{"id":6897,"date":"2025-10-03T13:58:06","date_gmt":"2025-10-03T13:58:06","guid":{"rendered":"https:\/\/lite16.com\/blog\/?p=6897"},"modified":"2025-10-03T13:58:06","modified_gmt":"2025-10-03T13:58:06","slug":"the-impact-of-new-data-privacy-laws-e-g-eus-dsa-on-global-ad-targeting","status":"publish","type":"post","link":"https:\/\/lite16.com\/blog\/2025\/10\/03\/the-impact-of-new-data-privacy-laws-e-g-eus-dsa-on-global-ad-targeting\/","title":{"rendered":"The Impact of New Data Privacy Laws (e.g., EU&#8217;s DSA) on Global Ad Targeting"},"content":{"rendered":"<h1 data-start=\"231\" data-end=\"307\"><strong data-start=\"231\" data-end=\"307\">Introduction<\/strong><\/h1>\n<p data-start=\"309\" data-end=\"940\">In recent years, the landscape of online advertising has been undergoing one of its most significant transformations. Driven by growing public concern over privacy, misuse of personal data, and the opaque mechanisms of ad targeting, governments around the world have introduced or strengthened regulations to protect the rights of individuals. Among the most prominent of these is the European Union\u2019s Digital Services Act (DSA), working alongside established frameworks like the General Data Protection Regulation (GDPR). These laws are reshaping what is permissible in ad targeting\u2014and the ripple effects are being felt globally.<\/p>\n<p data-start=\"947\" data-end=\"976\"><strong data-start=\"947\" data-end=\"976\">What the New Laws Require<\/strong><\/p>\n<p data-start=\"978\" data-end=\"1139\">The DSA builds on GDPR and other EU data protection norms by imposing more specific obligations on platforms and advertisers. Some of its key provisions include:<\/p>\n<ul data-start=\"1141\" data-end=\"2141\">\n<li data-start=\"1141\" data-end=\"1457\">\n<p data-start=\"1143\" data-end=\"1457\"><strong data-start=\"1143\" data-end=\"1225\">Prohibition of targeting based on sensitive personal data \/ special categories<\/strong>: The DSA forbids using \u201cspecial categories\u201d of personal data for profiling in ad targeting. These include data on race, political opinions, religious beliefs, sexual orientation, health, etc. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/kinesso.co.uk\/insights\/kinesso-pov-eus-digital-services-act-marks-increased-privacy-regulations-for-online-platforms-and-ad-land\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">EU DisinfoLab<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">KINESSO UK &amp; IE<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Digital Strategy<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"1458\" data-end=\"1684\">\n<p data-start=\"1460\" data-end=\"1684\"><strong data-start=\"1460\" data-end=\"1496\">Restrictions on targeting minors<\/strong>: Targeting minors based on profiling is disallowed; platforms must ensure extra protection for children and adolescents in terms of online adverts. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/kinesso.co.uk\/insights\/kinesso-pov-eus-digital-services-act-marks-increased-privacy-regulations-for-online-platforms-and-ad-land\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">KINESSO UK &amp; IE<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">European Parliament<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"1685\" data-end=\"1964\">\n<p data-start=\"1687\" data-end=\"1964\"><strong data-start=\"1687\" data-end=\"1715\">Transparency obligations<\/strong>: Platforms must provide clear information about why a user sees a given ad, who paid for it, how targeting works, and maintain ad\u2011repositories (for example, what campaigns are running, how they are targeted). <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/dsa-impact-platforms?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Digital Strategy<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">KINESSO UK &amp; IE<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"1965\" data-end=\"2141\">\n<p data-start=\"1967\" data-end=\"2141\"><strong data-start=\"1967\" data-end=\"1983\">User control<\/strong>: More tools and clearer choice for users over personalization and targeting; consent must be meaningful and informed. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/eaca.eu\/advocacy\/targeted-advertising\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">EACA<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">KINESSO UK &amp; IE<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2148\" data-end=\"2180\"><strong data-start=\"2148\" data-end=\"2180\">Immediate and Direct Impacts<\/strong><\/p>\n<p data-start=\"2182\" data-end=\"2276\">These regulatory changes are having direct consequences for platforms, advertisers, and users:<\/p>\n<ul data-start=\"2278\" data-end=\"3275\">\n<li data-start=\"2278\" data-end=\"2637\">\n<p data-start=\"2280\" data-end=\"2637\"><strong data-start=\"2280\" data-end=\"2317\">Changes in targeting capabilities<\/strong>: Advertising platforms must remove certain targeting options. For example, LinkedIn has discontinued the ability for advertisers to target users in the European Economic Area (EEA) using LinkedIn Group membership, because such group membership can reveal sensitive personal data. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/edri.org\/our-work\/privacy-win-linkedin-limits-ad-targeting-after-edri-complaint\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Global Witness<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">European Digital Rights (EDRi)<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">PPC Land<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"2638\" data-end=\"2976\">\n<p data-start=\"2640\" data-end=\"2976\"><strong data-start=\"2640\" data-end=\"2679\">Reduced use of sensitive categories<\/strong>: Where previously advertisers could leverage interests, behaviors, or group membership that implicitly or explicitly tied to sensitive attributes, those options are now restricted or outlawed. This requires resetting or rethinking many campaign strategies. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/kinesso.co.uk\/insights\/kinesso-pov-eus-digital-services-act-marks-increased-privacy-regulations-for-online-platforms-and-ad-land\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">KINESSO UK &amp; IE<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Dentons<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"2977\" data-end=\"3275\">\n<p data-start=\"2979\" data-end=\"3275\"><strong data-start=\"2979\" data-end=\"3035\">Greater compliance costs and operational adjustments<\/strong>: Platforms need to audit their ad tools, alter user interfaces (e.g. consent flows), build or maintain repositories of ads, enhance transparency features, and possibly face sanctions if noncompliant. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/dsa-impact-platforms?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Digital Strategy<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Dentons<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3282\" data-end=\"3312\"><strong data-start=\"3282\" data-end=\"3312\">Broader and Global Effects<\/strong><\/p>\n<p data-start=\"3314\" data-end=\"3578\">Although these laws are European, the impact goes well beyond EU borders. In many cases, companies operating globally find it simpler to apply EU\u2011type restrictions across all markets rather than maintain different rules per jurisdiction. Some consequences include:<\/p>\n<ul data-start=\"3580\" data-end=\"4991\">\n<li data-start=\"3580\" data-end=\"3889\">\n<p data-start=\"3582\" data-end=\"3889\"><strong data-start=\"3582\" data-end=\"3631\">Standardization of privacy\u2011aware ad practices<\/strong>: What began as compliance in the EU is becoming a reference or benchmark in other regions. Advertisers outside Europe are watching, legally and reputationally, how their peers adjust, and may adopt similar practices to avoid cross\u2011border risk or backlash.<\/p>\n<\/li>\n<li data-start=\"3891\" data-end=\"4237\">\n<p data-start=\"3893\" data-end=\"4237\"><strong data-start=\"3893\" data-end=\"3932\">Shifts in data collection and usage<\/strong>: With stricter limits on profiling based on sensitive data, there is greater emphasis on non\u2011sensitive data, first\u2011party data (data directly collected from users), contextual advertising (ads aligned with content context rather than user profile), and probabilistic rather than deterministic targeting.<\/p>\n<\/li>\n<li data-start=\"4239\" data-end=\"4540\">\n<p data-start=\"4241\" data-end=\"4540\"><strong data-start=\"4241\" data-end=\"4290\">Innovation in privacy\u2011preserving technologies<\/strong>: To stay effective, ad tech is investing in tools that minimize or avoid personal data exposure\u2014techniques such as anonymization or pseudonymization, privacy\u2011preserving measurement, differential privacy, on\u2011device targeting, or federated learning.<\/p>\n<\/li>\n<li data-start=\"4542\" data-end=\"4991\">\n<p data-start=\"4544\" data-end=\"4991\"><strong data-start=\"4544\" data-end=\"4594\">Revised cross\u2011border compliance and legal risk<\/strong>: Companies must navigate a patchwork of laws\u2014GDPR, DSA, and others (e.g. in California, India, Brazil). Violations can lead to substantial fines, reputational losses, and broader regulatory scrutiny. For example, under the DSA some of the biggest platforms are classified as Very Large Online Platforms (VLOPs), which comes with more stringent obligations. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/dsa-impact-platforms?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Digital Strategy<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Dentons<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"4998\" data-end=\"5027\"><strong data-start=\"4998\" data-end=\"5027\">Trials and Trade\u2011offs<\/strong><\/p>\n<p data-start=\"5029\" data-end=\"5163\">While many view the new rules as necessary to protect individual rights and societal values, there are also trade\u2011offs and challenges:<\/p>\n<ul data-start=\"5165\" data-end=\"6015\">\n<li data-start=\"5165\" data-end=\"5394\">\n<p data-start=\"5167\" data-end=\"5394\"><strong data-start=\"5167\" data-end=\"5206\">Reduced precision vs. effectiveness<\/strong>: Restricting profiling and removing sensitive data may reduce how precisely ads can target specific audiences, potentially increasing costs for advertisers or reducing ad effectiveness.<\/p>\n<\/li>\n<li data-start=\"5396\" data-end=\"5608\">\n<p data-start=\"5398\" data-end=\"5608\"><strong data-start=\"5398\" data-end=\"5445\">Increased complexity and compliance burdens<\/strong>: Especially for smaller players, integrating the legal and operational changes (consent screens, transparency, audits) can be expensive and technically complex.<\/p>\n<\/li>\n<li data-start=\"5610\" data-end=\"5812\">\n<p data-start=\"5612\" data-end=\"5812\"><strong data-start=\"5612\" data-end=\"5648\">Potential for uneven enforcement<\/strong>: Laws on the books do not always translate to enforcement. Differences in regulatory capacity, priorities, and legal interpretations can lead to uneven outcomes.<\/p>\n<\/li>\n<li data-start=\"5814\" data-end=\"6015\">\n<p data-start=\"5816\" data-end=\"6015\"><strong data-start=\"5816\" data-end=\"5848\">Risk of regulatory arbitrage<\/strong>: Some companies might try to base operations in jurisdictions with less stringent laws or shift targeting across borders, risking legal conflicts or ethical issues.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"6022\" data-end=\"6033\"><strong data-start=\"6022\" data-end=\"6033\">Outlook<\/strong><\/p>\n<p data-start=\"6035\" data-end=\"6461\">As data privacy laws like the DSA come fully into force, the global ad\u2011tech ecosystem is likely to continue evolving rapidly. Advertisers and platforms who adapt proactively\u2014prioritizing user trust, privacy, and compliance\u2014may gain competitive advantage. Meanwhile, regulators in other jurisdictions are likely to introduce similar or variant protections, pushing toward a more privacy\u2011centric model of ad targeting worldwide.<\/p>\n<p data-start=\"6463\" data-end=\"6729\">In sum, the rise of robust privacy regulation represents a paradigm shift for global ad targeting: one that aligns legal obligations, ethical norms, and user expectations. Those who can navigate these shifts well stand to lead in the next era of digital advertising.