while, it’s time to take a look under the hood with a cookie and tracker scanner. There…
California agency releases updated draft CPRA regulations
Date posted – 24/10/2022Among other changes, the modifications include the addition of a list of factors to consider when determining whether a company’s practices are within the consumer’s “reasonable expectations” as well as changes to clarify the “symmetry-in-choice” principle, including changes to…
U.S. State Signal specs released for comment as part of Global Privacy Platform
Date posted – 17/10/2022The new US State Signals will supersede the US Privacy Framework and will likely continue to evolve as more comprehensive state privacy laws are enacted across the United States. The US State Signals and the Multi-State Privacy Agreement address…
What’s the IAB Tech Lab’s Global Privacy Platform (GPP) framework?
Date posted – 13/10/2022It’s not just GDPR and CCPA anymore. Data protection laws are emerging all over the world. With so many US state-level data protection laws soon going into effect and privacy laws in South America and Asia on the rise…
FAQ: Executive Order on US-EU data transfers
Date posted – 10/10/2022On October 7, 2022, President Biden signed an Executive Order providing for binding safeguards and redress mechanisms for Europeans whose data is transferred to the U.S. The European Commission has said that this Executive Order will be the basis…
European commission to draft U.S. adequacy decision
Date posted – 09/10/2022In response to an executive order signed by U.S. President Biden, implementing new binding safeguards and redress mechanisms for Europeans, the European Commission released a Q&A revealing that they “will now prepare a draft adequacy decision, as well as…
Class action against Twitter seeks profits from targeted ads
Date posted – 26/09/2022A Twitter user is reportedly seeking to recover, as part of a class action lawsuit, any profits Twitter earned from targeted ads served using personal information that was allegedly deceptively collected. Papers filed in the Northern District of California…
Global Privacy Control and the Sourcepoint CMP
Date posted – 19/09/2022The requirement to honor global privacy control is already being enforced in California — and enforcement is escalating. Here’s how you can use the Sourcepoint CMP to start honoring the GPC signal today, and as regulations evolve.
California governor signs children’s privacy bill
Date posted –Application of this California law is much broader than the current federal Children’s Online Privacy Protection Act (COPPA), which applies to services “directed to children” under the age of 13. Therefore, many websites and services that have never had…
Belgian market court refers questions in IAB Europe case to CJEU
Date posted – 12/09/2022In response to IAB Europe’s appeal of a February ruling finding IAB Europe’s TCF Framework in violation of the GDPR, the Belgian Market Court issued a judgment rejecting in part and accepting in part certain procedural grounds for appeal and referring…
Update on the Belgian ruling on IAB Europe’s TCF
Date posted – 08/09/2022The Belgian Market Court has issued a new judgment re the IAB Europe’s appeal of the Belgian DPA’s decision on the legality of the TCF.
FTC sues data broker Kochava for selling precise location information
Date posted – 05/09/2022FTC sues data broker Kochava for selling precise location information. California passes children’s privacy bill. Plus, revised Swiss data protection law to take effect and New Zealand considers closing notification gap for indirect data collection.
The noyb Cookie Banner GDPR Complaints: What You Need to Know
Date posted – 31/08/2022The European Center for Digital Rights, also known as noyb (None of Your Business), is a non-profit organization started in 2017 by Austrian privacy activist, lawyer, and author, Max Schrems. On May 31, 2021 noyb launched a new…
Uncover all cookies with the new Diagnose dashboard
Date posted – 30/08/2022Diagnose Compliance Monitoring has always helped you spot vendor behavior that puts you at risk. Now, our newest dashboard goes even further to give you full visibility into your tech stack at all times. Introducing: the new All Cookies Found dashboard. With…
Sephora Settles in GPC Enforcement Sweep
Date posted – 29/08/2022California Attorney General Bonta announced reaching a $1.2 million settlement with Sephora based on allegations the retailer violated the California Consumer Privacy Act (CCPA). According to the announcement, Sephora failed to disclose its sale of personal information collected from…
[WEBINAR] Global Privacy Control
Date posted – 25/08/2022In this webinar, Sourcepoint will present an overview on Global Privacy Control (GPC), a technical specification for transmitting universal opt-out signals. You’ll learn best practices for honoring the GPC signal as of today, and as new jurisdictions become relevant.
