New USA Privacy Laws and How They Affect You

When the GDPR came into effect in 2018, it transformed the way that publishers and advertisers gathered data from users. The online advertising industry had to be reworked to protect user information. This overhaul affected any site that saw traffic from EU countries, regardless of where the publisher was established.

The introduction of the GDPR also caused non-EU countries, like the United States, to re-evaluate their existing protections for users. California went through several iterations of privacy protections, before introducing the California Privacy Rights Act. This came into full effect on January 1st of this year, and spurred the United States federal government to put together a privacy act of their own.

Enter the American Data Privacy and Protection Act (ADPPA). The ADPPA isn’t likely to come into effect this year, but its appearance on the horizon means advertisers and publishers should keep informed.

What’s included in the ADPPA?

The ADPPA will cover all businesses across the United States, as well as American consumers. Good news for publishers that comply with the GDPR: the ADPPA will act as America’s answer to the GDPR. Users will be given the option to decline cookies and opt out of unnecessary data collection and data sharing to third party businesses.

Under the ADPPA, users will also need to be notified when companies are collecting their data. They will also have the right to request their data from the past year, and the right to request that companies purge their data. With the ADPPA, the onus is on the business or site owner to communicate this to the user. While it doesn’t define the minimum threshold for protection, publishers will be held responsible for any breaches or non-compliance with the ADPPA.

Who is covered by the ADPPA?

Though California created their privacy act first, the federal distinction of the ADPPA will supersede the CPRA. Where the CPRA only covers residents in the state of California, the ADPPA will cover all American states and provinces. For publishers that see traffic from the USA and haven’t already needed to comply with the GDPR, the ADPPA will require a privacy overhaul to ensure that any American users are kept informed about the site’s usage of their data.

With California set to fall under the ADPPA, California legislators are keeping a close eye on differences between the two Acts. A controversial stipulation of the ADPPA is that users can’t opt out of data collection if said collection is vital to “develop, maintain, repair or enhance or improve a product or service for which such data was collected.” This could make it easy for disingenuous businesses to take advantage of a good-faith clause.

What happens next?

The ADPPA has passed Congress, but this doesn’t mean that it has become law. Publishers and advertisers will have time to prepare for the introduction of the ADPPA. Before the ADPPA becomes law, the language or coverage stipulated within the Act could be amended or done away with. To be sure that you’re up to date with new regulations surrounding data privacy, keep a close eye on our blog. We post weekly to keep our partners informed. Want to become a partner with us? You can apply here.