Privacy & Information Security Law Blog

On October 13, 2022, the Interactive Advertising Bureau (“IAB”) released for public comment an updated version of its contractual framework and new U.S. State Signals (“Signals”) specifications to help the digital advertising industry comply with the comprehensive state privacy laws of California, Virginia, Colorado, Utah and Connecticut.

The proposed contractual framework, IAB Privacy’s Multi-State Privacy Agreement (“MSPA”), updates the IAB’s Limited Service Provider Agreement first released in 2020 for compliance with the California Consumer Privacy Act of 2018 (“CCPA”). The MSPA aims to assist publishers, advertisers, agencies and ad tech intermediaries with compliance under state laws effective in 2023, including the CCPA as amended by the California Privacy Rights Act of 2020, Virginia’s Consumer Data Protection Act, the Colorado Privacy Act, the Utah Consumer Privacy Act and the Connecticut Data Privacy Act.

In particular, the MSPA enables digital ad ecosystem participants to manage consumers’ personal information, including assigning contractual obligations based on, for example, a consumer’s residency and applicable law; an entity’s election to either engage service providers (including processors) or provide a mechanism to opt out of sale, sharing, or targeted advertising; and associated obligations related to applicable consumer rights. The MSPA also provides an option to apply a “highest common denominator” approach whereby protections are applied to a consumer’s personal information as if the consumer were a resident of all states with applicable privacy laws.

The IAB designed the MSPA to work in combination with the Signals specifications that aim to manage the transmission of the five states’ privacy, consent and consumer choice signals from sites and apps to ad tech providers. The Signals are part of the IAB’s Global Privacy Platform and will supersede the IAB’s U.S. Privacy Framework used to date with respect to signals from California under the CCPA. Both the MSPA and the Signals are available for public comment until October 27, 2022.