Soltani to Pelosi: “ADPPA Represents a False Choice”
Date posted – 22/08/2022In a letter to Speaker Pelosi and Minority Leader McCarthy, Ashkan Soltani, Executive Director of the California Privacy Protection Agency (CPPA), expressed his opposition to the proposed American Data Privacy and Protection Act (ADPPA). The letter stated that the…
FTC kicks off commercial surveillance rulemaking process
Date posted – 15/08/2022The California Privacy Protection Agency (CPPA) unanimously voted to oppose HR 8152, the federal bill implementing the American Data Privacy and Protection Act (ADPPA), citing the bill’s broad preemption language as the reason for its opposition.
CJEU Ruling Broadens Scope of Sensitive Data Under GDPR
Date posted – 08/08/2022The California Privacy Protection Agency (CPPA) unanimously voted to oppose HR 8152, the federal bill implementing the American Data Privacy and Protection Act (ADPPA), citing the bill’s broad preemption language as the reason for its opposition.
[WEBINAR] Benchmark Report: US Privacy Compliance
Date posted – 03/08/2022In this webinar, Sourcepoint presents its US Privacy Benchmark Report for a look into the current state of compliance with CCPA requirements. We’ll provide an overview of the US privacy patchwork and discuss what lies ahead, such as the…
California Agency Opposes Federal ADPPA
Date posted – 02/08/2022The California Privacy Protection Agency (CPPA) unanimously voted to oppose HR 8152, the federal bill implementing the American Data Privacy and Protection Act (ADPPA), citing the bill’s broad preemption language as the reason for its opposition.
US Federal Privacy Bill Advances to House Floor
Date posted – 25/07/2022The House Committee on Energy and Commerce voted to report an amended version of HR 8152 (implementing the American Data Privacy and Protection Act) favorably to the House. The amended version of the bill, among other changes, expands the definition of “sensitive…
How to collect consent for GA4
Date posted – 19/07/2022In recent years, increasing regulatory activity around cookie consent has led to a move away from third-party tracking. Google Analytics 4 and new features like Google Consent Mode signal an industry shift towards privacy-minded design in analytics and advertising. …
TikTok Pauses Legitimate Interest for Targeted Ads After Warning from DPAs
Date posted – 18/07/2022According to the Garante’s warning, TikTok’s administration of personalized commercial advertising, at least to the extent based on information stored on the user’s device, cannot legally be based on legitimate interest under the ePrivacy Directive, and to the…
Horizon Media partners with Sourcepoint to help drive privacy-first advertising
Date posted –Sourcepoint, the privacy compliance platform of record for the digital marketing ecosystem, has partnered with Horizon Media to provide their clients with access to Sourcepoint’s privacy measurement technology, Privacy Lens. Sourcepoint’s proprietary platform allows advertisers to ensure media quality…
Meta settles with DOJ in housing ads discrimination case
Date posted – 27/06/2022The U.S. Department of Justice announced a $115,054 settlement with Facebook’s parent company, Meta, over allegations that Facebook’s advertising tool enabled advertisers to use user characteristics such as race, color, religion, sex, disability, familial status and national origin, to…
UK government responds to data reform consultation
Date posted – 19/06/2022The consultation, which ran for 10 weeks ending in November 2021, involved collection of feedback from stakeholders in response to a consultation paper outlining a range of data reform proposals. Several of the consultation’s proposals involved removing consent requirements…
Sourcepoint and MediaMath Announce First-of-its-kind Partnership to Provide ‘Privacy-Safe’ Inventory Segments
Date posted – 16/06/2022Sourcepoint has integrated its privacy safety data with MediaMath, in order to provide MediaMath customers with pre-bid access to inventory segments that meet their privacy compliance standards. The integration helps responsible advertisers easily reach consumers in environments they have…
Ad industry says draft federal privacy legislation falls short
Date posted – 13/06/2022Privacy for America, a coalition that includes several ad industry trade bodies, expressed support for a bipartisan federal data privacy bill but said the recent draft bill “falls short in terms of protecting responsible data use”.
Draft U.S. federal privacy legislation released
Date posted – 07/06/2022According to a press release from the House Committee on Energy & Commerce, the draft is “the first comprehensive privacy proposal to gain bipartisan, bicameral support”.