<\/p>\n<h2><strong>Definitions &amp; Key Concepts\u00a0<\/strong><\/h2>\n<h3><strong>What is Data Privacy?\u00a0<\/strong><\/h3>\n<p><strong>Data privacy<\/strong>, also known as information privacy, refers to the proper handling, processing, storage, and use of personal information. At its core, data privacy centers on individuals&#8217; rights to control their personal data\u2014information that can identify them directly or indirectly\u2014such as names, addresses, email addresses, phone numbers, IP addresses, and even behavioral data.<\/p>\n<p>The principle behind data privacy is simple: individuals should have control over who collects their data, how it is used, and whom it is shared with. With the exponential growth of digital technologies, vast amounts of data are collected through websites, apps, social media, and connected devices, often without explicit consent. This makes data privacy a fundamental concern in today&#8217;s digital landscape.<\/p>\n<p>Data privacy laws and regulations aim to safeguard individuals from misuse or unauthorized access to their data. Some of the most influential frameworks include the <strong>General Data Protection Regulation (GDPR)<\/strong> in the European Union and the <strong>California Consumer Privacy Act (CCPA)<\/strong> in the United States. These regulations establish rules for data collection, user consent, data storage, data access, and the right to be forgotten.<\/p>\n<p>Data privacy is not just a legal concern but also an ethical one. Companies are expected to handle user data transparently and securely. Poor data privacy practices can lead to <strong>data breaches<\/strong>, <strong>identity theft<\/strong>, <strong>financial fraud<\/strong>, and <strong>loss of trust<\/strong> in digital services.<\/p>\n<p>As data becomes increasingly valuable, protecting privacy is more complex yet more important than ever. Data privacy intersects with many other areas like cybersecurity, data governance, and digital rights, reflecting its central role in the responsible use of digital technologies.<\/p>\n<h3><strong>What is Ad Targeting \/ Behavioral Advertising \/ Profiling?\u00a0<\/strong><\/h3>\n<p><strong>Ad targeting<\/strong>, <strong>behavioral advertising<\/strong>, and <strong>profiling<\/strong> refer to data-driven practices used by advertisers and platforms to serve personalized ads to users based on their behaviors, interests, and characteristics.<\/p>\n<p><strong>Ad targeting<\/strong> is the broader process of identifying and reaching specific user segments with tailored advertisements. Instead of showing the same ad to everyone, companies use data to reach audiences who are most likely to be interested in a product or service. This is done using demographics (age, gender, location), interests, browsing behavior, or even purchase history.<\/p>\n<p><strong>Behavioral advertising<\/strong> is a more specific form of ad targeting that relies on tracking users\u2019 online activities over time. By analyzing which websites someone visits, what they search for, and how they interact with content, companies can build a detailed profile of that user\u2019s interests. These insights help advertisers deliver more relevant ads, which can increase click-through rates and conversions.<\/p>\n<p><strong>Profiling<\/strong> involves collecting and analyzing personal data to assess or predict aspects of an individual\u2019s behavior, preferences, or lifestyle. This is often automated and can include creating &#8220;personas&#8221; or assigning users to segments, such as &#8220;young professional tech enthusiasts&#8221; or &#8220;budget-conscious parents.&#8221; Profiling plays a major role not only in advertising but also in areas like credit scoring, insurance, and risk management.<\/p>\n<p>While these practices can improve user experience by making ads more relevant, they also raise <strong>privacy concerns<\/strong>. Users are often unaware of the extent of data collection and how their behavior is being monitored. Some platforms collect data even when users are not actively interacting with them, such as through third-party cookies or embedded scripts across websites.<\/p>\n<p>Critics argue that these techniques can lead to <strong>data exploitation<\/strong>, <strong>manipulation<\/strong>, and <strong>loss of autonomy<\/strong>, especially when sensitive attributes like race, religion, or health status are inferred. There\u2019s also concern about \u201cfilter bubbles,\u201d where users are only shown information that reinforces their existing views, affecting broader societal issues like democracy and public discourse.<\/p>\n<p>Regulations such as the GDPR require that users give <strong>informed consent<\/strong> before data is collected for profiling or behavioral advertising. However, implementation varies widely, and many companies still operate in legally or ethically gray areas.<\/p>\n<h3><strong>Relevant Technical Terms\u00a0<\/strong><\/h3>\n<p>To fully understand data privacy and ad targeting, it&#8217;s important to grasp several <strong>key technical terms<\/strong>:<\/p>\n<h4><strong>Tracking<\/strong><\/h4>\n<p>Tracking refers to the methods used to monitor and record users&#8217; activities across websites, apps, and devices. It can occur through various means\u2014cookies, device fingerprinting, or pixels\u2014and is the backbone of behavioral advertising. Trackers collect data on page visits, clicks, dwell time, scrolling behavior, and more, often invisibly.<\/p>\n<p>Tracking can be <strong>first-party<\/strong> (by the website you\u2019re visiting) or <strong>third-party<\/strong> (by external entities embedded in the site). Third-party tracking is more controversial due to its cross-site surveillance nature.<\/p>\n<h4><strong>Cookies<\/strong><\/h4>\n<p><strong>Cookies<\/strong> are small text files stored on a user\u2019s device by a website. They are used for a range of purposes\u2014such as keeping users logged in, remembering preferences, and tracking behavior.<\/p>\n<p>There are two main types:<\/p>\n<ul>\n<li><strong>Session cookies<\/strong>: Temporary and deleted after the session ends.<\/li>\n<li><strong>Persistent cookies<\/strong>: Remain on the device and can be used for tracking over time.<\/li>\n<\/ul>\n<p><strong>Third-party cookies<\/strong> (set by a different domain than the one visited) are commonly used for advertising and tracking. Due to privacy concerns, browsers like Safari and Firefox have restricted their use, and Google Chrome is phasing them out.<\/p>\n<h4><strong>Fingerprinting<\/strong><\/h4>\n<p><strong>Fingerprinting<\/strong> is a technique that identifies users based on unique characteristics of their device or browser. This includes screen resolution, operating system, installed fonts, time zone, and more. Unlike cookies, which can be deleted, fingerprinting is <strong>harder to detect or block<\/strong>.<\/p>\n<p>It allows trackers to recognize and follow users across the web without their consent. Due to its covert nature, fingerprinting is often seen as invasive and contrary to privacy-by-design principles.<\/p>\n<h4><strong>Consent<\/strong><\/h4>\n<p>In the context of data privacy, <strong>consent<\/strong> refers to a user&#8217;s <strong>freely given, informed, and unambiguous agreement<\/strong> to allow the collection and processing of their personal data.<\/p>\n<p>Under regulations like GDPR, consent must be:<\/p>\n<ul>\n<li><strong>Explicit<\/strong> (no pre-ticked boxes)<\/li>\n<li><strong>Granular<\/strong> (users can choose specific types of data processing)<\/li>\n<li><strong>Revocable<\/strong> (users can withdraw consent at any time)<\/li>\n<\/ul>\n<p>Many websites now use <strong>cookie consent banners<\/strong>, but critics argue that these often employ <strong>dark patterns<\/strong>\u2014design choices that trick users into agreeing without full understanding.<\/p>\n<h4><strong>Personal Data<\/strong><\/h4>\n<p><strong>Personal data<\/strong> (or <strong>personally identifiable information \u2013 PII<\/strong>) is any information that can identify an individual. This includes:<\/p>\n<ul>\n<li>Direct identifiers: Name, email, ID number<\/li>\n<li>Indirect identifiers: IP address, location data, behavior patterns<\/li>\n<\/ul>\n<p>Under GDPR, even <strong>pseudonymized data<\/strong> (data that has been separated from direct identifiers but can still be re-linked) is considered personal data.<\/p>\n<p>Personal data is at the core of most privacy debates because it is used extensively in profiling, behavioral advertising, and digital surveillance. Protecting it is essential to maintaining user autonomy, safety, and trust.<\/p>\n<h2><strong>History of Data Privacy Regulation\u00a0<\/strong><\/h2>\n<h3><strong>1. Early Privacy Laws (Pre-Internet &amp; Early Internet Era)\u00a0<\/strong><\/h3>\n<p>The concept of <strong>data privacy<\/strong> predates the internet, emerging alongside the development of bureaucratic states, mass communication technologies, and early computing systems. The foundation of modern privacy laws is deeply rooted in concerns about surveillance, personal autonomy, and the misuse of personal information by both governments and corporations.<\/p>\n<p>One of the earliest legal articulations of a right to privacy came in <strong>1890<\/strong>, when American lawyers <strong>Samuel Warren and Louis Brandeis<\/strong> published their seminal article, <em>\u201cThe Right to Privacy\u201d<\/em>, in the <em>Harvard Law Review<\/em>. They argued for the individual&#8217;s &#8220;right to be let alone,&#8221; primarily in response to invasive journalism and new photographic technology.<\/p>\n<p>As computing advanced in the mid-20th century, so too did concerns about centralized databases and automation. In the <strong>1970s<\/strong>, several countries began enacting laws to regulate how personal data was collected and used, particularly in government databases.<\/p>\n<p>Key early developments include:<\/p>\n<ul>\n<li><strong>United States (1974)<\/strong>: The <strong>Privacy Act of 1974<\/strong> was passed in response to growing fears over the use of government computer databases. It established rules for federal agencies regarding the collection, maintenance, and dissemination of personal data, and granted individuals the right to access and correct information held about them.<\/li>\n<li><strong>Germany (1970)<\/strong>: The German state of Hesse introduced the <strong>first data protection law<\/strong> in the world. It regulated how public authorities handled personal data, setting a precedent for future legislation in Europe.<\/li>\n<li><strong>OECD Guidelines (1980)<\/strong>: The <strong>Organization for Economic Cooperation and Development<\/strong> published guidelines for the protection of privacy and transborder data flows. These principles\u2014such as purpose limitation, data quality, and user participation\u2014would later influence international privacy frameworks.<\/li>\n<\/ul>\n<p>As the internet began to develop in the late 1980s and early 1990s, there was little in the way of comprehensive regulation. Early online services, such as AOL and CompuServe, collected user data with few constraints. Privacy policies were either non-existent or extremely vague. However, the seeds of regulation had been planted, and the rapid growth of the internet would soon force governments to take stronger action.<\/p>\n<h3><strong>2. Rise of Digital Advertising &amp; Early Regulatory Responses\u00a0<\/strong><\/h3>\n<p>The rise of the internet in the 1990s transformed how information was accessed, shared, and monetized. With the explosion of websites, search engines, and online commerce came a new economic model: <strong>digital advertising<\/strong>, fueled by the collection and analysis of personal data.<\/p>\n<p>Companies like <strong>DoubleClick<\/strong> (founded in 1996) pioneered the use of <strong>cookies<\/strong> to track users across websites, allowing advertisers to target individuals with increasing precision. This marked the beginning of <strong>behavioral advertising<\/strong>, where data about users\u2019 online habits was used to predict and influence their purchasing decisions. These practices raised early concerns about <strong>user consent, transparency, and profiling<\/strong>.<\/p>\n<p>The regulatory response during this period was cautious, often lagging behind technological developments. Still, some significant initiatives emerged:<\/p>\n<ul>\n<li><strong>Children\u2019s Online Privacy Protection Act (COPPA) \u2013 1998 (USA)<\/strong>: One of the first U.S. laws to address online data collection. It prohibits websites from collecting personal data from children under 13 without verifiable parental consent.