California Privacy Protection Agency

Regulators care about privacy in practice, not just in theory. Simply having a tool or partnership in place isn’t enough to demonstrate effective compliance.

Google isn’t a regulator. From an attorney’s point of view, its decrees don’t carry the force of law, and that’s what lawyers are concerned with: the law.

A concept known as data minimization – the practice of limiting data collection and retention to only what’s strictly necessary to achieve a specific purpose – is becoming a key tenet of privacy legislation around the world.

Attention, data brokers: If you operated in California last year, you need to register with the California Privacy Protection Agency (CPPA) by the end of this month.

Nineteen states have passed comprehensive privacy laws, but how close are we really to a federal privacy law?

Here are a few fun facts about the CPPA that you can trot out at cocktail parties (depending on whether you hang out with privacy nerds).

It may appear as if The California Privacy Protection Agency has been in hibernation mode. But don’t let that fool you. The bear is awake and it’s got an appetite.

The next wave of privacy regulation revolves around data brokers. And while the term “data broker” may have a negative connotation, its legal definition is fairly straightforward.

Putting aside the bureaucracy of it all, what do ad tech companies need to know about the risk assessment rules being established by the California Privacy Protection Agency?

Sharing enough detail without being overwhelming is a difficult balance to strike, and there’s no perfect answer. But one thing is for certain: Privacy platitudes are for hacks or for those with something to hide.