California agency issues draft privacy regulations
Date posted – 31/05/2022The draft regulations include multiple changes that would impact the digital advertising industry, including a requirement to to treat universal opt-out preferences signals as valid opt-out requests.
FTC to enforce COPPA in EdTech
Date posted – 23/05/2022The FTC committed to fully enforce COPPA’s limitations on edtech operators’ ability to collect, use and retain children’s personal data, including in school and learning settings.
The new playground: why we need to re-architect the internet to prioritize child privacy
Date posted – 19/05/2022Even as data privacy becomes an increasingly priority in the US, legislation remains fragmented, making it difficult for companies to stay in compliance with sensitive rules such as those concerning children’s privacy.
FTC to vote on COPPA enforcement in edtech
Date posted – 16/05/2022This week: FTC to vote on COPPA enforcement, and has a Democratic majority, plus Greece DPA warns about consent non-compliance.
Connecticut enacts privacy law: what you need to know
Date posted – 13/05/2022Connecticut is the latest state to join California, Virginia, Colorado, and Utah in enacting comprehensive privacy laws which will take effect in 2023. What’s going on with Connecticut’s new privacy law? Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring was passed by the state Senate…
Preparing for the “privacy tsunami”
Date posted – 11/05/2022As recent rulings against IAB Europe’s TCF, Google and Facebook both illustrate, the privacy landscape is in a state of near-constant change. For privacy professionals that don’t have specific expertise in digital advertising, this can represent a complex and…
In the privacy-first era, what responsibility do advertisers have?
Date posted – 09/05/2022Increasingly, instead of blindly rolling the dice on the open web, shrewd advertisers are moving data privacy and data ethics to the center of their brand’s strategy. If personalized advertising is to continue, it’s clear that current market dynamics…
Connecticut privacy bill becomes law
Date posted –This week’s news: Connecticut passes their privacy law, California prepares for CPRA regulations, and the UK moves closer to reform.
EU Council / Parliament reach agreement on Digital Services Act
Date posted – 02/05/2022Connecticut SB 6, which closely resembles the Colorado Privacy Act, was unanimously passed by the Senate after an amendment making changes to the applicability threshold and the age of children’s data (from 18 to 16) and removing authentication requirements…
Connecticut privacy bill passes Senate
Date posted – 25/04/2022Connecticut SB 6, which closely resembles the Colorado Privacy Act, was unanimously passed by the Senate after an amendment making changes to the applicability threshold and the age of children’s data (from 18 to 16) and removing authentication requirements…
The new Utah data privacy law: what you need to know
Date posted –Did you have Utah on your US state privacy patchwork bingo card? Probably not! But the Beehive State is indeed the latest state to enact a data privacy law, following Colorado and Virginia, to pass a privacy law. Read…
Virginia amendment impacts third-party treatment of deletion requests
Date posted – 18/04/2022The purpose of this amendment was to prevent companies that receive data indirectly from other businesses from deleting consumer data in response to a request and then re-collecting data about the same consumer from an indirect business source, without…
German DPA says Google must fix consent banners
Date posted – 11/04/2022The Hamburg Commissioner’s position is consistent with previous sentiments from other EU DPAs, including the CNIL in France, which issued sanctions against Google and Facebook early this year based on a finding that the companies’ respective cookie banners did…
Why publishers need to stop using dark patterns
Date posted – 10/04/2022Dark patterns – or website designs that manipulate users into performing specific actions – are widespread these days. In fact, one recent study from Princeton examined 11,000 shopping websites and found 1,818 instances and 15 different types of dark patterns. As…
IAB Europe submits action plan to Belgium DPA
Date posted – 04/04/2022If the APD approves the action plan, IAB Europe will have 6 months from the date of such approval to implement the plan. However, IAB Europe has also appealed the decision, including a request to suspend the Order pending…
Tentative transatlantic data flow agreement reached
Date posted – 28/03/2022Biden announced that their countries had “reached a major breakthrough in transatlantic data flows” with a “new agreement [that] will enhance the Privacy Shield Framework; promote growth and innovation in Europe and the United States; and help companies, both…
Utah privacy bill awaits signature; Google to sunset analytics solution storing IP address
Date posted – 21/03/2022Like the Colorado and Virginia laws, the UCPA does provide a right to opt out of sales and targeted advertising, but it does not provide a right to opt out of profiling. The law adopts Virginia’s narrow definition of…
For publishers: 5 tips for optimizing your vendor assessment process
Date posted – 15/03/2022Know you need to dig deeper into the data processors on your page, but don’t know where to start? We’ve got you covered.