<\/li>\n<li><strong>EU Data Protection Directive (Directive 95\/46\/EC) \u2013 1995<\/strong>: A landmark in European privacy regulation, the Directive established basic principles for data protection across EU member states. It introduced the concept of <strong>\u201cpersonal data\u201d<\/strong> and emphasized the need for <strong>lawful processing, purpose limitation,<\/strong> and <strong>data subject rights<\/strong>. While it required transposition into national laws, it set the groundwork for a more harmonized European approach.<\/li>\n<li><strong>Privacy Policies<\/strong>: By the late 1990s and early 2000s, companies began to publish privacy policies as a means of self-regulation. However, these documents were often opaque, overly legalistic, and failed to offer meaningful choice to users.<\/li>\n<li><strong>FTC Interventions (USA)<\/strong>: The U.S. Federal Trade Commission began investigating companies for deceptive data practices. Although the U.S. lacked a comprehensive privacy law, the FTC used its authority to regulate \u201cunfair and deceptive practices\u201d to hold companies accountable.<\/li>\n<\/ul>\n<p>Despite these efforts, the growth of <strong>ad tech<\/strong>, <strong>social media<\/strong>, and <strong>data brokers<\/strong> continued largely unchecked. Vast amounts of data were being collected, shared, and sold without user knowledge or control. These trends would ultimately spark a regulatory backlash in the following decade, culminating in some of the most significant privacy laws ever enacted.<\/p>\n<h3><strong>3. Key Turning Points (e.g., EU Data Protection Directive, GDPR)\u00a0<\/strong><\/h3>\n<p>As the internet matured and the <strong>data economy<\/strong> expanded, public concern over privacy intensified. High-profile <strong>data breaches<\/strong>, the increasing sophistication of tracking technologies, and revelations of <strong>mass government surveillance<\/strong> (e.g., Edward Snowden&#8217;s 2013 disclosures) created growing demand for stronger protections. These pressures led to several pivotal moments in the history of data privacy regulation.<\/p>\n<h4><strong>EU General Data Protection Regulation (GDPR) \u2013 2016 (Enforced in 2018)<\/strong><\/h4>\n<p>The <strong>GDPR<\/strong> is the most influential and comprehensive privacy regulation to date. It replaced the EU Data Protection Directive (1995) with a directly applicable regulation that harmonized data protection laws across all EU member states.<\/p>\n<p>Key features of GDPR include:<\/p>\n<ul>\n<li><strong>Expanded definition of personal data<\/strong>: Includes IP addresses, location data, and behavioral information.<\/li>\n<li><strong>Stronger consent requirements<\/strong>: Must be specific, informed, freely given, and revocable.<\/li>\n<li><strong>Data subject rights<\/strong>: Including the <strong>right to access<\/strong>, <strong>right to erasure (right to be forgotten)<\/strong>, and <strong>right to data portability<\/strong>.<\/li>\n<li><strong>Accountability<\/strong>: Organizations must demonstrate compliance through documentation and risk assessments.<\/li>\n<li><strong>Data Protection Officers (DPOs)<\/strong>: Required for certain organizations.<\/li>\n<li><strong>Severe penalties<\/strong>: Fines of up to 4% of global annual revenue or \u20ac20 million, whichever is higher.<\/li>\n<\/ul>\n<p>GDPR also introduced the concept of <strong>\u201cprivacy by design and by default\u201d<\/strong>, requiring that data protection be embedded into technologies from the outset.<\/p>\n<h4><strong>Other Key Turning Points<\/strong><\/h4>\n<ul>\n<li><strong>California Consumer Privacy Act (CCPA) \u2013 2018<\/strong>: The first broad consumer privacy law in the United States. It gives California residents the right to know what data is collected about them, to request deletion, and to opt out of data sales. It was later expanded by the <strong>California Privacy Rights Act (CPRA)<\/strong> in 2020.<\/li>\n<li><strong>Schrems I and II Cases<\/strong>: Legal challenges by privacy activist <strong>Max Schrems<\/strong> led the European Court of Justice to invalidate two major EU-U.S. data transfer agreements\u2014<strong>Safe Harbor (2015)<\/strong> and <strong>Privacy Shield (2020)<\/strong>\u2014due to inadequate protection from U.S. surveillance practices. These rulings reshaped how international data flows are handled.<\/li>\n<li><strong>Brazil\u2019s LGPD (Lei Geral de Prote\u00e7\u00e3o de Dados) \u2013 2020<\/strong>: Inspired by GDPR, Brazil\u2019s privacy law extended data protection rights to millions of users in Latin America.<\/li>\n<li><strong>Apple\u2019s App Tracking Transparency (2021)<\/strong>: A major shift in platform-level privacy, requiring iOS apps to obtain explicit user permission before tracking. This move disrupted the digital advertising industry and elevated public awareness about tracking.<\/li>\n<\/ul>\n<h2 data-start=\"177\" data-end=\"252\"><strong data-start=\"180\" data-end=\"252\">Evolution Toward New Laws: From GDPR to DSA and Others\u00a0<\/strong><\/h2>\n<h3 data-start=\"259\" data-end=\"342\"><strong data-start=\"263\" data-end=\"342\">1. GDPR\u2019s Role &amp; Limitations in Ad Targeting Regulation\u00a0<\/strong><\/h3>\n<p data-start=\"344\" data-end=\"626\">The <strong data-start=\"348\" data-end=\"393\">General Data Protection Regulation (GDPR)<\/strong>, enforced in 2018, marked a watershed moment in global data privacy. It redefined how organizations across the European Union\u2014and globally\u2014handle personal data, including that used in <strong data-start=\"578\" data-end=\"594\">ad targeting<\/strong> and <strong data-start=\"599\" data-end=\"625\">behavioral advertising<\/strong>.<\/p>\n<p data-start=\"628\" data-end=\"971\">GDPR set strict rules on the <strong data-start=\"657\" data-end=\"713\">collection, processing, and sharing of personal data<\/strong>, and established key principles such as <strong data-start=\"754\" data-end=\"825\">lawfulness, transparency, purpose limitation, and data minimization<\/strong>. It gave individuals strong rights over their data, including the right to <strong data-start=\"901\" data-end=\"911\">access<\/strong>, <strong data-start=\"913\" data-end=\"924\">rectify<\/strong>, <strong data-start=\"926\" data-end=\"935\">erase<\/strong>, and <strong data-start=\"941\" data-end=\"951\">object<\/strong> to data processing.<\/p>\n<p data-start=\"973\" data-end=\"1285\">In the context of ad targeting, GDPR made <strong data-start=\"1015\" data-end=\"1035\">explicit consent<\/strong> a requirement when using personal data for profiling or personalized ads. Consent must be freely given, specific, informed, and unambiguous. Pre-ticked boxes, vague privacy policies, or bundling consent with other terms are not permitted under GDPR.<\/p>\n<p data-start=\"1287\" data-end=\"1501\">Additionally, GDPR requires companies to <strong data-start=\"1328\" data-end=\"1358\">document their legal basis<\/strong> for data processing and conduct <strong data-start=\"1391\" data-end=\"1437\">Data Protection Impact Assessments (DPIAs)<\/strong> for high-risk activities\u2014like large-scale behavioral profiling.<\/p>\n<h4 data-start=\"1503\" data-end=\"1536\"><strong data-start=\"1508\" data-end=\"1536\">GDPR\u2019s Impact on Ad Tech<\/strong><\/h4>\n<p data-start=\"1537\" data-end=\"1930\">The regulation exposed the opaque nature of the <strong data-start=\"1585\" data-end=\"1613\">programmatic advertising<\/strong> ecosystem. Platforms like Google and Facebook, along with thousands of third-party ad tech firms, had been relying on <strong data-start=\"1732\" data-end=\"1759\">real-time bidding (RTB)<\/strong> and broad data sharing across networks. GDPR forced companies to reassess their practices, leading to updated privacy notices, consent banners, and compliance strategies.<\/p>\n<p data-start=\"1932\" data-end=\"2286\">Several complaints and legal challenges followed, especially from privacy advocacy groups like <strong data-start=\"2027\" data-end=\"2035\">NOYB<\/strong> (None of Your Business). For example, the <strong data-start=\"2078\" data-end=\"2135\">IAB Europe\u2019s Transparency and Consent Framework (TCF)<\/strong>\u2014a key industry standard for managing ad consent\u2014was found by regulators to violate GDPR principles, particularly around transparency and user control.<\/p>\n<h4 data-start=\"2288\" data-end=\"2332\"><strong data-start=\"2293\" data-end=\"2332\">Limitations of GDPR in Ad Targeting<\/strong><\/h4>\n<p data-start=\"2333\" data-end=\"2441\">Despite its strong framework, GDPR has faced several <strong data-start=\"2386\" data-end=\"2401\">limitations<\/strong> in effectively regulating ad targeting:<\/p>\n<ul data-start=\"2443\" data-end=\"3155\">\n<li data-start=\"2443\" data-end=\"2635\">\n<p data-start=\"2445\" data-end=\"2635\"><strong data-start=\"2445\" data-end=\"2467\">Enforcement delays<\/strong>: Many cases take years to resolve. Large tech firms often challenge rulings, exploiting legal ambiguities and differences between EU member states&#8217; enforcement bodies.<\/p>\n<\/li>\n<li data-start=\"2636\" data-end=\"2828\">\n<p data-start=\"2638\" data-end=\"2828\"><strong data-start=\"2638\" data-end=\"2655\">Resource gaps<\/strong>: Data Protection Authorities (DPAs) are often underfunded and overwhelmed, limiting their ability to investigate and enforce rules, especially against large multinationals.<\/p>\n<\/li>\n<li data-start=\"2829\" data-end=\"2987\">\n<p data-start=\"2831\" data-end=\"2987\"><strong data-start=\"2831\" data-end=\"2854\">Interpretation gaps<\/strong>: What qualifies as \u201cfreely given consent\u201d can vary in interpretation, leading to inconsistent applications across websites and apps.<\/p>\n<\/li>\n<li data-start=\"2988\" data-end=\"3155\">\n<p data-start=\"2990\" data-end=\"3155\"><strong data-start=\"2990\" data-end=\"3007\">Dark patterns<\/strong>: Despite GDPR\u2019s requirements, many interfaces still use manipulative designs to steer users toward giving consent, undermining genuine user choice.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3157\" data-end=\"3544\">Ultimately, while GDPR laid the legal foundation for regulating behavioral advertising, it became clear that <strong data-start=\"3266\" data-end=\"3285\">sector-specific<\/strong> and <strong data-start=\"3290\" data-end=\"3311\">platform-specific<\/strong> rules were needed to address the unique challenges of today\u2019s digital advertising economy. This realization helped fuel the development of more targeted laws like the <strong data-start=\"3479\" data-end=\"3509\">Digital Services Act (DSA)<\/strong> and <strong data-start=\"3514\" data-end=\"3543\">Digital Markets Act (DMA)<\/strong>.<\/p>\n<h3 data-start=\"3551\" data-end=\"3692\"><strong data-start=\"3555\" data-end=\"3692\">2. Development of More Recent Laws and Proposals (e.g., DSA, DMA, UK\u2019s Online Safety Bill, US State Privacy Laws)\u00a0<\/strong><\/h3>\n<p data-start=\"3694\" data-end=\"4038\">In the years following GDPR, regulators recognized that <strong data-start=\"3750\" data-end=\"3789\">data protection alone is not enough<\/strong> to address the complex and growing influence of online platforms\u2014particularly in areas like advertising, platform accountability, and user safety. This led to the development of <strong data-start=\"3968\" data-end=\"4002\">new, complementary legislation<\/strong> across Europe, the UK, and the U.S.<\/p>\n<h4 data-start=\"4045\" data-end=\"4121\"><strong data-start=\"4050\" data-end=\"4121\">Digital Services Act (DSA) \u2013 EU (Adopted 2022, Fully Enforced 2024)<\/strong><\/h4>\n<p data-start=\"4123\" data-end=\"4342\">The <strong data-start=\"4127\" data-end=\"4151\">Digital Services Act<\/strong> is a major EU regulation aimed at increasing transparency and accountability in how online platforms operate\u2014especially <strong data-start=\"4272\" data-end=\"4311\">Very Large Online Platforms (VLOPs)<\/strong> like Meta, Google, and TikTok.