Getting new clients is an important part of growing any business and targeted advertising is a great way to get your name out there. However, with five new privacy laws going into effect in the United States in 2023, you should be aware of the increasing regulations surrounding targeted advertising. In fact, residents of certain states will not have the right to opt out of receiving targeted ads. If an individual does opt out, you will not be able to send them targeted ads in the future, which could impact your advertising and sales goals. In this article, we will discuss what targeted advertising is, which new privacy laws regulate it, and what you can do to ensure compliance and avoid fines.
Table of Contents
What is targeted advertising?
To determine whether your advertising efforts will be impacted by these new privacy laws, you must first determine whether you engage in targeted advertising. Targeted advertising is defined as “displaying advertisements to a consumer where the advertisement is selected based on personal data obtained from that consumer’s activities over time and across nonaffiliated websites or online applications to predict such consumer’s preferences or interests.” For example, if you run ads on Facebook to individuals who are 20-30 years old and who joined a motorcycle enthusiast group, that would be considered targeted advertising. Other examples include LinkedIn or Twitter ads or remarketing. If you engage in such targeted advertising, you should be aware that multiple new privacy laws regulate this activity.
How does VCDPA regulate targeted advertising?
- During a calendar year, control or process the personal data of at least 100,000 residents of Virginia; or
- Control or process the personal data of at least 25,000 residents of Virginia and derive 50% or more of their gross revenue from the sale of personal data.
How does CPRA regulate targeted ads?
The California Privacy Rights Act (CPRA) replaces and builds upon the California Consumer Privacy Act (CCPA) and went into effect on January 1st, 2023. The CPRA applies to businesses that collect the personal information of residents of California and do business in California and that meet one of the following factors:
- Have annual gross revenue of more than $25,000,000;
- Derive 50% or more of its annual revenue from selling or sharing the personal information of California consumers; or
- Annually buy, sell or share the personal information of 100,000 or more California consumers or households.
The CPRA allows consumers from California to opt out of the use of their personal information for the purpose of targeted advertising. For the CPRA, this opt out is usually done through a link titled “Do not sell/do not share my personal information.”
How does UCPA regulate targeted ads?
The Utah Consumer Privacy Act (UCPA) is a privacy law that goes into effect on December 31, 2023 that also regulates targeted advertising. UCPA applies to persons that do business in Utah or that produce a product or service that is targeted to consumers who are located in Utah and that meet the following:
- Has annual revenue of $25,000,000 or more; and
- Meets one of the following criteria:
- During a calendar year, controls or processes the personal data of 100,000 or more Utah residents; or
- Derives 50% or more of its annual gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more Utah consumers.
How does the Colorado Privacy Act regulate targeted advertising?
The Colorado Privacy Act is a privacy law that will go into effect on July 1, 2023, and will provide residents of Colorado with the right to opt out of targeted advertising. The Colorado Privacy Act applies to persons who do business in Colorado or that produce or deliver commercial products or services that are intentionally targeted towards residents of Colorado and satisfy one or more of the following criteria:
- Control or process the personal data of 100,000 or more Colorado consumers during a calendar year; or
- Derive revenue or receive a discount from the sale of personal data and collect or process the personal information of 25,000 or more Colorado consumers.
How does Connecticut SB6 regulate targeted ads?
Connecticut SB6 is a privacy law that goes into effect on July 1, 2023 and applies to persons that do business in Connecticut or that provide goods or services that are targeted towards residents of Connecticut and that during the previous year:
- Controlled or processed the personal data of 100,000 or more Connecticut residents; or
- Controlled or processed the personal data of 25,000 or more residents of Connecticut and derived 25% or more of their gross revenue from the sale of personal data.
How does Iowa SF262 regulate targeted advertising?
Iowa SF262 is the newest privacy law to be passed and it will go into effect on January 1, 2026, regulating any person conducting business in Iowa or producing products or services that are targeted to residents of Iowa and that meet one of the following:
- Controls or processed the personal data of 100,000 or more Iowa residents per year; or
- Controls or processes the personal data of 25,000 or more Iowa residents and derives more than 50% of gross revenue from the sale of personal data per year.
Targeted advertising checklist
If you currently engage in targeted advertising and plan on continuing on doing so, the following checklist may help you determine how you need to adjust your operations to comply with the above privacy laws:
- Determine whether the above privacy laws apply to you and whether your advertising matches the description of “targeted advertising” provided above;
Implement the Termageddon/Usercentrics cookie consent banner so users can easily opt out of targeted ads through the consent banner on your website.