Trans-atlantic data transfer agreements a “high priority”
Date posted – 28/02/2022The United States and European Union will need to either agree on sufficient safeguards to protect EU data subjects or reconcile the differences between the EU Charter and U.S. Surveillance laws. Meanwhile, the new UK Information Commissioner criticizes EU’s…
California Privacy Agency rulemaking delay; IAB Europe clarifies Belgian DPA decision for pubs
Date posted – 23/02/2022CPPA announces delayed rulemaking. Facebook settles cookie tracking lawsuit. IAB Europe to publishers: the TCF is not illegal.
IAB Europe to appeal Belgian DPA decision; ICCL calls on deletion of TCF data
Date posted – 15/02/2022Irish Council of Civil Liberties send letters to major advertisers calling on the deletion on digital advertising data collected via the TCF. The IAB Europe announces plans to appeal the Belgian DPA decision. And an Australian court reject’s Facebooks…
23 US states now have active privacy legislation; Belgium fines IAB Europe for GDPR violations
Date posted – 07/02/2022Indiana, Washington, and Massachusetts privacy bills make progress; Wisconsin bill introduced. Meanwhile, the Belgian DPA fines IAB Europe for GDPR violations.
It’s not about the TCF, it’s about the future of advertising
Date posted – 03/02/2022This recent ruling by the APD is an urgent reminder that we as an industry still have work to do to protect the ecosystem of digital utility that has been built over the past 30 years.
US states sue Google over dark patterns and German ad industry criticizes third-party cookie deprecation
Date posted – 31/01/2022State attorneys general sue Google re dark patterns, ANA urges FTC to reject surveillance ad ban, Indiana privacy bill advances to senate floor, German ad industry criticizes deprecation of third-party cookies, EDPB issues guidance re right of access, and…
Even more US state privacy bills, plus European Parliament approves Digital Services Act
Date posted – 24/01/2022Privacy bills from more US state states, including Mississippi, Nebraska, and Pennsylvania. Plus, Europe’s Digital Services Act was approved.
Connecting the dots on: global privacy controls
Date posted –You might have heard of an initiative to create a technical specification for universal opt-out signals, called Global Privacy Control. But the term ‘global privacy controls” (lowercase) is also sometimes used to refer to universal opt-out mechanisms, or any…
More US state privacy bills and new CNIL guidance on subcontractors
Date posted – 17/01/2022US state privacy bills pour in from Alaska, Florida, Indiana, Vermont, Virginia (amending the VCDPA), and Washington.
Luxembourg court suspends Amazon decision; CNIL fines Google & Facebook
Date posted – 10/01/2022Luxembourg court suspends decision against Amazon. CNIL issues fines against Google & Facebook. UK confirms new information commissioner. Biden re-nominates Bedoya for FTC commissioner. New York Privacy Act is reintroduced. Jordan introduces draft data protection law.
OpenX to pay $2M for FTC privacy settlement; Google settles over children’s privacy
Date posted – 20/12/2021OpenX to pay $2M for FTC privacy settlement. Google settles with New Mexico AG re children’s privacy. FTC provides notice of privacy rulemaking process consideration. California CPPA releases public comments. CNIL issues new developer guide re cookies. CNIL issues…
Ebook: A Publisher’s Guide to Vendor List Curation
Date posted – 16/12/2021How to review your vendor list to mitigate compliance gaps and protect revenue.
Week of December 6, 2021
Date posted – 13/12/2021Ohio hears testimony in fourth hearing of the Ohio Personal Privacy Act. US dark patterns legislation would prohibit online services with more than 100M users from designing UI that obscures user choice. US Senate holds hearing on tech privacy/…
WTF is a CMP and how to select the right one?
Date posted – 10/12/2021With a constant stream of new privacy regulations, including GDPR, CCPA, LGPD and POPI, it can be difficult for publishers to stay on top of the latest laws coming into force around the world. In response to the ever-expanding…
Advocacy group pushes the FTC for elevated privacy reform
Date posted – 07/12/2021Bedoya FTC nomination on delay. Advocacy group pushes FTC for elevated privacy reform. Germany telecom privacy law in effect. CJEU advocate general suggests GDPR allows for national representative GPDR action. Spain DPA says public key can be personal data….
