WTF is the CONSENT Act?
The question of whether Europe’s pending privacy rules would make it to the U.S. is nearing an answer.
Last week, while Congress grilled Facebook CEO Mark Zuckerberg about the company’s failure to protect people’s privacy, Democratic Sens. Edward Markey and Richard Blumenthal introduced the CONSENT Act. The Customer Online Notification for Stopping Edge-provider Network Transgressions Act would impose similar rules in the U.S. to the EU’s General Data Protection Regulation, which takes effect on May 25. However, there are important differences between the two.
What would the act require?
In a word: consent. Publishers, platforms, brands and anyone else collecting people’s information online would need to obtain a person’s explicit consent before they can use, share or sell certain information about that person. They would need to detail all the ways that information is used, shared or sold, and notify people when those ways change “in a significant way,” according to the bill.
What information, exactly?
The data that ad buyers and ad sellers typically rely on to target and measure ads online: The sites people browse online, the apps they use and their geolocation. People also would have to give consent for any use of their emails, private messages, call details, financial information, health information, Social Security numbers and information related to children.
Sounds good for consumers. What’s the catch?
There may be a loophole for certain pieces of personally identifiable information, like people’s names and email addresses. That information is not listed among the types that would require consent. It would be up to the Federal Trade Commission, which would enforce the law, to decide what types of personally identifiable information should also require consent to be used, shared or sold. If the FTC excluded such information under the act, companies would only be required to notify people if they use, share or sell people’s names, email addresses and other personally identifiable information.
How would the act affect publishers, advertisers and platforms like Facebook and Google?
Platforms and advertisers could only target ads to people who gave them permission to collect their information, though the loophole could be used to target ads by matching the names and email addresses of users and customers. Advertisers could see smaller audience segments to target. And brands would also have to obtain people’s consent to use information collected from a brand’s own site or app to target them with ads or determine if seeing an ad led to a sales action.
Couldn’t publishers and platforms require people to give consent to use their sites or apps?
No. Companies would not be able to bar people who don’t give consent from using their sites or apps, according to the bill.
So this is basically the US version of the GDPR?
Yes and no. On the surface, the GDPR and the CONSENT Act both would require companies to obtain people’s consent to use certain information. But the 15-page CONSENT Act largely stays on the surface, while the 99-article GDPR goes deep into how its rules apply to companies that control people’s data versus those that process it. The personal information loophole is another big difference. Companies could still use that information without consent if they tell people how they are using it.
What’s the likelihood of the act becoming law?
Hard to say. Congress has introduced two online privacy laws, in 2011 and 2015, but they never passed. Perhaps there’s more momentum now with the Facebook situation, said Adam Solomon, partner at Michelman & Robinson, but he characterized the bill’s potential to pass as “still pretty low.” And with no Republican sponsor yet, it’s not going to go anywhere, said Gary Kibel, partner at law firm Davis & Gilbert.
Member Exclusive‘Allow the creators to create’: EOS hands influencers the wheel to drive effectiveness of its TikTok campaigns
In the latest Digiday+ Talk, Soyoung Kang talked about EOS's relationship with TikTok's creative influencers and how her team has used its paid TikTok campaigns to drive organic growth on its own channel.
‘My white colleagues are looking to me for answers’: Confessions of a Black ad tech exec
While the ad tech has taken strides toward being more inclusive, it has also suffered setbacks, according to a senior Black exec.
‘It is important for us to take a leadership role’: How esports giant FaZe Clan is working to root out bad behavior in the gaming community
Lee Trink, CEO of the $240 million esports collective, on its expansion plans and no tolerance rule on divisive language.
SponsoredWhy data clean rooms are a start, but not enough
Clean rooms are intended to be a “safe space” for brands to collaborate with walled gardens, but the greater opportunity for all brands is bringing together all of their data to create a single source of truth that they own and can continually enrich.
Reducing cookie reliance, The Telegraph rolls out ways to share data directly with advertisers
The Telegraph is the latest to work with Infosum on sharing its first-party data directly with advertisers to ways of matching audience without cookies.
‘They don’t have a people-centric way:’ Facebook ad boycott is reigniting its dysfunctional relationship with advertisers
Advertisers have been complacent and reactive when it comes to Facebook, until a changing society demands them to act otherwise.