There was an unexpected error authorizing you. Please try again.
arrow-downarrow-leftarrow-rightarrow-upbiocircleclosedownloadfacebookgplus instagram linkedinmailmenuphoneplaysearchsharespinnertwitteryoutube

IAB Urges Congress to Pass Federal Privacy Legislation to Protect Consumers & Avoid Patchwork of State Laws

IAB CEO Randall Rothenberg & IAB EVP Dave Grimaldi to Deliver Bicameral Pitch for Standards to Prohibit Harmful Data Practices, Encourage Compliance Programs

New York, NY (February 26, 2019) — Randall Rothenberg, CEO of IAB, the national trade association for the digital media and marketing industries, will tell a U.S. Senate Committee on Wednesday that the organization strongly supports federal regulation to assure consumers’ privacy and security are protected in interactive media, marketing, and commercial environments.

Over two consecutive days of testimony before the House and Senate, Rothenberg and IAB Executive Vice President for Public Policy Dave Grimaldi will both urge Congress to pass legislation to create a federal regulatory framework around privacy that will protect consumers and avoid the risk of a patchwork of conflicting and damaging state laws. Rothenberg will take part in a hearing before the Senate Committee on Commerce, Science, and Transportation on Wednesday, following Tuesday testimony by Grimaldi before the House Energy and Commerce Committee’s Subcommittee on Consumer Protection and Commerce.

Excerpts from both sets of prepared testimony follow.

On the digital ad industry’s commitment to federal legislation (Rothenberg):

“IAB, our members, and our sister trade associations stand ready to work with Congress to help craft a legislative and regulatory regime that protects consumers, while avoiding the unintended consequences that can result from ill-considered regulatory regimes, notably the erection of barriers to market entry, the erosion of competition, and reinforced advantage for the largest incumbents.”

“Nor should we ignore the fact that something needs to be done by the Federal Government. As I appear before you today, the digital marketing and media ecosystem is at a crossroads. Recent events such as the Facebook-Cambridge Analytica scandal have placed a spotlight on companies’ need to responsibly, safely, and transparently manage and use consumers’ data, and make consumer privacy and security the foundational requirement for doing business in the modern economy. In response to those events, California, Washington, and other states are advancing new requirements and restrictions on businesses. These laws are well meaning and I support their intended goals. Nevertheless, elements of these proposals are reactive and risk stifling what should be understood as a uniquely American technological advantage. As a result, due to the emergence of conflicting state law regimes, consumer privacy has quickly become an area that needs federal leadership and engagement.”

On the collaborative model Congress should follow (Rothenberg):

“We believe we can work together as partners in this effort with you to advance consumer privacy. Our model is the partnership between government and industry that created the modern concept of automotive safety in the 1960s. Yes, the partnership began as a shotgun wedding. Yes, the auto industry resisted at first. But an undeniable consumer right—to be safe on the highways—met well-researched solutions, which Congress embedded in well-crafted laws that were supported by the states. The result has been millions of lives and billions of dollars saved. We believe the analogy holds well here. Americans have a right to be secure on the information superhighway. Well-researched solutions and well-crafted laws can assure their “digital wellness.” We should be thorough, practical, and collaborative. Our goal should be to find the three or five or ten practices and mechanisms – the seat belts and air bags of the Internet era – that companies can implement and consumers can easily adopt that will reinforce privacy, security, and trust.”

On Europe’s GDPR and California’s CCPA (Grimaldi):

“We caution Congress not to rely on the frameworks set forth in Europe’s General Data Privacy Regulation (“GDPR”) or California’s Consumer Privacy Act (“CCPA”) as examples of the ways in which a national privacy standard should function.  These frameworks are not new approaches, only more restrictive versions of the existing privacy paradigm.  While well-intentioned, their rigid frameworks impose significant burdens on consumers, such as rampant over-notification leading to consent fatigue in consumers and creating an indifference to important notices regarding their privacy.  At the same time, these regimes fail to stop many practices that are truly harmful to consumers.  These laws also display a misguided antagonism toward online advertising and fail to recognize the various ways in which digital advertising subsidizes the rich online content and services that consumers want.”

“Far from being a desirable model, the GDPR shows how overly restrictive frameworks can be harmful to competition and consumers alike.  Less than a year into the GDPR’s applicability, the negative effects of its approach have already become clear.  Following the GDPR’s enforcement date, the volume of programmatic advertising in Europe dropped between 25 and 40 percent across exchanges.  The GDPR has also directly led to consumers losing access to online resources, with more than 1,000 U.S.-based publishers blocking European consumers from access to online material in part because of the inability to profitably run advertising.  At least one major U.S. newspaper is charging European subscribers an additional $30 to access its online content because of an inability to run effective and profitable advertising in that market.”

On a “new paradigm” for privacy legislation (Grimaldi):

“The time is right for the creation of a new paradigm for data privacy in the United States.  IAB, working with Congress, and based on our members’ successful experience creating privacy programs that consumers understand and use, can achieve a new federal approach that, instead of bombarding consumers with notices and choices, comprehensively describes clear, workable, and consistent standards that consumers, businesses, and law enforcers can rely upon.  Without a consistent federal privacy standard, a patchwork of state privacy laws will create consumer confusion, present substantial challenges for businesses trying to comply with these laws, and fail to meet consumers’ expectations about their digital privacy.  We ask Congress to standardize privacy protections across the country by passing legislation that provides important protections for consumers while allowing digital innovation to continue apace.”

On the specific elements needed in federal legislation (Rothenberg):

“Consumers want to know their privacy is protected, but they cannot spend hours every day finding and reading privacy notices. Our goal should not be to place more burdens on consumers, but to make their privacy protections reflexive, if not automatic. To start, we are asking Congress to develop clear rules about what data practices should be prohibited and what data practices should be permitted. Just as when rules for food, pharmaceuticals, and automobile safety were developed, consumers should be able to look to Congress to create reasonable, responsible, and sensible rules of the road to protect their privacy.

“To achieve this goal, IAB asks for Congress’ support in developing a new paradigm that would follow these basic principles: First, in contrast to many existing privacy regimes, a new law should impose clear prohibitions on a range of harmful and unreasonable data collection and use practices specifically identified in the law. Second, it should distinguish between data practices that pose a threat to consumers and those that do not, rather than taking a broad-brush approach to all data collection and use. Third, it should incentivize strong and enforceable compliance programs, and thus universalize compliance, by creating a rigorous “safe harbor” process in the law. And finally, it should reduce consumer and business confusion by preempting the growing patchwork of state privacy laws.”

To read Rothenberg or Grimaldi’s complete testimony, please go to

About IAB

The Interactive Advertising Bureau (IAB) empowers the media and marketing industries to thrive in the digital economy. Its membership is comprised of more than 650 leading media and technology companies that are responsible for selling, delivering, and optimizing digital advertising or marketing campaigns. The trade group fields critical research on interactive advertising, while also educating brands, agencies, and the wider business community on the importance of digital marketing. In affiliation with the IAB Tech Lab, it develops technical standards and best practices. IAB and the IAB Education Foundation are committed to professional development and elevating the knowledge, skills, expertise, and diversity of the workforce across the industry. Through the work of its public policy office in Washington, D.C., IAB advocates for its members and promotes the value of the interactive advertising industry to legislators and policymakers. Founded in 1996, the IAB is headquartered in New York City and has a San Francisco office.

IAB Media Contact: 
Laura Goldberg
[email protected]