Connecting the dots on: cookie consent
Date posted – 01/12/2021Activity around cookie consent has been steadily ramping throughout Europe, with DPAs and privacy activists scrutinizing the effectiveness of consent in protecting user privacy. From dark patterns in cookie banners to depositing non-essential third-party tracking cookies on users’ computers…
Belgian DPA finalizes draft IAB decision
Date posted – 30/11/2021Belgian DPA finalizes draft IAB decision for DPA feedback. ICO and CNIL publish expectations for new online advertising initiatives and identifier-based solutions. India data protection bill moves forward and UAE adopt data protection law.
Federal online privacy act reintroduced
Date posted – 22/11/2021Bedoya testifies in FTC nomination hearing, plus federal online privacy act reintroduced. More details from the ICO regarding approach to children’s code enforcement. Brazil issues LGPD report and there is industry concern about AI in advertising.
UK Supreme Court denies privacy class action against Google
Date posted – 15/11/2021UK denies privacy class action against Google. European commission questions Belgian DPA’s independence. Israel pushes forward privacy amendments. Several companies announce ad targeting changes.
China’s privacy law goes into effect
Date posted – 07/11/2021China’s privacy law goes into effect. In the US, two federal privacy bills are announced. Virginia privacy report emphasizes a global opt-out as a best practice and the Belgian DPA issues a draft ruling re the TCF.
Firefox to roll out Global Privacy Control
Date posted – 02/11/2021Will the FTC to do privacy rulemaking? Australia privacy draft legislation and India data protection bill to be circulated, and Firefox rolls out Global Privacy Control.
FTC report reveals ISP investigation findings
Date posted – 25/10/2021FTC report on ISPs advertising with “supercookies”. Ukraine publishes draft privacy law. Brave browser announces that their own search engine will become the default and Google rolls out privacy form in Google Play.
Norwegian DPA criticizes consent through browser settings
Date posted – 19/10/2021Amazon appeals Luxembourg fine, the Norwegian DPA questions browser-level consent, and Massachusetts holds a privacy legislation hearing.
Week of October 4, 2021
Date posted – 10/10/2021Ashkan Soltani will lead the new California Privacy Protection Agency, FTC Commissioner talks data minimization, and the Digital Services Act could ban some targeted advertising.
Week of September 27, 2021
Date posted – 03/10/2021A taskforce for cookie banner harmonization under GDPR is formed, and the IAB Europe steps up TCF policy enforcement.
Week of September 20, 2021
Date posted – 27/09/2021In the US, senators have taken a series of actions in pursuit of federal privacy regulation.
Week of September 13, 2021
Date posted – 20/09/2021FTC’s new privacy expert commissioner and $1B in funding. Finland says browser-level cookie controls aren’t sufficient and Saudi Arabia’s new law.
Week of September 6, 2021
Date posted – 12/09/2021Oklahoma proposes a privacy law and Congress seeks to fund the FTC for data privacy and security enforcement. Plus, the ICO looks to implement cookie reforms.
An overview of Consent Management Platforms
Date posted – 09/09/2021Since the emergence of data privacy laws and regulations like the General Data Protection Regulation (GDPR) in 2018, businesses have been looking for solutions to efficiently manage getting consent to collect personal data when users visit a brand’s digital…
The GDPR vs. CCPA: Two major privacy laws impacting your business
Date posted – 08/09/2021Data privacy continues to be a major topic of interest for consumers and businesses around the world. It almost feels like there is a discussion over a new privacy regulation or law going into effect every day—we’ve outlined a…
Week of August 30, 2021
Date posted – 07/09/2021UK’s Children’s Code, likely to influence legislation worldwide, goes into effect. Brazil moves forward with constitutional amendment that makes personal data protection a fundamental right.
Week of August 23, 2021
Date posted – 30/08/2021UK Digital Secretary announces plans for a data law ‘shake-up’, Malta releases cookie consent guidance, and news in children’s privacy.
Week of August 16, 2021
Date posted – 23/08/2021China passes personal data protection law, Canada releases updated guidance, and the first GDPR lawsuit in US court is dismissed.
