In the advertising world, four letters are irksome to anyone who hears them: G-D-P-R. The acronym stands for General Data Protection Regulation, which was instated by the European Union in 2016, upended online advertising across the world by taking aim at targeted marketing. The law required businesses reaching audiences within the EU to ask permission before collecting their data and tracking them. The result is familiar to everyone by now: annoying pop-ups on every site. For publishers and advertisers, GDPR has brought nothing but the headaches of privacy issues and an endless search for the next new ad model.
And GDPR is just the beginning. The landscape of legislation is becoming ever more cluttered with such letters and other insider terms. With 2021 on track to put Big Tech before regulators around the world, now’s the time to get a handle on the terms and acronyms likely to be bandied about. Below, our quick-start guide. Missing anything? Let us know! firstname.lastname@example.org
Stands for: California Consumer Privacy Act of 2018
What it is: Absent a federal law regarding data privacy akin to the EU’s GDPR, California enacted its own measure, CCPA, which extends the focus of GDPR to include a consumer’s right to delete their personal data and requires businesses to increase transparency about their privacy practices.
Stands for: Computer Fraud and Abuse Act
What it is: The CFAA was passed way back in 1986 to focus on cybersecurity, but has largely been applied to violating corporate policies or disputes around the definition of “authorized” access to a device. The law is newly relevant with a current case before the Supreme Court aimed at clarifying the boundaries of “intentionality” and access authorization.
Stands for: Competition and Markets Authority
What it is: Established in 2013 by the UK government to monitor and investigate potentially unfair business practices. The CMA recently opened an investigation into Google for planned privacy changes to its Chrome browser.
Stands for: Children’s Online Privacy Protection Act
What it is: COPPA, enacted in 1998, was developed to protect the privacy of children under 13 by limiting the collection and use of their data, and giving parents control over what information can be collected.
What it is: A new proposal from the EU meant to standardize safety rules around online businesses, covering data privacy, behavioral advertising, e-commerce fraud, and illegal content like hate speech.
What it is: A companion piece to the Digital Services Act aimed at curbing anti-competitive behavior by market-leading platforms.
Stands for: Digital Millennium Copyright Act
What it is: This law, passed in 1996, governs the use of intellectual property on the internet. This means the way music, images, written works and the like are distributed, published and altered.
Stands for: European Data Protection Board
What it is: Established to enforce the rules of the GDPR and creates and communicates new standards and parameters, such as new data breach reporting guidelines.
FOSTA & SESTA
What it is: While Section 230 removed publishers’ liability for content on their site, FOSTA and SESTA were enacted to allow for prosecution of a site that knowingly allowed or promoted sex trafficking.
Stands for: General Data Protection Regulation
What it is: A law passed in the EU in 2016 to regulate the use of personal data. It requires companies doing business in the EU to adhere to strict rules around the way personal data is collected, stored and used.
Stands for: InterPlanetary File System
What it is: Largely a term for the nerdiest of internet nerds, IPFS plays a role in data privacy as it chunks and distributes data across computers and networks (peer-to-peer, à la the bygone Napster), putting companies at risk for violating data laws when they can’t be sure where data is stored.
Stands for: Lei Geral de Proteção de Dados
What it is: Brazil’s version of GDPR, governing data privacy, including how personal data is shared with third parties.
Stands for: Protection of Personal Information Act
What it is: South Africa’s own version of GDPR, focused specifically on internet business and activity within the country’s borders.
What it is: Almost a household name, particularly among the tech set, Section 230 has sustained the internet industry by relieving online businesses of their liability for content generated on their platforms. Such liability would have required more content moderation as well as a means for dealing with potentially crippling lawsuits over free speech.