PRIVACY BEAT: Advertising industry seeks enforcement delay in CCPA; Verizon Media tells users they’ll need to opt-out of 300+ ad partners

Privacy Beat

Your weekly privacy news update.

Advertising industry seeks enforcement delay in CCPA; saying time before June 1 makes compliance “nearly untenable”

The leadership of the U.S. advertising industry has appealed for a six-month enforcement delay for the California Consumer Privacy Act (CCPA), saying advertisers and ad-tech companies need time to get ready to follow the law once Attorney General Xavier Becerra publishes final regulations.

“The limited and quickly shrinking time before the existing enforcement deadline, however, will place business in a nearly untenable position,” the letter says. (see “Quote of the Week,” below)

Their appeal “to avoid consumer and business confusion” came this week in a letter to Becerra from the Association of National Advertisers (ANA), the American Association of Advertising Agencies (4A’s), the American Advertising Federation (AAF), the Interactive Advertising Bureau (IAB), and the Network Advertising Initiative. Without final published regulations, the groups said they are uncertain about how to comply.

But Becerra’s regulators have already warned that companies covered by the law “should be prepared to adhere to the law now.” The problem from ad-tech’s perspective is a set of disputes over how to interpret “sale” and “private information” in the law, and how privacy-preferences are expressed, among other things, the same groups said in Dec. 6 comments to Becerra.’s Megan Graham, writing about the latest delay-request letter, said the ANA and 4A’s earlier released a statement asking Google to commit to not imposing the moratorium on third-party cookies until “effective and meaningful alternatives are available.”

The letter to Becerra was signed by Dave Grimaldi, IAB executive vice-president for public policy; Dan Jaffe, ANA group executive vice-president of government relations; Alison Pepper, the 4A’s senior vice-president; Christopher Oswald, ANA senior vice-president of government relations; David LeDuc, NAI vice-president of public policy; and Clark Rector, AAF executive vice-president of government affairs.

Last month, the U.S. Chamber of Commerce also sought a delay in enforcement, according to a MediaPost account. That group said enforcement shouldn’t begin until 2022,



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

Try opting out of data usage at Verizon-Yahoo under CCPA — you’ll be told to go to 300+ individual third-party trackers to do so 

Over the past month since CCPA went into effect, Big Tech has been pulling back the curtain by releasing new options for users to view and control their personal data.

On January 28th, International Data Privacy Day, Facebook offered a data privacy checkup at the top of users’ newsfeeds. Graphic and user-friendly, the pop-up offered links for updating four different categories of settings. What was not user-friendly was navigating to some of their more revealing data controls that were recently released, such as the ability to view (and delete) off-site website activity, companies that have uploaded lists with your email address, and in depth interest data the company has inferred about you.

A visit to a Yahoo News article now produces a pop-up to control privacy settings. No problem opting out of Yahoo or other Verizon Media properties, but their new privacy dashboard says you may have to opt-out individually to all of the ad partners. This list includes 325+ third-party ad partners.

Amazon’s updated privacy notice is hard to find and even harder to navigate how you actually control your data. Given the breadth of individual Google products, it takes extensive digging after entering their data & privacy dashboard, accessing each product individually, to see the data each tool has collected about you.

Watch future editions of Privacy Beat as we continue to test companies’ evolving privacy controls.




Ad-industry conundrum: How to serve appropriate advertising without any cross-site identity — email hash?

In a pair of reports over the last week, the ad-tech watching online news service DigiDay’s reporters suggest the “death” of third-party cookies is forcing advertisers and publishers to look at new ways to manage user identity, threading the tricky challenge of being able to support effective targeting advertising without identify individuals or their personal attributes.

Lucinda Southern, in her Jan. 22 report:  “How publishers are planning for the end of the third-party cookie,” says one effort underway is figuring how how to collect information about user attributes by studying the “context” of web pages they view, then putting that information into a database with other similar cohorts.  For such a service to work, Southern quotes insiders as saying, the Interactive Advertising Bureau (IAB) and others would have to decide on a standard taxonomy for defining the cohorts.

A key challenge then becomes, how to share the cohort attributes among websites — with end-user permission — without the technical means for doing so being blocked by browser makers, including Google, Mozilla, Apple and Microsoft, writes DigiDay’s Seb Joseph in “With third-party cookies on the way out, shared IDs face an existential crisis.” Joseph’s account assumes that the sharing would require third-party cookies. But he notes that the IAB is in meetings to seek alternative technologies.

“Other alternatives to shared IDs do not rely on cookies,” Joseph writes. “Companies like BritePool and Net ID are developing solutions that use encrypted email addresses from a publisher instead of a cookie to identify users; the encrypted email is then used by ad tech vendors to identify user across sites.”

The lack of a cross-site identifier will make it hard to cap the number of times a user sees the same advertising campaign, (“frequency capping”), or attribute compensation for ad views to multiple parties, wrote Southern in a third piece, “Beyond ad targeting, the demise of the third-party cookie will hit key digital media functions.”








Study: Readers encounter more diverse views using aggregation platforms rather than finding sites themselves

News consumers who find stories a-la-carte on the web from their favorite web sites tend read sources with similar political or policy bias at a greater rate than those who find news via social networks or curated aggregation sites, according to a respected research organization, the Reuters Institute for the Study of Journalism (RISJ) at Oxford University.

The research is at odds with the theory that social networks are a primary reason for political polarization. Rather, says Reuters senior research fellow Richard Fletcher, it simple means they are a factor, and perhaps not the major factor.

“People who rely mainly on self-selection tend to have fairly imbalanced news diets,” Fletcher wrote in remarks delivered at a Jan. 22 forum, “The Truth Behind Filter Bubbles: Bursting Some Myths” and accompanying slide deck.

Most people, particularly those who use social networks, are not terribly interested in the news, Fletcher says, and the more people use direct access to news sites, the less “diverse” their news diet. The group that uses social media “uses more and different online news sources.”

Data Fletcher used for his observations was collected with a team of people at the Reuters Institute from the Digital News Report, an annual survey of news use in 38 different markets across five continents, mostly in Europe. Around 75,000 people responded to the survey. The polling was done by YouGov,


Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


“We and our members strongly support the underlying goals of the CCPA…Business attempts to comply with an incomplete legal regime risks causing significant consumer frustration and the implementation of inadequate or duplicative compliance tools…While our members support California’s intent to provide consumers enhanced privacy protections, the evolving nature of the CCPA and the draft nature of the proposed rules makes the current enforcement date of July 1, 2020 a difficult deadline for businesses and consumers alike. Consumer privacy is best served when businesses that leverage data do so in accordance with clear and concrete laws and regulations that present them with adequate time to adjust their practices to come into compliance with the new requirements.”

– Excerpt from a Jan. 29 letter to California Atty. Gen. Xavier Becerra from the heads of five U.S. advertising-industry trade groups, seeking a six-month delay in enforcement of the CCPA.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp