California's new privacy law "threatens the free flow of information and impacts U.S. consumers and businesses," the Association of National Advertisers says in comments submitted this week to the Federal Trade Commission.
"The threats to the U.S.-based Internet economy and consumers’ access to digital-based information and services are real and present," the ANA adds.
The group's filing comes in response to the FTC's call for input about a wide range of issues related to technology and business.
The advertisers group is urging the FTC to conduct a "rigorous analysis" on the impact of California's new law as well as the EU's General Data Protection Regulation.
"We anticipate that the Commission will find that laws like the GDPR and CCPA will limit competition, overburden consumers with opt-in notices and make an efficient and effective digital economy harder to maintain," the ANA writes. "The Commission should share its findings with legislatures and policymakers considering GDPR or CCPA-like legislation. Such research will be critical to the formulation of well-informed policy decisions and enforcement priorities."
The GDPR, which took effect in May, prohibits companies from processing consumers' data without their explicit consent. California's new privacy law, passed in late June, allows consumers to learn what personal information about them is held by businesses, and to opt out of the sale of that information.
Privacy advocates generally support California's new law, though some have said the measure should be strengthened.
California's new statute won't take effect until January of 2020, and can still be amended this month through a process aimed at fixing "technical" errors. The ANA and other business organizations -- including the Chamber of Commerce, Internet Association and Motion Picture Association of America -- recently urged California lawmakers to make a host of revisions through that "technical corrections" procedure.
Among other changes, the groups want lawmakers to narrow the definition of "personal information." The current definition includes cookies, IP addresses and web=browsing history -- which appears to cover data used for ad targeting. The ad industry has long opposed that definition, arguing that data like cookies, or IP addresses, isn't "personally identifiable" because it's not necessarily attached to consumers' names.
The ANA is also telling the FTC that California's definition of "personal information" is too sweeping. The law's definition "goes far beyond definitions in current law to cover virtually any data that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device, or household including non-personally identifiable information like pixel and cookie IDs," the ANA writes.
"The effect of the broad and sweeping nature of the data covered by the access, opt-out, and deletion rights will only be fully realized over time, as non-sensitive data used for legitimate business functions that support the digital economy, including targeted advertising, is haphazardly deleted or blocked from being shared," the organization adds. "The law will impose major costs on the public at large without providing true protection for consumers’ privacy interests."
The ANA also argues in its comments that the law "creates a false sense of concern in the public about the use of largely innocuous marketing data."
The organization says policymakers should take a "sectoral" approach to privacy -- meaning that there should be different standards for sensitive data like health and financial information than for other types of information.
"A one-size-fits-all privacy model is not designed to recognize shifting consumer expectations and developments in technology, and will therefore stifle business practices that consumers’ value and expect, and block new entrants to the marketplace and limit competition," the group writes.
Bring it on ANA. Your members marketing and data practices need to be exposed. Programmatic, cross device, geotracking, etc. Ask your board if they really want to be associated as non brand safe companies.