<\/p>\n<p data-start=\"4344\" data-end=\"4387\"><strong data-start=\"4344\" data-end=\"4387\">Key provisions related to ad targeting:<\/strong><\/p>\n<ul data-start=\"4388\" data-end=\"4829\">\n<li data-start=\"4388\" data-end=\"4527\">\n<p data-start=\"4390\" data-end=\"4527\"><strong data-start=\"4390\" data-end=\"4431\">Ban on targeted advertising to minors<\/strong> and use of <strong data-start=\"4443\" data-end=\"4461\">sensitive data<\/strong> (e.g., religion, ethnicity, sexual orientation) for ad targeting.<\/p>\n<\/li>\n<li data-start=\"4528\" data-end=\"4634\">\n<p data-start=\"4530\" data-end=\"4634\">Mandatory <strong data-start=\"4540\" data-end=\"4567\">disclosure of the logic<\/strong> behind ad delivery systems, including criteria used for targeting.<\/p>\n<\/li>\n<li data-start=\"4635\" data-end=\"4747\">\n<p data-start=\"4637\" data-end=\"4747\">Platforms must provide users with <strong data-start=\"4671\" data-end=\"4690\">ad repositories<\/strong> (public databases of ads shown), enhancing auditability.<\/p>\n<\/li>\n<li data-start=\"4748\" data-end=\"4829\">\n<p data-start=\"4750\" data-end=\"4829\">Users must be able to <strong data-start=\"4772\" data-end=\"4809\">opt out of recommendation systems<\/strong> based on profiling.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"4831\" data-end=\"5018\">While GDPR focuses on data protection, the DSA shifts the focus to <strong data-start=\"4898\" data-end=\"4944\">platform responsibility and systemic risks<\/strong>, including the <strong data-start=\"4960\" data-end=\"4992\">social and political impacts<\/strong> of algorithmic targeting.<\/p>\n<h4 data-start=\"5025\" data-end=\"5081\"><strong data-start=\"5030\" data-end=\"5081\">Digital Markets Act (DMA) \u2013 EU (Effective 2023)<\/strong><\/h4>\n<p data-start=\"5083\" data-end=\"5212\">The <strong data-start=\"5087\" data-end=\"5094\">DMA<\/strong> targets the <strong data-start=\"5107\" data-end=\"5142\">market dominance of tech giants<\/strong>, known as \u201cgatekeepers,\u201d by imposing <strong data-start=\"5180\" data-end=\"5211\">antitrust-style obligations<\/strong>.<\/p>\n<p data-start=\"5214\" data-end=\"5246\">Relevant DMA provisions include:<\/p>\n<ul data-start=\"5247\" data-end=\"5535\">\n<li data-start=\"5247\" data-end=\"5303\">\n<p data-start=\"5249\" data-end=\"5303\">Requirement for <strong data-start=\"5265\" data-end=\"5285\">data portability<\/strong> across platforms.<\/p>\n<\/li>\n<li data-start=\"5304\" data-end=\"5427\">\n<p data-start=\"5306\" data-end=\"5427\">Restrictions on <strong data-start=\"5322\" data-end=\"5365\">combining personal data across services<\/strong> (e.g., Facebook and Instagram) without explicit user consent.<\/p>\n<\/li>\n<li data-start=\"5428\" data-end=\"5535\">\n<p data-start=\"5430\" data-end=\"5535\">Limits on <strong data-start=\"5440\" data-end=\"5461\">self-preferencing<\/strong>\u2014gatekeepers cannot prioritize their own ads or products over competitors.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"5537\" data-end=\"5722\">Together, the DSA and DMA form a <strong data-start=\"5570\" data-end=\"5599\">dual regulatory framework<\/strong>: DSA governs societal risks (e.g., misinformation, opaque targeting), while DMA governs economic fairness and competition.<\/p>\n<h4 data-start=\"5729\" data-end=\"5767\"><strong data-start=\"5734\" data-end=\"5767\">UK\u2019s Online Safety Act (2023)<\/strong><\/h4>\n<p data-start=\"5769\" data-end=\"5914\">The UK took a slightly different approach with its <strong data-start=\"5820\" data-end=\"5841\">Online Safety Act<\/strong>, focusing on harmful content, platform accountability, and child safety.<\/p>\n<p data-start=\"5916\" data-end=\"6010\">While not a data protection law per se, it indirectly affects advertising and personalization:<\/p>\n<ul data-start=\"6011\" data-end=\"6347\">\n<li data-start=\"6011\" data-end=\"6160\">\n<p data-start=\"6013\" data-end=\"6160\">Platforms must assess and mitigate risks from <strong data-start=\"6059\" data-end=\"6078\">harmful content<\/strong>, including <strong data-start=\"6090\" data-end=\"6118\">manipulative advertising<\/strong> and <strong data-start=\"6123\" data-end=\"6159\">exploitative targeting of minors<\/strong>.<\/p>\n<\/li>\n<li data-start=\"6161\" data-end=\"6241\">\n<p data-start=\"6163\" data-end=\"6241\">Stronger duty of care obligations on platforms hosting user-generated content.<\/p>\n<\/li>\n<li data-start=\"6242\" data-end=\"6347\">\n<p data-start=\"6244\" data-end=\"6347\">Enforcement is overseen by <strong data-start=\"6271\" data-end=\"6280\">Ofcom<\/strong>, with powers to fine noncompliant platforms and even block access.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"6349\" data-end=\"6490\">The UK also continues to maintain its version of GDPR (<strong data-start=\"6404\" data-end=\"6415\">UK GDPR<\/strong>), with ongoing discussions about reforming it to be more \u201cpro-innovation.\u201d<\/p>\n<h4 data-start=\"6497\" data-end=\"6527\"><strong data-start=\"6502\" data-end=\"6527\">US State Privacy Laws<\/strong><\/h4>\n<p data-start=\"6529\" data-end=\"6662\">The U.S. has no federal privacy law equivalent to the GDPR. Instead, a patchwork of <strong data-start=\"6613\" data-end=\"6633\">state-level laws<\/strong> has emerged in recent years:<\/p>\n<ul data-start=\"6664\" data-end=\"7301\">\n<li data-start=\"6664\" data-end=\"6953\">\n<p data-start=\"6666\" data-end=\"6953\"><strong data-start=\"6666\" data-end=\"6747\">California Consumer Privacy Act (CCPA) \/ California Privacy Rights Act (CPRA)<\/strong>: Gives Californians the right to know, access, delete, and opt out of the sale or sharing of personal data. CPRA created a dedicated enforcement agency, the <strong data-start=\"6905\" data-end=\"6952\">California Privacy Protection Agency (CPPA)<\/strong>.<\/p>\n<\/li>\n<li data-start=\"6954\" data-end=\"7171\">\n<p data-start=\"6956\" data-end=\"7171\"><strong data-start=\"6956\" data-end=\"6976\">Virginia\u2019s VCDPA<\/strong>, <strong data-start=\"6978\" data-end=\"6996\">Colorado\u2019s CPA<\/strong>, <strong data-start=\"6998\" data-end=\"7021\">Connecticut\u2019s CTDPA<\/strong>, and <strong data-start=\"7027\" data-end=\"7042\">Utah\u2019s UCPA<\/strong>: These laws offer similar rights, including data access, correction, deletion, and the right to opt out of targeted advertising.<\/p>\n<\/li>\n<li data-start=\"7172\" data-end=\"7301\">\n<p data-start=\"7174\" data-end=\"7301\">Most laws include definitions of <strong data-start=\"7207\" data-end=\"7233\">\u201ctargeted advertising\u201d<\/strong> and require <strong data-start=\"7246\" data-end=\"7265\">privacy notices<\/strong> and <strong data-start=\"7270\" data-end=\"7300\">data processing agreements<\/strong>.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"7303\" data-end=\"7468\">While not as far-reaching as the GDPR or DSA, these laws represent a growing movement in the U.S. toward <strong data-start=\"7408\" data-end=\"7432\">consumer data rights<\/strong> and <strong data-start=\"7437\" data-end=\"7467\">algorithmic accountability<\/strong>.<\/p>\n<h3 data-start=\"7475\" data-end=\"7564\"><strong data-start=\"7479\" data-end=\"7564\">3. Comparative Evolution Outside the EU (Asia, Latin America)\u00a0<\/strong><\/h3>\n<p data-start=\"7566\" data-end=\"7736\">While the European Union remains a global leader in data protection, other regions are rapidly catching up\u2014shaped by their own political, economic, and cultural contexts.<\/p>\n<h4 data-start=\"7743\" data-end=\"7771\"><strong data-start=\"7748\" data-end=\"7771\">Asia-Pacific Region<\/strong><\/h4>\n<p data-start=\"7773\" data-end=\"7975\"><strong data-start=\"7773\" data-end=\"7781\">Asia<\/strong> presents a diverse privacy landscape, with countries adopting both <strong data-start=\"7849\" data-end=\"7866\">comprehensive<\/strong> and <strong data-start=\"7871\" data-end=\"7883\">sectoral<\/strong> approaches. Several nations have passed or are updating data privacy laws inspired by GDPR.<\/p>\n<ul data-start=\"7977\" data-end=\"9089\">\n<li data-start=\"7977\" data-end=\"8207\">\n<p data-start=\"7979\" data-end=\"8207\"><strong data-start=\"7979\" data-end=\"7988\">Japan<\/strong>: The <strong data-start=\"7994\" data-end=\"8050\">Act on the Protection of Personal Information (APPI)<\/strong> was revised in 2020 to align more closely with GDPR principles. Japan has also achieved <strong data-start=\"8139\" data-end=\"8160\">\u201cadequacy status\u201d<\/strong> with the EU, allowing smoother data transfers.<\/p>\n<\/li>\n<li data-start=\"8208\" data-end=\"8438\">\n<p data-start=\"8210\" data-end=\"8438\"><strong data-start=\"8210\" data-end=\"8225\">South Korea<\/strong>: Known for having one of the <strong data-start=\"8255\" data-end=\"8281\">strictest privacy laws<\/strong> in Asia, the <strong data-start=\"8295\" data-end=\"8341\">Personal Information Protection Act (PIPA)<\/strong> includes provisions for consent, cross-border data transfer restrictions, and data minimization.<\/p>\n<\/li>\n<li data-start=\"8439\" data-end=\"8755\">\n<p data-start=\"8441\" data-end=\"8755\"><strong data-start=\"8441\" data-end=\"8450\">India<\/strong>: After years of debate, India passed the <strong data-start=\"8492\" data-end=\"8539\">Digital Personal Data Protection Act (2023)<\/strong>. It introduces individual rights over personal data, requires consent for processing, and establishes a Data Protection Board for enforcement. However, critics argue the law gives broad exemptions to the government.<\/p>\n<\/li>\n<li data-start=\"8756\" data-end=\"9089\">\n<p data-start=\"8758\" data-end=\"9089\"><strong data-start=\"8758\" data-end=\"8767\">China<\/strong>: In 2021, China enacted the <strong data-start=\"8796\" data-end=\"8842\">Personal Information Protection Law (PIPL)<\/strong>\u2014often described as &#8220;China\u2019s GDPR.&#8221; It imposes obligations on companies for user consent, data minimization, and cross-border data transfer. Combined with China\u2019s <strong data-start=\"9005\" data-end=\"9026\">Data Security Law<\/strong>, the framework reflects a national security-oriented approach.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"9091\" data-end=\"9315\">Despite these advancements, enforcement and regulatory independence vary widely across Asia. Governments often balance privacy with competing priorities like <strong data-start=\"9249\" data-end=\"9268\">economic growth<\/strong>, <strong data-start=\"9270\" data-end=\"9291\">national security<\/strong>, and <strong data-start=\"9297\" data-end=\"9314\">state control<\/strong>.<\/p>\n<h4 data-start=\"9322\" data-end=\"9344\"><strong data-start=\"9327\" data-end=\"9344\">Latin America<\/strong><\/h4>\n<p data-start=\"9346\" data-end=\"9469\">Latin American countries have also made strides in privacy regulation, with several nations adopting GDPR-style frameworks.<\/p>\n<ul data-start=\"9471\" data-end=\"10103\">\n<li data-start=\"9471\" data-end=\"9769\">\n<p data-start=\"9473\" data-end=\"9769\"><strong data-start=\"9473\" data-end=\"9483\">Brazil<\/strong>: The <strong data-start=\"9489\" data-end=\"9530\">Lei Geral de Prote\u00e7\u00e3o de Dados (LGPD)<\/strong>, enforced in 2020, is modeled closely after GDPR. It applies to both public and private entities and establishes rights such as access, correction, and deletion. Brazil\u2019s <strong data-start=\"9702\" data-end=\"9710\">ANPD<\/strong> (National Data Protection Authority) oversees enforcement.<\/p>\n<\/li>\n<li data-start=\"9770\" data-end=\"9913\">\n<p data-start=\"9772\" data-end=\"9913\"><strong data-start=\"9772\" data-end=\"9782\">Mexico<\/strong>: Has a federal law on personal data protection and a dedicated regulator (<strong data-start=\"9857\" data-end=\"9865\">INAI<\/strong>), although its enforcement capacity is limited.<\/p>\n<\/li>\n<li data-start=\"9914\" data-end=\"10103\">\n<p data-start=\"9916\" data-end=\"10103\"><strong data-start=\"9916\" data-end=\"9929\">Argentina<\/strong>: Was one of the first countries in the region to adopt comprehensive data protection laws. A reform process is underway to modernize the law to align more closely with GDPR.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"10105\" data-end=\"10266\">Throughout Latin America, GDPR has served as a <strong data-start=\"10152\" data-end=\"10171\">reference model<\/strong>, although the local implementation of rights, enforcement, and regulatory independence varies.