According to the new version of the ADPPA, Butler says some forms of targeting would remain common, especially first-party data-based targeting. If you purchase shoes from Target.com, Target may still use this information to show you shoe ads when you are elsewhere. What I couldn’t do is relate your shopping history to everything you do on the web and on the phone to show you ads for things you’ve never told them you wanted. Nor could they keep spying on Facebook and Google by placing crawlers on almost every free website or app you use, in order to create a profile of yours for advertisers.
“If they track your activity on third-party websites, which they certainly are, then it’s sensitive data and they may not be processing it for targeted advertising purposes,” Butler says.
To the extent that the new bill would still allow targeted advertising, it would require companies to give users the right to turn off, while banning the types of tricks that companies often use to drive users to click. ” Accept all cookies “according to the GDPR. And it would direct the Federal Trade Commission to create a standard for universal exclusion that companies should honor, meaning users could reject all targeted advertising with a single click. (This is an important feature of the recently enacted privacy law in California.)
The advertising industry seems to agree that the bill would mark a fundamental change. Yesterday, the National Advertisers Association, a commercial group, issued a statement opposing the bill alleging that it “prohibits companies from collecting and using basic demographic and online activity data for advertising purposes. habitual and responsible “.
Aside from its data minimization approach, the new bill contains a lot of provisions that data privacy experts have long called for, such as transparency standards, anti-discrimination rules, greater oversight of data intermediaries. and new cybersecurity requirements.
Federal privacy legislation has been a species of white whale in DC for the past few years. Since 2019, supposedly, a bipartisan agreement has been just around the corner. The effort stalled because Democrats and Republicans were divided on two key issues: whether a federal bill should anticipate state privacy laws and whether it should create a “private right of action” that would allow individuals , not just the government, sue companies for violations. . Democrats are generally against preemption and in favor of a private right of action, Republicans in reverse.
The new bill represents a long-sought compromise on these issues. It anticipates state laws, but with a few exceptions. (Most notably, it empowers the new California privacy agency to enforce ADPPA in the state.) And it contains a limited private right of action, with restrictions on damages that people can sue.
The bill has other shortcomings, inevitably. The universal disable requirement is nice, but it won’t mean much until larger browsers, especially Chrome and Safari, add the feature. The bill gives the FTC new authority to issue rules and enforce them, but it does not direct any new recourse to the agency, which no longer has the staff and funds to manage it all.