In the advertising world, four letters are irksome to anyone who hears them: G-D-P-R. The acronym stands for General Data Protection Regulation, which was instated by the European Union in 2016, upended online advertising across the world by taking aim at targeted marketing. The law required businesses reaching audiences within the EU to ask permission before collecting their data and tracking them. The result is familiar to everyone by now: annoying pop-ups on every site. For publishers and advertisers, GDPR has brought nothing but the headaches of privacy issues and an endless search for the next new ad model.

And GDPR is just the beginning. The landscape of legislation is becoming ever more cluttered with such letters and other insider terms. With 2021 on track to put Big Tech before regulators around the world, now’s the time to get a handle on the terms and acronyms likely to be bandied about. Below, our quick-start guide. Missing anything? Let us know!


Stands for: California Consumer Privacy Act of 2018

What it is: Absent a federal law regarding data privacy akin to the EU’s GDPR, California enacted its own measure, CCPA, which extends the focus of GDPR to include a consumer’s right to delete their personal data and requires businesses to increase transparency about their privacy practices.


Stands for: Computer Fraud and Abuse Act

What it is: The CFAA was passed way back in 1986 to focus on cybersecurity, but has largely been applied to violating corporate policies or disputes around the definition of “authorized” access to a device. The law is newly relevant with a current case before the Supreme Court aimed at clarifying the boundaries of “intentionality” and access authorization.


Stands for: Competition and Markets Authority

What it is: Established in 2013 by the UK government to monitor and investigate potentially unfair business practices. The CMA recently opened an investigation into Google for planned privacy changes to its Chrome browser.


Stands for: Children’s Online Privacy Protection Act

What it is: COPPA, enacted in 1998, was developed to protect the privacy of children under 13 by limiting the collection and use of their data, and giving parents control over what information can be collected.

Digital Services Act

What it is: A new proposal from the EU meant to standardize safety rules around online businesses, covering data privacy, behavioral advertising, e-commerce fraud, and illegal content like hate speech. 

Digital Markets Act

What it is: A companion piece to the Digital Services Act aimed at curbing anti-competitive behavior by market-leading platforms. 


Stands for: Digital Millennium Copyright Act

What it is: This law, passed in 1996, governs the use of intellectual property on the internet. This means the way music, images, written works and the like are distributed, published and altered.


Stands for: European Data Protection Board

What it is: Established to enforce the rules of the GDPR and creates and communicates new standards and parameters, such as new data breach reporting guidelines.


Stands for: Allow States and Victims to Fight Online Sex Trafficking Act of 2017 & Stop Enabling Sex Traffickers Act of 2017

What it is: While Section 230 removed publishers’ liability for content on their site, FOSTA and SESTA were enacted to allow for prosecution of a site that knowingly allowed or promoted sex trafficking.


Stands for: General Data Protection Regulation

What it is: A law passed in the EU in 2016 to regulate the use of personal data. It requires companies doing business in the EU to adhere to strict rules around the way personal data is collected, stored and used.


Stands for: InterPlanetary File System 

What it is: Largely a term for the nerdiest of internet nerds, IPFS plays a role in data privacy as it chunks and distributes data across computers and networks (peer-to-peer, à la the bygone Napster), putting companies at risk for violating data laws when they can’t be sure where data is stored. 


Stands for: Lei Geral de Proteção de Dados

What it is: Brazil’s version of GDPR, governing data privacy, including how personal data is shared with third parties. 


Stands for: Protection of Personal Information Act

What it is: South Africa’s own version of GDPR, focused specifically on internet business and activity within the country’s borders.

Section 230

Short for: Section 230 of the Communications Decency Act of 1996

What it is: Almost a household name, particularly among the tech set, Section 230 has sustained the internet industry by relieving online businesses of their liability for content generated on their platforms. Such liability would have required more content moderation as well as a means for dealing with potentially crippling lawsuits over free speech.