Week of August 9, 2021
Date posted – 16/08/2021Noyb GDPR complaints are filed, CNIL releases guidelines re children, and Google blocks ad targeting of children.
Startpagina Chooses Sourcepoint’s Flexible CMP for Consent Optimization
Date posted –Since 1998, Startpagina, a popular link directory in the Netherlands, has been curating high-quality, relevant links on a daily basis, and their properties see over 10 million visits a month. Unfortunately, their old CMP contributed to a high percentage…
A Little Privacy: week of August 2
Date posted – 09/08/2021Faceboook disables accounts of university researchers, Amazon’s unprecedented GDPR fine, IAB Europe releases guide to contextual advertising.
A Little Privacy: June/July Trends
Date posted – 05/08/2021There’s no summer off for privacy. June and July saw plenty of major developments in the world of data privacy over the past month or so, particularly in the US. We think three major trends deserve our attention.
Looking at the Zoom story: privacy missteps in the CCPA era
Date posted – 01/08/2021As millions of people find themselves quarantined at home to curb the spread of the coronavirus, the video conferencing software Zoom has surged in popularity. But the trajectory of Zoom in recent weeks serves as an object lesson in…
A Little Privacy: week of July 26
Date posted – 30/07/2021New federal privacy legislation introduced in the US. Ad industry groups question Global Privacy Control mandate in California. Read “A Little Privacy.”
A Little Privacy: week of July 20
Date posted – 27/07/2021California’s new Consumer Privacy Interactive Tool lets consumers notify companies of CCPA violations. CNIL issues another round of notices. Schrems v Facebook moves to the CJEU. TikTok fined by Dutch DPA for privacy policy violation.
A Little Privacy: week of July 16
Date posted – 23/07/2021The California Attorney General’s Office sent out new letters of enforcements backing requirements to honor GPC signal. In Europe, new cookie guidelines have been issued by the Italian DPA and proposals are pending for new EU digital privacy rights.
A little privacy: week of July 5
Date posted – 09/07/2021Colorado signs privacy act into law and Biden signs a competition executive order. In the UK, the ICO announced a new code governing digital design practices for children.
Apple’s IDFA privacy update: How to optimize user opt-in on iOS 14.5 and beyond
Date posted – 07/07/2021Apple first announced in September 2020 that as part of the new AppTrackingTransparency (ATT) Framework, app developers will be required to ask users for consent before accessing their IDFA (Identifier for Advertisers) for tracking and personalization. As of December…
A little privacy: week of June 28
Date posted – 02/07/2021FTC settles over COPPA violations. CNIL confirms compliance of orgs put on notice. Adequacy decision for UK under GDPR adopted. Read “A Little Privacy.”
OTT is the next frontier for ‘consent everywhere’
Date posted – 30/06/2021As the targeted advertising on connected TV and over-the-top (OTT) platforms continues to grow, there are obstacles that need to be overcome for obtaining consent from audiences for use of their personal data.
A little privacy: week of June 21
Date posted – 28/06/2021FTC cracks down on sharing sensitive data without consent and Google stalls the deprecation of the third-party cookie.
Employee Spotlight: Veronica Sirotic
Date posted –Veronica Sirotic joined us as a Recruiting Intern before moving into her current role as Operations Coordinator. Veronica coordinates our recruiting efforts while implementing the company’s DEI initiatives, including leading our DEI council and organizing diversity training. In her…
A little privacy: week of June 14
Date posted – 18/06/2021US federal privacy legislation is reintroduced, a UK task force recommends a new framework to replace GDPR, and Amazon blocks Google FLOC testing.