<\/p>\n<h2 data-start=\"10105\" data-end=\"10266\">Key Features of Major New Data Privacy Laws<\/h2>\n<p>Here\u2019s a detailed write\u2011up (~1,500 words) on <strong>Key Features of Major New Data Privacy Laws<\/strong>, structured into the three parts you asked:<\/p>\n<h2>1. EU Digital Services Act (DSA) \u2013 scope, obligations, enforcement<\/h2>\n<p>The <strong>Digital Services Act (DSA)<\/strong> is an EU regulation adopted to address risks arising from online services, especially large platforms, including those related to advertisement, profiling, misinformation, etc. It complements GDPR and other laws focused primarily on data protection; DSA focuses more on platform obligations, transparency, content moderation, and especially the way ads are delivered. Below are its key features as they relate to ad targeting, user protection, obligations on platforms, plus how enforcement works.<\/p>\n<h3>Scope<\/h3>\n<ul>\n<li>The DSA applies to <strong>online intermediary services<\/strong> and <strong>platforms<\/strong> offering digital services in the EU. Among these, special obligations fall on <strong>Very Large Online Platforms (VLOPs)<\/strong> and <strong>Very Large Online Search Engines (VLOSEs)<\/strong>. These platforms are those with more than <strong>45 million users per month<\/strong> in the EU. (<a title=\"The Digital Services Act (DSA)\" href=\"https:\/\/better-internet-for-kids.europa.eu\/en\/bik\/digital-services-act?utm_source=chatgpt.com\">Better Internet for Kids<\/a>)<\/li>\n<li>The law covers ads, recommender systems, targeted advertising, profiling, transparency, etc., whenever these are part of the service provided by an online platform. (<a title=\"EU Digital Services Act: what does it mean for online advertising and adtech? | International Journal of Law and Information Technology | Oxford Academic\" href=\"https:\/\/academic.oup.com\/ijlit\/article\/doi\/10.1093\/ijlit\/eaaf004\/8133991?utm_source=chatgpt.com\">OUP Academic<\/a>)<\/li>\n<\/ul>\n<h3>Obligations and Key Provisions<\/h3>\n<ul>\n<li><strong>Ban on targeted advertising to minors based on profiling<\/strong>: Article 28 of the DSA prohibits targeting ads to minors using profiling. If the platform is reasonably certain that the user is a minor, profiling-based advertising is disallowed. (<a title=\"A safer digital world for children: How the DSA is transforming online safety in the European Union\" href=\"https:\/\/better-internet-for-kids.europa.eu\/en\/news\/safer-digital-world-children-how-dsa-transforming-online-safety-european-union?utm_source=chatgpt.com\">Better Internet for Kids<\/a>)<\/li>\n<li><strong>Ban on targeted ads using sensitive data<\/strong>: Platforms cannot use personal data categories such as race, religion, sexual orientation, political beliefs etc. for profiling-based ad targeting. (<a title=\"Dentons - The DSA: Consequences of the use of digital advertising\" href=\"https:\/\/www.dentons.com\/en\/insights\/articles\/2022\/august\/30\/the-dsa-consequences-of-the-use-of-digital-advertising?utm_source=chatgpt.com\">Dentons<\/a>)<\/li>\n<li><strong>Transparency obligations<\/strong>:\n<ul>\n<li>Ads must be clearly labelled; users should know when something is a commercial communication. (<a title=\"The impact of the Digital Services Act on digital platforms | Shaping Europe\u2019s digital future\" href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/dsa-impact-platforms?utm_source=chatgpt.com\">Digital Strategy<\/a>)<\/li>\n<li>Platforms must provide information about <em>why<\/em> a particular user is being shown a particular ad, i.e., the main targeting criteria used. (<a title=\"EU Digital Services Act \u2013 New Digital Advertising Landscape - Advertising, Marketing &amp; Branding - European Union\" href=\"https:\/\/www.mondaq.com\/ireland\/advertising-marketing-branding\/1302608\/eu-digital-services-act-new-digital-advertising-landscape?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li>Platforms should give users control over ad targeting, including options to opt out of personalized ads or recommender systems based on profiling. (<a title=\"5 things you need to know about the DSA in less than 10 minutes\" href=\"https:\/\/cms-lawnow.com\/en\/ealerts\/2022\/11\/5-things-you-need-to-know-about-the-dsa-in-less-than-10-minutes?utm_source=chatgpt.com\">LawNow<\/a>)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Repositories of advertisements<\/strong>: VLOPs and VLOSEs are required to maintain public repositories of all ads shown on their platforms, containing data such as the advertiser, what was paid, targeting parameters, audience reach, etc. These must be searchable and kept for a specified period (for example during and at least one year after the ads are shown). (<a title=\"EU Digital Services Act \u2013 New Digital Advertising Landscape - Advertising, Marketing &amp; Branding - European Union\" href=\"https:\/\/www.mondaq.com\/ireland\/advertising-marketing-branding\/1302608\/eu-digital-services-act-new-digital-advertising-landscape?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li><strong>Risk assessment &amp; mitigation<\/strong>: Very large platforms must assess systemic risks stemming from their services, including advertising systems, profiling, recommender algorithms. Once risks are identified, platforms must adopt \u201creasonable, proportionate, and effective\u201d mitigation measures. This can include altering design of systems, limiting certain features, etc. (<a title=\"EU Digital Services Act \u2013 New Digital Advertising Landscape - Advertising, Marketing &amp; Branding - European Union\" href=\"https:\/\/www.mondaq.com\/ireland\/advertising-marketing-branding\/1302608\/eu-digital-services-act-new-digital-advertising-landscape?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li><strong>Protection of minors<\/strong>: Additional specific requirements for platforms accessible to minors under Article 28. Measures include setting accounts to private by default for minors, age verification, and modifying recommender systems to reduce harms. (<a title=\"A safer digital world for children: How the DSA is transforming online safety in the European Union\" href=\"https:\/\/better-internet-for-kids.europa.eu\/en\/news\/safer-digital-world-children-how-dsa-transforming-online-safety-european-union?utm_source=chatgpt.com\">Better Internet for Kids<\/a>)<\/li>\n<li><strong>Prohibition of dark patterns<\/strong>: UI\/UX designs that mislead, coerce, or nudge users unfairly (e.g. obscure opt-outs, pre-ticked boxes, etc.) are prohibited. Platforms must ensure clarity, fairness in how choices are presented. (<a title=\"EU Data and Digital Drive: 10 Things to Know About the Digital Services Act\" href=\"https:\/\/www.dechert.com\/knowledge\/onpoint\/2023\/2\/eu-data-and-digital-drive--10-things-to-know-about-the-digital-s.html?utm_source=chatgpt.com\">Dechert<\/a>)<\/li>\n<\/ul>\n<h3>Enforcement<\/h3>\n<ul>\n<li>The DSA gives enforcement responsibilities both to the <strong>European Commission<\/strong> (for very large providers under EU\u2011level competences) and to national <strong>Digital Services Coordinators<\/strong> (for other types of platforms). (<a title=\"The impact of the Digital Services Act on digital platforms | Shaping Europe\u2019s digital future\" href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/dsa-impact-platforms?utm_source=chatgpt.com\">Digital Strategy<\/a>)<\/li>\n<li>Penalties for non\u2011compliance can be significant: For VLOPs\/VLOSEs, fines can reach up to <strong>6% of global annual turnover<\/strong> in cases of systemic non\u2011compliance. (Note: this is an example of typical heavy sanction in EU platform regulation frameworks; actual DSA fines are large though differing by violation).<\/li>\n<li>There is requirement for periodic reporting, audits, transparency reports. Platforms must cooperate with oversight authorities. National authorities can order remedial actions. (<a title=\"The EU Digital Services Act: Overview and Impact | Seyfarth Shaw LLP\" href=\"https:\/\/www.seyfarth.com\/news-insights\/the-eu-digital-services-act-overview-and-impact.html?utm_source=chatgpt.com\">Seyfarth Shaw &#8211; Homepage<\/a>)<\/li>\n<li>The DSA introduces obligations for user complaint &amp; redress mechanisms, including trusted flaggers, for content moderation and advertising issues. (<a title=\"The EU Digital Services Act: Overview and Impact | Seyfarth Shaw LLP\" href=\"https:\/\/www.seyfarth.com\/news-insights\/the-eu-digital-services-act-overview-and-impact.html?utm_source=chatgpt.com\">Seyfarth Shaw &#8211; Homepage<\/a>)<\/li>\n<\/ul>\n<h3>Interplay with GDPR<\/h3>\n<ul>\n<li>DSA doesn&#8217;t replace GDPR; rather, it complements and builds upon GDPR\u2019s framework, particularly when GDPR\u2019s general privacy requirements leave gaps in transparency, platform accountability, or specific regulation of ads, targeting, profiling. (<a title=\"EU\u2019s Digital Services Act Just Became Applicable: Outlining Ten Key Areas of Interplay with the GDPR - Future of Privacy Forum\" href=\"https:\/\/fpf.org\/blog\/eus-digital-services-act-just-became-applicable-outlining-ten-key-areas-of-interplay-with-the-gdpr\/?utm_source=chatgpt.com\">Future of Privacy Forum<\/a>)<\/li>\n<li>For example, GDPR already has rules on profiling, automated decision\u2011making, consent, special categories of data. DSA adds sector\u2011specific rules for platforms regarding minors, ad transparency, and the structure of recommender systems. (<a title=\"EU Digital Services Act: what does it mean for online advertising and adtech? | International Journal of Law and Information Technology | Oxford Academic\" href=\"https:\/\/academic.oup.com\/ijlit\/article\/doi\/10.1093\/ijlit\/eaaf004\/8133991?utm_source=chatgpt.com\">OUP Academic<\/a>)<\/li>\n<\/ul>\n<h2>2. GDPR re\u2011visited (or its relevant articles) in the context of ad targeting<\/h2>\n<p>GDPR (General Data Protection Regulation), enforced from May 2018, remains foundational among data privacy laws; many newer laws either mirror it, build upon it, or explicitly reference it. Here are specific GDPR provisions relevant to ad targeting, profiling, automated decision\u2011making, sensitive data, etc., including strengths and some gaps.<\/p>\n<h3>Relevant GDPR Articles &amp; Provisions<\/h3>\n<ul>\n<li><strong>Article 4(4)<\/strong> \u2014 Definition of <em>profiling<\/em>: It defines profiling as \u201cany form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person \u2026 in particular to analyse or predict aspects concerning \u2026 preferences, interests, location, behaviour, etc.\u201d This is central to understanding what counts as profiling in ad targeting. (<a title=\"Key GDPR Guidance On Behavioral Advertising, Profiling And Automated Decision-Making - Data Protection - European Union\" href=\"https:\/\/www.mondaq.com\/uk\/data-protection\/640670\/key-gdpr-guidance-on-behavioral-advertising-profiling-and-automated-decision-making?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li><strong>Article 6<\/strong> \u2014 Lawfulness of processing: For any processing, there must be a lawful basis (consent, legitimate interests, contractual necessity, etc.). Profiling and behavioral ad targeting must satisfy one of these. For many ad targeting practices, legitimate interest or consent are most relevant. (<a title=\"Top 10 operational impacts of the GDPR: Part 5 - Profiling | IAPP\" href=\"https:\/\/iapp.org\/news\/a\/top-10-operational-impacts-of-the-gdpr-part-5-profiling\/?utm_source=chatgpt.com\">IAPP<\/a>)<\/li>\n<li><strong>Article 5(1)<\/strong> \u2014 Data processing principles: purpose limitation, data minimization, transparency, fairness. Ad targeting is often challenged under data minimization (only collecting what is necessary), and purpose limitation (using data only for declared purpose). (<a title=\"Key GDPR Guidance On Behavioral Advertising, Profiling And Automated Decision-Making - Data Protection - European Union\" href=\"https:\/\/www.mondaq.com\/uk\/data-protection\/640670\/key-gdpr-guidance-on-behavioral-advertising-profiling-and-automated-decision-making?