For publishers and advertisers, GDPR was just the beginning. More consumer data protection legislation is in the pipeline including a U.S. version of GDPR dubbed the CONSENT Act, which is short for “Customer Online Notification for Stopping Edge-Provider Network Transgressions.”
Although the CONSENT Act hasn’t passed yet (and there’s no definitive timeline for when it will), it doesn’t hurt to keep an eye on it. Here’s what you need to know so your business can prepare now.
What Is the CONSENT Act
The CONSENT Act offers an additional layer of consumer data protection similar to GDPR. But while GDPR goes really deep into the rules for how companies can control consumer data, the CONSENT Act stays at a more surface level.
This surface level simply requires explicit consent from the consumer before a company can use, share, or sell information about that individual. In addition, any time there’s a change to a consumer’s data (e.g. a data breach), the individual needs to be notified. The Act further safeguards consumers by blocking publishers from requiring users to give consent just to visit a site or use an app.
Who It Affects
The Federal Trade Commission (FTC) will be the one to enforce the law and decide the types of personally identifiable information that require consent to be used, shared, or sold. Unlike GDPR which includes ISPs, the CONSENT Act won’t. Instead, it affects Edge Providers, which includes online service companies like Google.
Here, publishers, brands, advertisers, and platforms will need to get a user’s explicit consent before using or selling the user’s personal data. For instance, advertisers will only be able to target ads to consumers who gave them explicit permission to collect their info.
However, not everything requires consent. There is a loophole for certain pieces of personally identifiable info like names and emails. Here, advertisers could use the loophole to target ads to consumers simply by matching the names and email addresses of customers.
How You Can Prepare
Don’t wait until the last minute to update your terms and conditions, or to implement new policy changes. Start creating benchmarks now so you’ll be prepared. Here’s why. Let’s say the CONSENT Act doesn’t pass, well, hot on its heels is the Social Media Privacy and Consumers Rights Act of 2018. Like the other acts, the focus is on consumers having the right to control their personal data by opting out of having their data collected and tracked.
For social media users, in particular, this bill aims to make sure terms of service are written in Plain English. (Ahem, Facebook.) The bill will also require social platforms to show users what information has been collected about them.
Clearly, we’re in an era of consumer data protection. There will always be new legislation proposed and changes likely implemented. It’s time to get in the mindset of always being prepared, and there’s no better time to start than now.