Preview Mode Links will not work in preview mode

Oct 12, 2019

Alan Chapell joins the show this week in the first of a two-part series to talk about the GDPR (General Data Protection Regulation), and the CCPA (California Consumer Privacy Act). We talk about how each will change data privacy regulation, and how it will reshape the way in which data is handled in both advertising and consumer privacy. Alan and I also discuss the basic and extended mechanics in both acts, the commonalities between the two and the core differences between them.



[3:54] The GDPR was the product of many years of thought across hundreds of privacy scholars worldwide. They put together a comprehensive consumer privacy law, and it went into effect in May of 2018.

[5:12] Part of Alan’s job is to help people and entities manage their presence online, and help them understand how data is accumulated and how we as advertisers and brands are affected.

[9:37] In events such as Cambridge Analytica, Facebook tried to deflect and push blame and liability to advertisers. One of the core issues raised by GDPR is how data is used against multiple integrated platforms.

[10:46] As a data subject, you have a right to see what is being collected about you.

[10:55] The four sections of GDPR:

  1. 1. Transparency and modalities.
  2. 2. Information and access to personal data.
  3. 3. Rectification and erasure.
  4. 4. Right to object and automated individual decision making.
  5. [22:41] GDBR is an ongoing improvement cycle and will be an evolution for businesses looking to do the right thing. One of the overarching themes of the GDBR is privacy by design.
  6. [39:23] CCPA was crafted over two weeks and becomes effective on January 1, 2020. It is not super well defined, but still subject to editing and change.
  7. [44:48] Companies should look at the three categories under CCPA, and evaluate their obligations according to which of the three they fall under:
  1. 1. Business Entity
  2. 2. Service Provider
  3. 3. Third-Party
  4. [55:02] The EU sees privacy as a fundamental human right, while the U.S. sees data collection as a First Amendment right, focusing on the harms of having data breached.