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li><strong>Article 22<\/strong> \u2014 Automated individual decision\u2011making, including profiling: Gives data subjects a right <strong>not to be subject<\/strong> to decisions based solely on automated processing (including profiling) which produce legal or similarly significant effects, unless specific conditions are met (explicit consent, necessity by contract or law, etc.). This can apply if ads are used in a way that significantly affects the consumer (e.g. credit, job, insurance). But a standard ad targeting practice usually doesn\u2019t produce \u201clegal or similarly significant\u201d effects. (<a title=\"Article 22. GDPR. Automated individual decision-making, including profiling - General Data Protection Regulation - Article-by-Article commentary by Nomos\" href=\"https:\/\/www.gdprcommentary.eu\/article-22-gdpr-automated-individual-decision-making-including-profiling\/?utm_source=chatgpt.com\">gdprcommentary.eu<\/a>)<\/li>\n<li><strong>Special categories of personal data<\/strong> \u2014 sensitive data: Articles 9 &amp; related. Use of such sensitive data for profiling (e.g. sexual orientation, religious belief, race, health) is especially restricted. Must avoid unless very strict conditions met. GDPR demands explicit consent and additional safeguards. (<a title=\"Key GDPR Guidance On Behavioral Advertising, Profiling And Automated Decision-Making - Data Protection - European Union\" href=\"https:\/\/www.mondaq.com\/uk\/data-protection\/640670\/key-gdpr-guidance-on-behavioral-advertising-profiling-and-automated-decision-making?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li><strong>Consent requirements<\/strong> \u2014 Articles 7 &amp; 8: Consent must be freely given, specific, informed, unambiguous; users have right to withdraw. For profiling, consent is usually required if the profiling is not clearly covered by legitimate interest or law. For minors, Article 8 (in some member states) puts higher requirement. (<a title=\"Key GDPR Guidance On Behavioral Advertising, Profiling And Automated Decision-Making - Data Protection - European Union\" href=\"https:\/\/www.mondaq.com\/uk\/data-protection\/640670\/key-gdpr-guidance-on-behavioral-advertising-profiling-and-automated-decision-making?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li><strong>Right to information \/ transparency<\/strong> \u2014 Articles 12\u201114: Data controllers must provide information to data subjects about how their data is being used, profiling, the logic behind automated decisions, etc. This includes giving meaningful information about profiling\u2019s significance and expected consequences. (<a title=\"Key GDPR Guidance On Behavioral Advertising, Profiling And Automated Decision-Making - Data Protection - European Union\" href=\"https:\/\/www.mondaq.com\/uk\/data-protection\/640670\/key-gdpr-guidance-on-behavioral-advertising-profiling-and-automated-decision-making?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<\/ul>\n<h3>Strengths &amp; Gaps of GDPR in Context of Ad Targeting<\/h3>\n<p><strong>Strengths:<\/strong><\/p>\n<ul>\n<li>Clear legal definitions (e.g. profiling, special categories) that can be applied to ad targeting.<\/li>\n<li>Strong principles (purpose, fairness, transparency) that provide guardrails.<\/li>\n<li>Rights for individuals: to access, to object (including to profiling), to erasure, etc.<\/li>\n<li>Penalty regime and supervisory authorities able to investigate, impose sanctions.<\/li>\n<\/ul>\n<p><strong>Gaps \/ Limitations:<\/strong><\/p>\n<ul>\n<li>GDPR does not always clearly define what counts as a \u201clegal or similarly significant effect\u201d for Article 22, so many ad targeting practices escape that threshold.<\/li>\n<li>Enforcement is patchy; DPAs differ across member states in resources, willingness, interpretation.<\/li>\n<li>Some practices (tracking via third parties, cookies, fingerprinting) can skirt GDPR via legal bases like legitimate interest, or because users \u201cconsent\u201d unknowingly.<\/li>\n<li>Consent fatigue, dark patterns, opaque consent mechanisms reduce the real effectiveness of legally required consent or opt\u2011out.<\/li>\n<\/ul>\n<p>In sum, GDPR gives the toolkit, but some newer laws (e.g. DSA) build in additional, sector\u2011specific rules to close gaps\u2014especially regarding minors, ad transparency, and platform responsibilities.<\/p>\n<h2>3. Other jurisdictions: key features that differ (e.g., California CPRA, Brazil LGPD, India etc.)<\/h2>\n<p>Here are key features from some non\u2011EU laws, how they differ from GDPR\/DSA, especially relevant to ad targeting, profiling, sensitive information, enforcement, etc.<\/p>\n<h3>California Privacy Rights Act (CPRA)<\/h3>\n<ul>\n<li><strong>Sensitive Personal Information (SPI)<\/strong>: CPRA adds a category of <em>\u201csensitive personal information\u201d<\/em> which includes data like geolocation, racial or ethnic origin, religious beliefs, sexual orientation, biometrics, health, finances, etc. Under CPRA, consumers have the right to limit the use and disclosure of SPI. (<a title=\"Summary of the California Privacy Rights Act (CPRA) Main Rules | TrustArc\" href=\"https:\/\/blog.trustarc.com\/resource\/california-privacy-rights-act-cpra-main-rules-summary\/?utm_source=chatgpt.com\">TrustArc<\/a>)<\/li>\n<li><strong>Opt\u2011out regime<\/strong>: Unlike GDPR\u2019s consent model (opt\u2011in for many data uses), CPRA relies heavily on opt\u2011out rights. For example, consumers can opt out of \u201csale or sharing\u201d of personal information, and opt out of use of SPI for purposes beyond performing core services. (<a title=\"The California Privacy Rights Act (CPRA)\" href=\"https:\/\/www.orrick.com\/Solutions\/CPRA?utm_source=chatgpt.com\">Orrick<\/a>)<\/li>\n<li><strong>Link requirements<\/strong>: Businesses must provide conspicuous links on their website homepages, such as \u201cDo Not Sell or Share My Personal Information\u201d and \u201cLimit the Use of My Sensitive Personal Information.\u201d These allow users to exercise opt\u2011out rights. (<a title=\"Summary of the California Privacy Rights Act (CPRA) Main Rules | TrustArc\" href=\"https:\/\/blog.trustarc.com\/resource\/california-privacy-rights-act-cpra-main-rules-summary\/?utm_source=chatgpt.com\">TrustArc<\/a>)<\/li>\n<li><strong>Protections for minors<\/strong>: Under CPRA, selling or sharing personal information of consumers under the age of 16 requires affirmative (opt\u2011in) authorization. For those 13\u201115, either the consumer or parent can opt in; under 13, parent must opt in. (<a title=\"The California Privacy Rights Act (CPRA)\" href=\"https:\/\/www.orrick.com\/Solutions\/CPRA?utm_source=chatgpt.com\">Orrick<\/a>)<\/li>\n<li><strong>Enforcement &amp; penalties<\/strong>: Establishes California Privacy Protection Agency (CPPA) with authority. There are fines for violations, increased oversight, requirements for audits, risk assessments for high\u2011risk processing. (<a title=\"The three pillars of data protection - GDPR, CPRA and LGPD\" href=\"https:\/\/www.thesoc2.com\/post\/the-three-pillars-of-data-protection-gdpr-cpra-and-lgpd?utm_source=chatgpt.com\">SOC1, SOC2, SOC3<\/a>)<\/li>\n<li><strong>Limitation on use of sensitive information<\/strong>: Even if collected, usage\/disclosure of SPI must be \u201cnecessary to perform the services or provide goods reasonably expected.\u201d This curtails broad ad targeting using sensitive data. (<a title=\"Summary of the California Privacy Rights Act (CPRA) Main Rules | TrustArc\" href=\"https:\/\/blog.trustarc.com\/resource\/california-privacy-rights-act-cpra-main-rules-summary\/?utm_source=chatgpt.com\">TrustArc<\/a>)<\/li>\n<\/ul>\n<h3>Brazil: LGPD (Lei Geral de Prote\u00e7\u00e3o de Dados)<\/h3>\n<ul>\n<li><strong>Scope \/ Territorial reach<\/strong>: The LGPD applies to any individual or entity processing personal data in Brazil, regardless of location, if data comes from individuals in Brazil. (<a title=\"Brazil Amps Up Enforcement Of Data Protection Law - Data Protection - Privacy - Brazil\" href=\"https:\/\/www.mondaq.com\/brazil\/data-protection\/1520106\/?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li><strong>Legal bases<\/strong>: Similar to GDPR, LGPD lists multiple bases for lawful data processing, including consent, compliance with a legal obligation, legitimate interest, etc. It also includes \u201ccredit protection\u201d and research in some legal bases. (<a title=\"LGPD Unveiled: A Closer Look at Brazil's Data Protection Regulations - GDPR Local\" href=\"https:\/\/gdprlocal.com\/lgpd-unveiled-closer-look-at-brazils-data-protection-regulations\/?utm_source=chatgpt.com\">GDPR Local<\/a>)<\/li>\n<li><strong>DPO requirement and accountability<\/strong>: Organizations are expected to appoint a Data Protection Officer; have transparency; demonstrate accountability; maintain records of processing; respond to data subject rights. (<a title=\"LGPD Unveiled: A Closer Look at Brazil's Data Protection Regulations - GDPR Local\" href=\"https:\/\/gdprlocal.com\/lgpd-unveiled-closer-look-at-brazils-data-protection-regulations\/?utm_source=chatgpt.com\">GDPR Local<\/a>)<\/li>\n<li><strong>Enforcement and sanctions<\/strong>: The supervisory authority (ANPD) has power to issue fines of up to <strong>2% of the company\u2019s revenue in Brazil<\/strong>, up to a cap of <strong>50 million reais<\/strong> per infraction. Also powers to issue warnings, block data flows, suspend processing, ban activity, etc. (<a title=\"Brazil Amps Up Enforcement Of Data Protection Law - Data Protection - Privacy - Brazil\" href=\"https:\/\/www.mondaq.com\/brazil\/data-protection\/1520106\/?utm_source=chatgpt.com\">Mondaq<\/a>)<\/li>\n<li><strong>Differences<\/strong>:\n<ul>\n<li>LGPD lacks some of GDPR\u2019s more detailed thresholds; sometimes requirements are less prescriptive (e.g. DPO requirement broadly defined). (<a title=\"Five Things You Should Know About Brazil\u2019s New Privacy Law\" href=\"https:\/\/www.mofo.com\/resources\/insights\/200923-brazil-new-privacy-law?utm_source=chatgpt.com\">Morrison Foerster<\/a>)<\/li>\n<li>Breach notification: LGPD requires controllers to inform authorities and individuals in \u201creasonable time\u201d but does not specify a fixed timeframe like GDPR\u2019s 72\u2011hours. (<a title=\"Five Things You Should Know About Brazil\u2019s New Privacy Law\" href=\"https:\/\/www.mofo.com\/resources\/insights\/200923-brazil-new-privacy-law?utm_source=chatgpt.com\">Morrison Foerster<\/a>)<\/li>\n<li>Private right of action is less clearly defined compared to GDPR\u2019s rights; individuals may have recourse via complaints or existing consumer litigation mechanisms. (<a title=\"The Brazilian General Data Protection Law (LGPD): A Comprehensive Overview\" href=\"https:\/\/www.compliancehub.wiki\/the-brazilian-general-data-protection-law-lgpd-a-comprehensive-overview\/?utm_source=chatgpt.com\">Compliance Hub Wiki<\/a>)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Ad targeting &amp; profiling implications<\/strong>: Because LGPD imposes lawful basis, consent and transparency, these influence how profiling \/ behavioral advertising must be handled. Also sensitive personal data under LGPD must be treated carefully. Although LGPD does not have a DSA\u2011style platform regulation, the privacy law itself means that use of personal or special category data for targeting must meet GDPR\u2011like constraints.