PRIVACY BEAT: Local Media Consortium creates roadmap for news outlets to become compliant with CCPA and GDPR

Privacy Beat

Your weekly privacy news update.

Local Media Consortium creates roadmap for news outlets to become compliant with CCPA and GDPR

News organizations coordinating privacy-friendly data policies for their readers, users and viewers is one way forward for sustaining trustworthy journalism, says a privacy researcher and expert who has consulted to both the Information Trust Exchange Governing Association (ITEGA — this blog’s sponsor) and the news industry.

“Privacy and a robust press naturally compliment each other,” writes Michelle de Mooy in a blog post hosted by the National Cyber Security Alliance. “Both are essential to functioning democracies and both offer tools necessary for an engaged and informed citizenry…surveillance capitalism has eroded both of these ideals.

De Mooy says privacy laws such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPA) have turned digital advertising on its head. Many of the data practices involved in programmatic advertising, for example, are almost certainly untenable under the laws, she says.

As a result, she says, the Local Media Consortium (LMC), an association of 90 local media companies representing over 3,500 newspaper, broadcast and online-only U.S. and Canadian news outlets, last year created for its members a comprehensive roadmap for complying with the CCPA and GDPR. The roadmap offers a step-by-step guide to understanding and implementing the laws from a large and small market perspective and offers resources for building solid data governance programs on differing budgets. 

She writes the LMC has been leading a multi-stakeholder group of publishers, advertisers, privacy advocates, academics and others to rebuild revenue and trust in the news industry by embedding concepts like privacy, transparency and accountability into technology systems that will attract both users and advertisers.

“When users agree to share their data, advertisers will have access to a quality pool of real people in a brand safe environment,” de Mooy writes, adding: “This approach rebuilds trust and returns the value of content to its creators, allowing publishers to focus on delivering quality reporting to their communities.”

Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Startup and consumer data company race into cookie void — what they propose and one view of what might result

A Bulgaria-based startup company touting blockchain technology, and a mature consumer-data warehouser became the latest outfit to try and occupy the void in ad-tech that will be created when browsers stop supporting the use of third-party tracking cookies.

AdEx, the Bulgarian startup, displayed a timeline on its website showing a three-year effort, backed by the then-equivalent of $12 million raised in a crypto-currency sale, to create a technology for  storing user data on the user’s machine and then tapping it to target advertising in a method similar to that employed by the Brave browser.

Journalist Laurie Sullivan, writing at MediaPost, described AdEx’s tech as seeking a “direct connection between advertisers and publishers without targeting third-party intermediaries — uses tracking cookies, but the information remains on the device browsing the internet, rather than the ad network copying the information and loading it on its servers.” Sullivan continues in her report that “the technology matches the visitor with relevant ads by their preferences and the context of the content they interact with on the publisher’s site. The anonymized information about these preferences is stored in the user’s local storage on their device.

Meanwhile, the respected data-warehousing firm LiveRamp, the successor to what used to be called Acxiom, is pushing on something it calls its “Authenticated Traffic Solution” (ATS), an effort described by’s James Hercher as working by asking users for their email addresses and then creating more chances to match online users based on email. Publishers using ATS ask readers to submit their email for free access to content.” Then LiveRamp can create cross-site email-keyed identities for ad targeting without cookies, Hercher writes.  LiveRamp argues the request to provide an email address constitutes “consent” under GDPR and CCPA rules.

In a web post, privacy and open-source blogger (and ITEGA advisor) Don Marti speculates that the machinations of ad-tech companies and others means a bifurcated web in which a user may consent to being “tracked” within a trusted advertising network, while relying on web browsers to block “creepy” advertising everywhere else.



Behind the initiative to create “CCPA 2.0”: A deeply reported account of back-room negotiations by Alastair Mactaggert

The website has a long, deeply reported and revealing account on the outcome of closed-door negotiations still underway between California’s premier web privacy advocate and Big Tech.  It comes as Alastair Mactaggert, a real-estate developer who led the fight that produced the California Consumer Privacy Act (CCPA) now seeks to gather signatures for a second ballot initiative that could make CCPA even tougher — or not?

Mactaggart now has until the end of April to collect 623,000 signatures and get “CCPA 2.0” — the California Consumer Privacy Rights Act — on the November ballot, writes Issue Lapowsky, a senior reporter with and former writer for Inc. magazine. She writes that Mactaggert says polling shows the initiative will pass handily.

“The last time Alastair Mactaggart tried to write the rules on internet privacy in California, tech giants like Facebook, Google and Microsoft mostly ignored him and then tried to crush him — spending millions of dollars in a fight that ultimately led to the passage of the CCPA,” Lapowsky writes, adding: “No one’s ignoring him now.”

She quotes Mactaggert as saying he has deliberately talked to dozens of stakeholders — including Big Tech — since December.  The result, she writes is “a juggling act of promises kept, concessions made, power flexed and deals struck.” She continues: “Interviews with more than 20 people involved in that process reveal how at least half a dozen provisions within the new initiative — from the limits on sensitive personal information to the treatment of employee data — trace directly back to Mactaggart’s private negotiations.”

Some key issues negotiated, she writes:

  • The definition of “consent.” Mactaggert says it won’t change from CCPA. 
  • What constitutes a legitimate reason to target ads to individuals based on sensitive personal information 
  • What is meant by “publicly available information” and how to insulate it from constitutional challenge 
  • Whether to acquiesce to Experian’s lobbying for a consumer-credit agency exemption
  • Whether to clarify if CCPA should permit loyalty-program data collection 
  • Creation of a new California Privacy Protection Agency 
  • How to make CCPA “cleaner” and a model for possible federal law

“It’s just a power play,” Ross says. She notes that Hertzberg, who is in his last term in the senate, has already set up a campaign committee for the 2022 state controller race. That campaign has received funding from corporate giants including Facebook and Experian.











Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


“Lately a lot of thought, work and advocacy has been going into valuing personal data as a fungible commodity: one that can be made scarce, bought, sold, traded and so on.  While there are good reasons to challenge whether or not data can be property (see Jefferson and  Renieris), I want to focus on a different problem: the one best to solve first: the need for personal agency in the online world.”

– Excerpt from a June 23, 2018 post by Doc Searls on the Project VRM blog at Harvard’s Berkman-Klein Center.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp