Data Privacy Day 2023 marks ‘a point of inflection for the ad industry,’ per experts

It’s quite a moment. There's growing legislative and enforcement activity – from new state privacy laws taking effect to the US Federal Trade Commission (FTC)’s recent promise to crack down on “ commercial surveillance and lax data security practices.” Then there are the widespread changes in the technology sector that reduce advertisers’ and publishers’ ability to track users across the web. Plus, data privacy and protection are under the microscope. As a result, the advertising industry – and the broader sector of the economy that hinges on data collection and brokering – is undergoing a moment of reckoning.

And while new policies and enforcement action imbue consumers with more control over how their data is used, these changes also create new hurdles for businesses, many of whom rely on the data trade to operate and scale.

The Drum surveyed privacy experts at universities, think tanks, advertising agencies and adtech firms on what Data Privacy Day symbolizes in 2023, as we approach a turning point in how we collect, share and monetize consumers’ personal information. Here’s what they had to say:

Fiona Campbell-Webster, chief privacy officer at media agency MediaMath:

This year, Data Privacy Day should be used by the broader society to harmonize these increasingly fragmented privacy regulatory approaches – so that, as a society, we can enjoy the enormous benefits and minimize any specific harms of digital transactional economies. We should aim for legislative and compliance goals and outcomes in which businesses can effectively scale privacy compliance [while also] offering personalized opportunities for interesting products and services to the consumer. We should build further on efforts to achieve these goals based on longstanding privacy principles such as privacy by design, transparency, data minimization and purpose limitation – and by approving, certifying and utilizing privacy-enhancing technologies.

We urgently need greater harmonization between differences in consumer privacy and data protection state laws and global laws. We need this harmonization to provide greater transparency and clarity of available privacy rights for consumers. We need this harmonization to create certainty for businesses in digital economies and minimize resource burdens and create scaled opportunities for businesses to flourish – especially small businesses.

Bipartisan efforts… to pass a comprehensive US federal privacy law in 2022 need to be revived and accelerated in 2023 to reduce the lack of clarity and uncertainty in the current fragmented state-by-state approach.

Joe Jones, research director at the International Association of Privacy Professionals:

Privacy developments in 2023 are going to come fast, and they’re likely to hit hard. We’re likely to see more by number, diversity and on a more global scale than in previous years. Expect new and updated privacy laws, more privacy-relevant regulation – such as on artificial intelligence and cyber, and more enforcement.

Large fines will get paired up with enforcement orders that could have more consequential impacts on business practices. This adds up to more obligations and more risk – including more personal liability for executives – at a time when privacy professionals at the front line may have [fewer] resources.

Data Privacy Day marks a moment to celebrate and promote the importance of privacy. This year, the day also marks an opportunity for the community of privacy professionals to come together to try and cohere the challenges that lie ahead.

Husna Grimes, vice-president of global privacy at Permutive, a privacy-centric audience platform for advertisers and publishers:

Data Privacy Day marks “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust,” [per the Thales Group]. As it relates to adtech, these are three themes that the ecosystem can no longer afford not to prioritize.

With 74% of consumers saying they’re concerned about brands being able to view and track their online behavior, [according to our research, conducted in partnership with The Harris Poll], users are taking matters into their own hands by independently disabling cookies or browsing in cookie-blocked environments. Consumers’ demands for more control over their own personal data – and acting on that choice – leave 70% of the open web unreachable to advertisers today.

All this makes for an environment in which regulators have public backing in drafting and enforcing data privacy laws. As debates over UK data protection reform continue, in the US alone, five new regulations have or will take effect in 2023. We can also expect to see more state privacy laws moving through the US legislative process throughout the course of the year. Between varying definitions of personal information, separate notification requirements and differing customer volume thresholds, these laws will require careful monitoring and consideration to remain in compliance.

Data Privacy Day serves as a timely reminder that rather than attempting to retrofit old ways of targeting consumers, advertisers, publishers and adtech must work together to act in ways that truly respect consumer privacy while protecting reach and revenue.

Jolynn Dellinger, senior lecturing fellow at The Kenan Institute for Ethics at Duke University:

Data Privacy Day has always been about raising awareness around data collection and use. It has been about promoting collaboration among government, businesses, nonprofits, academics and citizens around privacy solutions and the promotion of best practices.