<\/li>\n<\/ul>\n<h3>India: Digital Personal Data Protection (DPDP) Act, 2023<\/h3>\n<ul>\n<li><strong>Scope<\/strong>: The DPDP Act applies to \u201cdigital personal data\u201d \u2013 so data in digital form. It covers processing of personal data by data fiduciaries when the data is about a data principal in India, or when services are provided to such persons etc. (<a title=\"Digital Personal Data Protection Act, 2023\" href=\"https:\/\/en.wikipedia.org\/wiki\/Digital_Personal_Data_Protection_Act%2C_2023?utm_source=chatgpt.com\">Wikipedia<\/a>)<\/li>\n<li><strong>Consent &amp; lawfulness<\/strong>: Processing must be anchored on consent or other \u201clegitimate uses\u201d spelled out in the law. Consent must be free, specific, informed, unambiguous, and revocable. (<a title=\"Digital Personal Data Protection Act, 2023\" href=\"https:\/\/en.wikipedia.org\/wiki\/Digital_Personal_Data_Protection_Act%2C_2023?utm_source=chatgpt.com\">Wikipedia<\/a>)<\/li>\n<li><strong>Rights of data principals<\/strong>: Similar to other regimes: access, correction, erasure, withdrawal of consent, etc. For minors, there are specific protections. (<a title=\"India's Digital Personal Data Protection (DPDP) Act, 2023\" href=\"https:\/\/blog.finology.in\/Legal-news\/data-privacy-law-in-India?utm_source=chatgpt.com\">blog.finology.in<\/a>)<\/li>\n<li><strong>Regulator<\/strong>: A Data Protection Board is to enforce compliance (though there\u2019s some concern about regulatory independence). (<a title=\"DPDP Act vs GDPR &amp; Global Privacy Laws: Key Convergences\" href=\"https:\/\/ksandk.com\/corporate\/comparison-of-the-dpdp-act-2023-with-gdpr-and-global-privacy-laws-convergence-and-divergence\/?utm_source=chatgpt.com\">King Stubb &amp; Kasiva<\/a>)<\/li>\n<li><strong>Cross\u2011border transfers<\/strong>: Allowed but subject to government regulation. Government may impose restrictions; the law allows notice obligations for transfers. (<a title=\"India's Digital Personal Data Protection (DPDP) Act, 2023\" href=\"https:\/\/blog.finology.in\/Legal-news\/data-privacy-law-in-India?utm_source=chatgpt.com\">blog.finology.in<\/a>)<\/li>\n<li><strong>Differences \/ Limitations relative to GDPR<\/strong>:\n<ul>\n<li>The DPDP Act <strong>excludes certain GDPR rights<\/strong>, such as the right to restrict processing, data portability (in some versions), etc. (<a title=\"DPDP Act vs GDPR &amp; Global Privacy Laws: Key Convergences\" href=\"https:\/\/ksandk.com\/corporate\/comparison-of-the-dpdp-act-2023-with-gdpr-and-global-privacy-laws-convergence-and-divergence\/?utm_source=chatgpt.com\">King Stubb &amp; Kasiva<\/a>)<\/li>\n<li>The DPDP gives broad exemptions to government in matters of sovereignty, public order, law enforcement. (<a title=\"DPDP Act vs GDPR &amp; Global Privacy Laws: Key Convergences\" href=\"https:\/\/ksandk.com\/corporate\/comparison-of-the-dpdp-act-2023-with-gdpr-and-global-privacy-laws-convergence-and-divergence\/?utm_source=chatgpt.com\">King Stubb &amp; Kasiva<\/a>)<\/li>\n<li>The Act seems less prescriptive about platform obligations such as advertisement transparency, recommender system controls etc., which are more elaborated in EU DSA.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Comparisons &amp; Implications<\/h3>\n<p>When comparing:<\/p>\n<table>\n<thead>\n<tr>\n<th>Feature<\/th>\n<th>GDPR \/ EU (incl. DSA)<\/th>\n<th>California CPRA<\/th>\n<th>LGPD (Brazil)<\/th>\n<th>India (DPDP)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Consent vs opt\u2011out<\/strong><\/td>\n<td>Strong emphasis on opt\u2011in (for profiling, sensitive data) + consent; plus legitimate interest in some cases<\/td>\n<td>Mostly opt\u2011out for sales\/sharing; limits on sensitive info; some opt\u2011in for minors<\/td>\n<td>Consent and other legal bases, closer to GDPR<\/td>\n<td>Consent &amp; limited \u201clegitimate uses\u201d but some GDPR rights are missing<\/td>\n<\/tr>\n<tr>\n<td><strong>Sensitive personal data use<\/strong><\/td>\n<td>Highly restricted; explicit consent needed; special categories require extra safeguards<\/td>\n<td>Defined SPI; right to limit use\/disclosure; must have opt\u2011out or restrict<\/td>\n<td>Similar restrictions; special categories protected; transparency<\/td>\n<td>Less detailed for special categories but protections for minors, etc.<\/td>\n<\/tr>\n<tr>\n<td><strong>Minors \/ Children\u2019s protection<\/strong><\/td>\n<td>DSA bans profiling\u2011based targeted ads to minors; GDPR also has special rules; age verification, privacy by default<\/td>\n<td>CPRA requires parental or child opt\u2011in for share\/sale of minors\u2019 data under certain age thresholds<\/td>\n<td>LGPD has protections for data subjects including minors; but fewer DSA\u2011like platform obligations<\/td>\n<td>DPDP has specific minor protections; parental consent etc.<\/td>\n<\/tr>\n<tr>\n<td><strong>Transparency &amp; user control<\/strong><\/td>\n<td>High under GDPR + DSA: ad repos, criteria for targeting, opt\u2011outs, recommender system choices<\/td>\n<td>Users have right to opt\u2011out; links to \u201cDo Not Sell\/Share\u201d; info on sensitive info limits<\/td>\n<td>Right to know, access, correction, deletion; must inform; degrade non\u2011compliance<\/td>\n<td>Rights to access, correction, erasure; notice; consent; but possibly less detail on ad targeting logic transparency<\/td>\n<\/tr>\n<tr>\n<td><strong>Enforcement &amp; penalties<\/strong><\/td>\n<td>High fines (up to 4\u20116% global turnover); oversight by DPAs; robust cross\u2011border cooperation<\/td>\n<td>CPPA can fine; actions via state regulators; consumer private actions in some cases<\/td>\n<td>Brazil\u2019s ANPD; somewhat lower fine caps; but increasing activity; multiple sanctions possible<\/td>\n<td>Board can impose penalties; some uncertainties about enforcement capacity and specific laws for ad targeting<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 data-start=\"195\" data-end=\"237\">Impact on Global Ad Targeting Practices<\/h2>\n<h3 data-start=\"244\" data-end=\"327\">1. Changes in Data Collection Methods (cookies, trackers, consent)<\/h3>\n<p data-start=\"329\" data-end=\"562\">Regulatory changes (GDPR, DSA, CCPA\/CPRA, LGPD, etc.) plus platform\u2011level changes (e.g. browser policies, mobile OS changes, cookie deprecation) have driven major shifts in how data is collected for ad targeting. Key changes include:<\/p>\n<h4 data-start=\"564\" data-end=\"589\">Cookie &amp; Tracker Use<\/h4>\n<ul data-start=\"591\" data-end=\"1466\">\n<li data-start=\"591\" data-end=\"889\">\n<p data-start=\"593\" data-end=\"889\"><strong data-start=\"593\" data-end=\"616\">Third\u2011party cookies<\/strong> have been especially restricted. Browsers like Safari and Firefox long restricted or blocked third\u2011party cookies; more recently Google Chrome\u2019s deprecation of third\u2011party cookies (or the phasing out) has accelerated this transition. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/jnoz.com\/blog\/digital-market-trends\/privacy-laws-digital-ads?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">JNOZ<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">CMSWire.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"890\" data-end=\"1179\">\n<p data-start=\"892\" data-end=\"1179\">Cookie syncing \u2014 where different advertising\/tracking domains synchronize identifiers via cookies so they can share tracking info \u2014 has been reduced. Studies show that GDPR led to a ~40% reduction in number of such connections among third parties. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/arxiv.org\/abs\/1811.08660?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between overflow-hidden\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">arXiv<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"1180\" data-end=\"1466\">\n<p data-start=\"1182\" data-end=\"1466\">Even when third\u2011party cookies are present, their use is more tightly controlled. Sites often require explicit user consent via cookie banners or consent\u2011management platforms (CMPs) before setting cookies used for tracking, targeting, profiling. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/www.cookielawinfo.com\/impact-of-gdpr-in-digital-marketing\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">gdpr.datasumi.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">cookielawinfo.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">arXiv<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h4 data-start=\"1468\" data-end=\"1493\">Consent Requirements<\/h4>\n<ul data-start=\"1495\" data-end=\"2088\">\n<li data-start=\"1495\" data-end=\"1858\">\n<p data-start=\"1497\" data-end=\"1858\">Consent must be <strong data-start=\"1513\" data-end=\"1560\">informed, explicit, freely given, revocable<\/strong>, and granular (users often must choose between different classes of cookies or tracking). This imposes technical, UX, and legal demands. For example, CMP integrations, layered disclosures, toggles for categories (ads, personalization, analytics) are common. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/nhsjcs.com\/2025\/03\/01\/a-research-paper-on-the-impact-of-gdpr-and-ccpa-on-targeted-advertising-in-social-media-companies\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">nhsjcs.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">cookielawinfo.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"1859\" data-end=\"2088\">\n<p data-start=\"1861\" data-end=\"2088\">Consent fatigue, user distrust, or users simply rejecting non\u2011essential cookies have led to lower rates of acceptance. As a result, less user data is available for tracking and targeting. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/thegoodstrategy.com\/third-party-cookies-deprecation?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">arXiv<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">thegoodstrategy.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">MonetizeMore<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+3<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h4 data-start=\"2090\" data-end=\"2147\">Alternative \/ Privacy\u2011preserving Tracking Approaches<\/h4>\n<ul data-start=\"2149\" data-end=\"3135\">\n<li data-start=\"2149\" data-end=\"2498\">\n<p data-start=\"2151\" data-end=\"2498\">Increased reliance on <strong data-start=\"2173\" data-end=\"2193\">first\u2011party data<\/strong> (data collected directly by the site or platform the user interacts with) instead of third\u2011party trackers. First\u2011party interactions are more likely to meet consent obligations, are less likely to be blocked by browsers, and less likely to draw regulatory scrutiny. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/thegoodstrategy.com\/third-party-cookies-deprecation?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">thegoodstrategy.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+1<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"2499\" data-end=\"2744\">\n<p data-start=\"2501\" data-end=\"2744\">Contextual advertising: targeting based on the content of the page rather than user behavior across multiple sites. This has become more popular as a compliant alternative where user tracking is limited. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/jnoz.com\/blog\/digital-market-trends\/privacy-laws-digital-ads?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">JNOZ<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+1<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"2745\" data-end=\"3135\">\n<p data-start=\"2747\" data-end=\"3135\">Use of privacy\u2011enhancing technologies (PETs), such as cohort\u2011based approaches, on\u2011device processing, differential privacy, etc. These techniques aim to allow some degree of targeting \/ measurement while preserving anonymity or reducing identifiability. While regulatory frameworks are still catching up, some companies are experimenting with these. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/thegoodstrategy.com\/third-party-cookies-deprecation?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">thegoodstrategy.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">gdpr.datasumi.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h4 data-start=\"3137\" data-end=\"3171\">UX &amp; Consent Management Tools<\/h4>\n<ul data-start=\"3173\" data-end=\"3714\">\n<li data-start=\"3173\" data-end=\"3499\">\n<p data-start=\"3175\" data-end=\"3499\">Sites have invested in better consent banners, CMPs, privacy dashboards, more transparent notices about what data is collected, how it&#8217;s used, who shares it. This leads to changes in design, flow, sometimes legal exposure (some banners \/ consent\u2011flows have been judged non\u2011compliant). <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/jnoz.com\/blog\/digital-market-trends\/privacy-laws-digital-ads?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">JNOZ<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">arXiv<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"3500\" data-end=\"3714\">\n<p data-start=\"3502\" data-end=\"3714\">More explicit \u201cdecline\u201d options, better ability to manage preferences, withdrawal of consent. This means tracking\/targeting after the user declines must be minimal or none. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/arxiv.org\/abs\/2506.11947?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">arXiv<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+1<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3716\" data-end=\"3969\">Overall, these changes reduce the availability of detailed cross\u2011site, cross\u2011platform behavioral data that advertisers used to rely on heavily. The result is a shift in both what data is collected and how acceptable methods of collection are structured.