Understanding Data Privacy Laws in 2023
Digital Marketing
Jul 19 2023
Online privacy is a growing concern among everyday consumers. As more personal details become available online, the risk of identity theft, fraud, or other nefarious actions naturally rises. While advertisers’ access to private data can enhance the online experience with better personalization, too much access can be off-putting to users. Control over personal data and its uses is thus being returned to customers through privacy regulations at the state and federal levels.
Why Are Privacy Laws Spreading?
Simply put, privacy laws govern how businesses (or any online entity) collect and manage user data. Depending on the location, platform, and amount of data being captured, these regulations can fundamentally change how digital marketers operate.
Advertising in an environment of growing data privacy concerns becomes complex as emerging laws vary in what they regulate. Marketing activities must now comply with domestic, federal, and international laws — which themselves often shift as a greater understanding of private data’s potential uses comes to light.
Marketers will need to adopt fully-compliant campaigns that effectively cater to target audiences while remaining nimble enough to accommodate shifting privacy regulations.
A Look at Key International Privacy Regulations
Any discussion surrounding overseas data privacy regulations begins with the EU’s General Data Protection Regulation (GDPR). Taking full effect in the spring of 2018, the GDPR impacted data collection, transmission, and security by requiring “explicit, unambiguous consent” from EU users before any personal data (including cookies and IP addresses) could be collected. The fallout from GDPR’s widespread adoption continues to cause significant industry pillars like Facebook to rethink its entire approach to advertising.
The Digital Services Act (DSA) and Digital Markets Act (DMA) have since expanded on the GDPR’s initial effects on private data governance. The DSA (first adopted in the fall of 2022) takes aim at large platforms’ content standards, placing a ban on any illegal and/or harmful content. The DMA also impacts large platforms, restricting tech giants like Google, Amazon, and Facebook from leveraging their powerful reach to directly harm competitors.
US Privacy Regulations in 2023
While the U.S. doesn’t yet have its one-size-fits-all federal privacy law in place like the EU, the states have elected to tackle data usage individually with great success. However, the recently-adopted CPRA (California Privacy Rights Act, which became active on Jan. 1, 2023) appears to be a blueprint for what’s ahead.
The act gives consumers even greater control over their private data, while the definition of “sensitive personal information” and the necessary protections required of businesses to safely manage this data were expanded and clarified. Additionally, increased liability for data breaches and an enforcement board independent of the FTC (the California Privacy Protection Agency, or CPPA) were established under the act’s latest details.
To date, five U.S. states have enacted “comprehensive” data privacy laws: California, Colorado, Connecticut, Utah, and Virginia. These states have put consumers fully in charge of accessing, changing, or erasing personal information from their digital footprint, and require third parties to be transparent with their intended data collection practices and uses. As of this writing, Ohio, Michigan, Pennsylvania, and New Jersey’s legislative privacy acts aren’t far behind.
While similar in scope, each state legislates different provisions and restrictions for businesses depending on certain revenue thresholds and customer volume.
The Future of Data Privacy
The days of a federally-enforced privacy act are likely close at hand, and even without universal regulations, states are hard at work implementing various regulations on their own. Compliance tools likely represent a major priority for businesses looking to power through the turbulence and continue reaching consumers with targeted, user-specific content.
Likewise, security measures to ensure any data stored on local servers or on the cloud will take on greater importance (so as to avoid potential liabilities), and tactics operating outside the need for personal data collection — like native and contextual advertising — may see a spike in both adoption and efficiency as marketers refine their messaging to fit a new age of data management.
Ready to update your digital marketing strategy and build your business?
Our experts are here to help.