Advertiser sollten die schwarzen Schafe beim Consent Management aussortieren
Date posted – 01/06/2021Consent Management ist im Zuge der DSGVO zu einem der Top-Themen in der Digitalwerbung geworden. Für die Datenverarbeitung, die im Rahmen der Personalisierung von Werbeanzeigen anfällt, muss nahezu immer eine Zustimmung des Nutzers vorliegen – es sei denn, die…
Employee Spotlight: Aroan Kebede
Date posted – 28/05/2021Aroan joined our Sourcepoint family as a Data Analyst after we acquired Redbud in October 2020. He joined Redbud in March 2020 as a recent graduate of University of Nottingham with a Bachelor of Engineering. Aroan has been an…
TCF v2.0: everything you need to know
Date posted – 17/05/2021Along with improved transparency and control for publishers and consumers, TCF v2.0 also eliminates ambiguity and supports better legitimate interest data processing. Let’s walk through some of the changes. …
What publishers need to know about managing consent on AMP
Date posted – 07/05/2021When it comes to privacy and monetization, AMP pages are one piece of the puzzle that can’t be left unaddressed. Given the high volume of traffic driven by mobile and AMP views, foregoing something like a CMP to manage…
Employee Spotlight: André Herculano
Date posted – 29/04/2021What is your role at Sourcepoint? I am the Mobile Engineering Manager. I started out as a contractor with Sourcepoint and I actually had fairly little mobile experience prior to joining the team. To see how my experience with…
Employee Spotlight: Melanie Deneau
Date posted – 15/04/2021Melanie Deneau is our Director of Client Services in the EU (non-DACH). She first joined Sourcepoint as an account manager in 2018. She also previously worked as an account manager for ResearchGate and a Team Lead for Medigo. How…
Virginia’s Consumer Data Protection Act (CDPA): What you need to know
Date posted – 12/04/2021In March 2021, Virginia became the latest US state to sign a data privacy law. Governor Ralph Northam signed the Consumer Data Protection Act, otherwise known as the CDPA, into law, with plans for it to go into effect…
Employee Spotlight: Yuliya Yasenetska
Date posted – 23/03/2021Yuliya Yasenetska recently joined our team as a Software Engineer. Prior to joining our team, she worked as a software engineer at Hana and an adtech engineer at Billboard. She is also an artist and works primarily in acrylic…
Wondering how to improve Core Web Vitals? Don’t overlook your adtech stack
Date posted – 19/03/2021In May 2021, Google will add Core Web Vital measurements to its SEO ranking factors. It is also experimenting with a badging system that will display a poor quality indicator on pages that take too long to load or…
Employee Spotlight Series: Maria Fernanda Abella Avila
Date posted – 16/03/2021Maria recently joined Sourcepoint as a Technical Account Manager based out of our Berlin offices. Previously, she worked as a Partner and Customer Success Manager with Nosto and as a Publishers Business Development and Account Manager at BidderPlace. What…
Employee Spotlight Series: Chloe Grutchfield
Date posted – 08/03/2021Chloe Grutchfield joined us as SVP of Product when Sourcepoint acquired the software company she co-founded in April 2018, Redbud. Chloe brings over 10 years of adtech product expertise, maintaining leading roles at agencies, large data platforms and mobile monetization…
Three dimensions of privacy UX all brands need to understand
Date posted – 01/03/2021In the past few years, numerous privacy regulations have come into force to provide consumers greater control over their data. But the patchwork of regulations and varying approaches means compliance remains complex. The regulatory landscape is tightening; GDPR fines…
A new approach to ethical digital advertising: Privacy Lens
Date posted –Today, we are proud to announce our new product, Privacy Lens, the first privacy measurement and analytics platform for digital advertising. Much like ad viewability or brand safety tools provide insights about campaign effectiveness and suitability, Privacy Lens allows…
Planet49 and TCF v2.1 changed cookie notices: How to update your CMP
Date posted – 02/02/2021What is TCF v2.1? What is the Planet49 ruling? How did the Planet49 ruling inform TCF v2.1? How does TCF v2.1 affect my CMP implementation? Do I need to collect re-consent for vendors? Should I be concerned about long…
What does the California Privacy Rights Act (CPRA) mean for the future of your privacy program?