This year, Congress has the opportunity to act on what has been a substantial bipartisan effort on comprehensive federal privacy legislation, and Congress needs to make that happen.

The Dobbs decision [on abortion rights in the US] and the state laws criminalizing abortion that have been enacted and enforced in its wake have eviscerated women’s right to privacy, and they are highlighting the ways data collected in our everyday interactions may be used against people – and the gaping holes in our data protection laws. Understanding how our data can put us at risk, demanding protection for sensitive data and a duty of loyalty on the part of corporations are more important than ever.

Arielle Garcia, chief privacy officer at IPG-owned ad agency UM Worldwide:

This Data Privacy Day arrives against a backdrop of enforcement and reinforcement that should serve to attract attention from more than just privacy professionals, but business and marketing leaders across categories on privacy and responsible data use as a central business priority. The proverbial ‘save-the-dates’ were sent out early, far and wide – for example, by way of the [California Consumer Privacy Act] Sephora settlement ‘warning shot,’ the FTC’s unexpected remedies in naming Drizly’s chief exec ordering data destruction and more recently, the findings of Canada’s privacy commissioner against Home Depot for sharing e-receipt information with Meta absent ‘valid consent.’

The 2022 December press release by Epic Games following their FTC settlement captures this sentiment well – the year ahead will call for “moving beyond long-standing industry practices” that are “no longer enough” to protect consumers sufficiently.

We can expect to see a particular emphasis on children and teen privacy with the California Age-Appropriate Design Code slated for enforcement in 2024, and the FTC set to revisit the Children’s Online Privacy Protection Act, along with sustained scrutiny on sensitive health and location information. We also are likely to see the FTC move ahead with its ‘commercial surveillance’ rulemaking efforts, doubling down on the need for substantive protections and addressing fundamental business models beyond the ‘notice and choice’ regime.

Amy Lee Stewart, senior vice-president, global data ethics officer at adtech firm LiveRamp:

While Congress’ push to pass a federal privacy law has not yet come to fruition, five individual states have moved forward with passing their own privacy laws and regulations (new laws went into effect in California and Virginia on January 1, and Colorado, Connecticut and Utah will follow suit later this year). One significant change will be that for the first time in the US, people in some of the regulated states will need to opt-in to share their sensitive data rather than opting out – creating a major shift in consumer privacy that changes the way marketers collect certain consumer insights moving forward. These shifts will further protect consumers’ control of their data, and it’s important that brands become comfortable with these new standards.

For example, brands will need to understand how the new laws apply to their company specifically, depending on the industry, company size, target audience, geographic reach and products and services. The best way brands can do that is to build a culture of accountability by staying in lockstep with their privacy teams; conducting frequent data audits; and increasing transparency with customers as to what personal data the brand collects, and how it uses, sells or shares that data. By embedding privacy into their organizations’ culture now, companies can foster an environment that consistently protects customers’ privacy while using data to create trustworthy and enjoyable brand experiences.

We believe that the data broker ecosystem will continue to move toward a culture of accountability and transparency – and rightfully so. This shift will be essential for digital marketing’s long-term success. Companies will ultimately benefit from ensuring that consumers understand the value they’re getting in exchange for their data, how and why their data is being collected and used and how they benefit from this.

David Hoffman, professor of the practice at the Sanford School of Public Policy at Duke University, first came up with the idea for Data Privacy Day:

Our research, as featured on Last Week Tonight with John Oliver, shows that the data industry is now not just a risk to individuals, but also to national security and democracy. There is an urgent need for action.

Rory Mitchell, general manager of global growth at adtech firm Criteo:

It certainly feels like we’ve reached a point of inflection this year. In spite of ongoing challenges with third-party cookies, marketers remain focused on ways to grow and achieve their customer acquisition and retention goals.

Overall signal loss is quickly approaching and we see more and more of our customers utilizing the power of first-party data to reach new customers, showcase their relevant products through engaging ads and most importantly, drive outcomes in a privacy-safe way.

For more, sign up for The Drum’s daily US newsletter here.