California Consumer Privacy Act

Response to the CCPA Act - May 2019

  • Response from US advertising and marketing trade associations to the California Consumer Privacy Act. To view the response, please click here. To view the presentation, please click here.
  • On May 16, 2019, IAB US, from their Washington, DC office, hosted a webinar on the California Consumer Privacy Act. To view the presentation, please click here.

General Data Protection Regulation (GDPR)

IAB Canada Marketer's Guide, a primer for GDPR

What is the GDPR? Does the GDPR apply to my business? What are my next steps?

Download the PDF here: GDPR_IAB_Marketer Council

GDPR Territorial Scope Guidelines (Draft) - How Canadian Business are Affected - November 2018

On November 16th, 2018 The European Data Protection Board (EDPB) released draft Guidelines 3/2018 on the territorial scope of the GDPR

The document is out for public consultation and commentary until January 18, 2019. Canadian-based companies have had many questions concerning subjectivity to the GDPR. Even though a Canadian entity does not have a physical presence in the EU, the GDPR is extended to controllers and processors not established in the Union but that either:

  • offer goods or services to EU data subjects or
  • monitor their behavior which takes place in the EU

IAB Canada will be reviewing the guidelines carefully and provide our Policy & Regulatory Affairs Committee with a platform to provide commentary ahead of the January deadline.

GDPR Update: 13 key Compliance Steps - February 2018

The Reach of the EU GDRP in Canada On May 25, 2018, the General Data Protection Regulation (GDPR) will impact companies in Europe and around the world. The penalties for violating are potentially severe – Fines of €20 million or 4% of your annual worldwide revenue (whichever is higher). Your digital media or advertising businesses in Canada will be directly impacted by the GDPR if your company processes personal data of EU residents where the processing relates to:

  • offering goods or services to individuals in the EU; or
  • monitoring the behaviour of individuals in the EU on the internet, which may include tracking for behavioural advertising purposes.

The GDPR sets out a holistic set of rules governing the collection, creation, use, disclosure, storage and other processing of “personal data”, a concept defined broadly as “information about an identified or identifiable natural person”.  GDPR’s rules are prescriptive, and need to be operationalized across your company’s systems and processes. Considerable time and organizational effort is required to comply with this statute.

Please click here to download the following checklist of 13 key steps for your company GDRP compliance efforts.

IAB Global Privacy Project

IAB Global Privacy Project

IAB Global Privacy Project visualAs the digital advertising industry prepares for a cookieless reality and increasingly complex privacy legislation, the need for a technology-neutral method for delivering meaningful consent has become an absolute necessity. In response, local IABs, the IAB Tech Lab and their collective stakeholders have banded together to create the Global Privacy Project – a one of a kind, proven privacy framework that ensures consumers are able to make choices online that are technically executed while providing the supply chain with an accountability stream which includes a record of consent status in compliance with cross-jurisdictional laws. This global approach to responsible, privacy-protected media transactions was first-born in Europe (in response to the GDPR) and is quickly growing to serve additional markets including Canada. Hundreds of Consent Management Platforms are now able to now leverage this framework to provide content publishers with the peace of mind that their consent activity is being managed in a globally standardized way eliminating risk for industry all while enhancing privacy protection for consumers. IAB has developed invaluable resources and a proven successful, open-sourced global compliance framework to address the rapid emergence of privacy regulations across multiple jurisdictions specifically designed for the digital media supply chain. The body of work serves to inform the international digital advertising sector of the specific cross-jurisdictional technical requirements as well as a highly flexible framework that enables compliant interoperability of global data transfers in the context of advertising.

This Project Consists of Two Key Components:

1. The Cross Jurisdictional Privacy Project (CJPP)

The CJPP compendium provides an overview of the privacy laws of 11 countries – Australia, Brazil, Canada, China, India, Israel, Japan, Mexico, Nigeria, Singapore, and South Korea – and their impact on digital advertising. The CJPP Legal specifications, a product of over 150 lawyers working together from across the world, maps out legal inputs necessary for a global privacy string to address the challenge of demonstrating compliance with various jurisdictions’ disparate notice and choice requirements.

IAB Global Privacy Project visual

2. The Global Privacy Platform

This global technical working group made up of international stakeholders and local IAB policy teams works to streamline the legal inputs and technical privacy standards from the CJPP into a singular schema and set of tools which can adapt to regulatory and commercial market demands across channels. This work builds on the foundations and experience coming from the CJPP initiative and regional IABs and will continually expand to cover new markets and channels. Current initiatives include adapting IAB Europe’s GDPR compliant Transparency and Consent Framework (TCF) to aid in compliance in the Canadian market in accordance with the IAB Canada TCF policies and Canadian privacy law.