Date posted – 05/11/2020In 2020, Californians passed the California Privacy Rights Act (CPRA), an initiative put forward by the same group behind CCPA: California for Consumer Privacy. What does CPRA mean for advertising operations and the data privacy space? In short: more…
[WEBINAR] Vendor assessments: Looking at cookies and beyond
Date posted – 04/11/2020Sourcepoint acquired RedBud to provide deeper privacy compliance insights for our customers. With the integration of RedBud’s DIAGNOSE technology, you can get a comprehensive view of what’s happening on your properties, understand specific areas of exposure, and optimize your…
How the Sourcepoint CMP helps you comply with IAB TCF v2.0
Date posted – 03/11/2020We’ve seen many successful transitions to TCF v2 with our CMP. Our client services team has worked closely with some of the world’s largest media companies to ensure compliance while maximizing monetization. Here are some ways that we help…
Why we acquired RedBud: enabling a truly compliant and ethical media ecosystem
Date posted – 08/10/2020Today, we announced that Sourcepoint has acquired RedBud, an innovative UK-based software technology company which provides privacy-compliance analytics for buyers and sellers of media and data. It’s an exciting development because not only does this acquisition make our privacy…
Oracle: The Challenges and Opportunities New Data Privacy Laws Present to Digital Marketers
Date posted – 24/09/2020Oracle’s Dan Feuer recently spoke with Sourcepoint CEO, Ben Barokas, about the challenges marketers face as privacy regulations like GDPR and CCPA have evolved. Marketers must provide consumers with transparency and control over their data while minimizing friction as…
Your TCF v2.0 transition: a practical checklist for publishers
Date posted – 15/07/2020The August 15 deadline to switch over is rapidly approaching. The Transparency & Consent Framework v2.0 is complex, but with the proper preparation and the right partner, you can ensure no impact on your revenue. For a good overview…
[Webinar recording] Switching to TCF v2.0: What publishers need to know
Date posted – 17/05/2020In this video of our live webinar, Sourcepoint experts Michael Krauss, VP of Product, and Melanie Deneau, Client Services Director for the EU, present what’s new in version 2.0 of the Transparency and Consent Framework.
Deadline to switch over to TCF v2.0 extended to August 15
Date posted – 15/05/2020The IAB Europe Transparency & Consent Framework (TCF) Steering Group has voted to extend the deadline to switch over to TCF v2.0 to August 15, 2020. What does this mean for you?
[Webinar] Switching to TCF v2.0: What publishers need to know
Date posted – 04/05/2020Join Sourcepoint experts Michael Krauss, VP of Product, and Melanie Deneau, Client Services Director for the EU, on May 11 @ 11:00 ET for a live presentation of what’s new in version 2.0 of the Transparency and Consent Framework.
Cookies, consent, and user experience – the great disconnect
Date posted – 12/12/2019Without third-party cookies, media owners must find another way to provide relevant ad experiences, analytics and reporting associated with ad inventory – and even to collect regulatory consent signals. It’s a pivotal change to digital publishing as we know…
ICYMI: New data privacy bills from the Senate
Date posted – 06/12/2019It’s not quite the bipartisan reckoning many businesses have hoped for, but the two pieces of legislation appear to be “closer together on most issues than they are apart.” Both bills include individual rights such as access, correction,…
[Product update] New consent reporting features are here
Date posted –With this release, we have made information in your consent reporting dashboard more actionable and easier to visualize.
UK regulator steps up warning to ad tech industry about GDPR violations in programmatic advertising
Date posted – 22/11/2019This week, the UK Information Commissioner’s Office (ICO) gathered with industry players in London in a closed-door meeting to discuss their latest findings since the kick-off of their investigation into the real-time bidding industry in June.
EVENTS | See you at TV of Tomorrow on Dec. 4
Date posted – 21/11/2019Our co-founder and CEO, Ben Barokas, will be speaking on the panel “Preparing for the CCPA” at TV of Tomorrow in NYC. The discussion will cover the overall scope of CCPA and focus in on its impact on television….
What you need to know about the IAB CCPA Compliance Framework v1
Date posted – 19/11/2019The first version of the technical specifications for the IAB CCPA Compliance Framework has been published. Previously, the Framework Draft was in public comment until November 5th. Changes have been incorporated and now the IAB Tech Lab working group…
[Research]: What do publishers think about the impact of CCPA and other U.S. privacy laws?
Date posted – 11/11/2019A majority of publishers surveyed by Sourcepoint believe that local (79%) and global (83%) privacy regulation will impact their business, with around half feeling it will have significant impact. Four in ten respondents cite the California Consumer Privacy Act…
Reaching global equilibrium: the value of consent and user preference
Date posted – 23/09/2019This article originally appeared in Marketing Land. The introduction of the General Data Protection Regulation (GDPR) this year started a ripple of privacy legislation across the globe, with governments evaluating whether current laws are enough to protect the personal…
When do consumers find digital ads engaging?
Date posted – 29/08/2019Research compiled by eMarketer suggests that digital buyers are more likely to have positive feelings towards ads when they’re receiving free content in exchange – or when the ads are relevant.
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.