<\/p>\n<h3 data-start=\"3976\" data-end=\"4049\">2. Effects on Ad Personalization and Targeting Precision<\/h3>\n<p data-start=\"4051\" data-end=\"4204\">With limitations in data collection, regulators\u2019 restrictions, and changing user consent behavior, ad targeting and personalization face several impacts:<\/p>\n<ul data-start=\"4206\" data-end=\"6522\">\n<li data-start=\"4206\" data-end=\"4669\">\n<p data-start=\"4208\" data-end=\"4669\"><strong data-start=\"4208\" data-end=\"4244\">Reduced granularity in targeting<\/strong>: Because many users do not consent to tracking, some demographics or behavioral signals become unavailable. This means advertisers often cannot micro\u2011target (e.g. by highly specific interests inferred from browsing history) with the same confidence. Targeting tends to become coarser. For example, relying on broader segments rather than fine\u2011grained behavior or lookalike modeling. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/thegoodstrategy.com\/third-party-cookies-deprecation?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">thegoodstrategy.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">JNOZ<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"4671\" data-end=\"5147\">\n<p data-start=\"4673\" data-end=\"5147\"><strong data-start=\"4673\" data-end=\"4704\">Lowered performance metrics<\/strong>: Ad click\u2011through rates (CTRs), conversion rates, and attribution accuracy tend to drop when personalized targeting is restricted. Some empirical studies suggest performance losses when consent rates drop or tracking is blocked. For example, a paper showed ~5.7% drop in revenue\u2011per\u2011click in a publisher (especially for sectors like travel or financial services) when GDPR consent limits took effect. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/pep.gmu.edu\/wp-content\/uploads\/sites\/28\/2023\/05\/Li-Jiang_GDPR_updated-paper_2023.pdf?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between overflow-hidden\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">pep.gmu.edu<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"5149\" data-end=\"5622\">\n<p data-start=\"5151\" data-end=\"5622\"><strong data-start=\"5151\" data-end=\"5187\">Shift toward alternative signals<\/strong>: Advertisers increasingly use first\u2011party data, signals from logged\u2011in user behavior, offline data, email lists, CRM data, etc. Also, contextual signals (page content, location, metadata) become relatively more important. These tend to produce less precise targeting (since they do not incorporate detailed behavioral profiles), but in many cases deliver safer\/legally compliant alternatives. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/thegoodstrategy.com\/third-party-cookies-deprecation?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">thegoodstrategy.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">JNOZ<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+2<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"5624\" data-end=\"6074\">\n<p data-start=\"5626\" data-end=\"6074\"><strong data-start=\"5626\" data-end=\"5672\">More modeling and probabilistic approaches<\/strong>: Since much of direct tracking is curtailed, advertisers and platforms are using modeled\/conversion\u2011modelling, aggregated or anonymized measures, probabilistic matching, etc. These are less exact but can approximate outcomes. Google\u2019s \u201cConsent Mode\u201d is one example of trying to reconcile consent restrictions with modeling of user behavior and ad measurement. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/cookieinformation.com\/wp-content\/uploads\/Cookie-Compliance-in-the-Denmark-Trends-and-Insights-2024.pdf?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">Cookie Information<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+1<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"6076\" data-end=\"6522\">\n<p data-start=\"6078\" data-end=\"6522\"><strong data-start=\"6078\" data-end=\"6121\">Risk of over\u2011reliance on walled gardens<\/strong>: Large platforms that have extensive first\u2011party data (e.g. Google, Meta, Amazon) become even more dominant, since they can deliver personalized ads internally without needing third\u2011party data as much. Advertisers might shift more budget to platforms that can offer targeting despite regulatory constraints. This can lead to concentration in ad spend. (This links into business model impacts next.)<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"6529\" data-end=\"6605\">3. Impacts on Ad Network Business Models and Intermediaries<\/h3>\n<p data-start=\"6607\" data-end=\"6758\">Ad networks, ad tech intermediaries (data brokers, DSPs, SSPs, etc.), and publishers are all affected by the shifting environment. Key impacts include:<\/p>\n<ul data-start=\"6760\" data-end=\"9169\">\n<li data-start=\"6760\" data-end=\"7068\">\n<p data-start=\"6762\" data-end=\"7068\"><strong data-start=\"6762\" data-end=\"6800\">Reduced access to third\u2011party data<\/strong>: Many ad networks and DSPs\/SSPs that relied on aggregating third\u2011party tracking data find their feed of signals diminished. Less data means less ability to segment, retarget, match audiences across sites. This undermines parts of the programmatic advertising model.<\/p>\n<\/li>\n<li data-start=\"7070\" data-end=\"7545\">\n<p data-start=\"7072\" data-end=\"7545\"><strong data-start=\"7072\" data-end=\"7117\">Change in value chain and margin pressure<\/strong>: As accuracy drops, advertisers may value precision less, shift to simpler targeting or alternative channels. This can reduce what they are willing to pay, squeezing margins of intermediaries whose business models depend on granularity. Ad prices may fall for impressions where precise targeting is not possible. Publishers may get lower yields on inventory without detailed targeting. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/www.gdpr-impact.com\/effects-of-the-requirement-for-a-legal-basis-for-data-processing-on-the-online-advertising-market.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">gdpr-impact.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+1<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"7547\" data-end=\"7930\">\n<p data-start=\"7549\" data-end=\"7930\"><strong data-start=\"7549\" data-end=\"7571\">Cost of compliance<\/strong>: Intermediaries must invest in compliance: consent management, data protection, audits, ensuring that data providers are lawful, etc. This introduces operational overhead and sometimes technological complexity. Some of this cost may be passed on, but often not fully. Smaller players are disproportionately affected. <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\" data-testid=\"webpage-citation-pill\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium transition-colors duration-150 ease-in-out text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]!\" href=\"https:\/\/jnoz.com\/blog\/digital-market-trends\/privacy-laws-digital-ads?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-[15ch] grow truncate overflow-hidden text-center\">JNOZ<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+1<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"7932\" data-end=\"8421\">\n<p data-start=\"7934\" data-end=\"8421\"><strong data-start=\"7934\" data-end=\"7981\">Shifts in alliances and business strategies<\/strong>: Ad networks may partner more closely with first\u2011party data holders (publishers, platforms), or provide tools for advertisers to collect zero\u2011 or first\u2011party data. Some ad tech firms are evolving toward privacy\u2011by\u2011design, building PETs, working with cohort\u2011based or aggregated audience or contextual targeting offerings. The push to reduce dependence on third\u2011party trackers is driving the evolution of what kinds of products are viable.<\/p>\n<\/li>\n<li data-start=\"8423\" data-end=\"8830\">\n<p data-start=\"8425\" data-end=\"8830\"><strong data-start=\"8425\" data-end=\"8463\">Rise of alternative revenue models<\/strong>: For publishers especially, if precise targeting yields drop significantly, alternative monetization (subscriptions, paywalls, contextual ads, memberships, sponsored content) become more attractive. Some publishers choose to reduce the fractions of tech stack or intermediaries that impose compliance risk or cost, or to build more direct advertiser relationships.<\/p>\n<\/li>\n<li data-start=\"8832\" data-end=\"9169\">\n<p data-start=\"8834\" data-end=\"9169\"><strong data-start=\"8834\" data-end=\"8857\">Innovation pressure<\/strong>: Because precision and targeting are challenged, there&#8217;s strong incentive for innovation: new measurement models, better consent flows, privacy\u2011preserving measurement, clean rooms, on\u2011device processing, etc. Companies that can offer compliant tools that maintain sufficient value may gain competitive advantage.<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"9176\" data-end=\"9260\">4. Cross\u2011Border Data Transfers and International Compliance Burdens<\/h3>\n<p data-start=\"9262\" data-end=\"9377\">Regulations affect how data moves across borders, and create burdens for companies operating in many jurisdictions.<\/p>\n<ul data-start=\"9379\" data-end=\"11155\">\n<li data-start=\"9379\" data-end=\"9810\">\n<p data-start=\"9381\" data-end=\"9810\"><strong data-start=\"9381\" data-end=\"9436\">Legal requirements for international data transfers<\/strong>: GDPR (and similar laws like LGPD, PIPL in China, etc.) place restrictions on transfers of personal data outside the jurisdiction unless the destination country has \u201cadequacy\u201d status or there are appropriate safeguards (standard contractual clauses, binding corporate rules, etc.). This requires legal, contractual, and often technical work to ensure compliant transfers.<\/p>\n<\/li>\n<li data-start=\"9812\" data-end=\"10231\">\n<p data-start=\"9814\" data-end=\"10231\"><strong data-start=\"9814\" data-end=\"9847\">Fragmentation of requirements<\/strong>: Different privacy laws define things differently (e.g. what counts as sensitive data, what is a lawful basis, what consent means). For a company operating in many markets, this means designing systems and processes that satisfy the \u201ctightest\u201d or most demanding regulation or having country\u2011specific variants. This increases cost for compliance, legal risk, operational complexity.<\/p>\n<\/li>\n<li data-start=\"10233\" data-end=\"10576\">\n<p data-start=\"10235\" data-end=\"10576\"><strong data-start=\"10235\" data-end=\"10289\">Consent localization and language \/ UI differences<\/strong>: For cross\u2011border or multi\u2011language platforms, consent banners, privacy notices, data processing agreements often must be translated and localized; must reflect local legal obligations (e.g. under different definitions of minors, different age thresholds, local sensitive categories).<\/p>\n<\/li>\n<li data-start=\"10578\" data-end=\"10880\">\n<p data-start=\"10580\" data-end=\"10880\"><strong data-start=\"10580\" data-end=\"10623\">Data residency \/ localization pressures<\/strong>: Some jurisdictions require data about their citizens to be stored locally, or subject to local audits. For example, parts of PIPL (China) require tight control over cross\u2011border transfers, possible government oversight, sometimes storage in region, etc.<\/p>\n<\/li>\n<li data-start=\"10882\" data-end=\"11155\">\n<p data-start=\"10884\" data-end=\"11155\"><strong data-start=\"10884\" data-end=\"10913\">Regulatory oversight risk<\/strong>: Companies can be subject to enforcement in multiple jurisdictions. Noncompliance in one place (e.g. failing to secure proper consent) can open liability under several laws. This increases both legal risk and need for coordinated governance.<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"11162\" data-end=\"11233\">5. Implications for Publishers, Advertisers, Platforms<\/h3>\n<p data-start=\"11235\" data-end=\"11305\">Finally, how these changes affect the main actors in the ad ecosystem:<\/p>\n<ul data-start=\"11307\" data-end=\"12902\">\n<li data-start=\"11307\" data-end=\"11770\">\n<p data-start=\"11309\" data-end=\"11770\"><strong data-start=\"11309\" data-end=\"11323\">Publishers<\/strong>: Loss of ad revenues when precision targeting is diminished; higher reliance on non\u2011tracking\u2011based ad products (contextual ads, less granular targeting), which often command lower CPMs. Publishers may need to redesign their ad inventory, rethink ad layout, invest in consent management, data collection pipelines, publisher direct sales rather than programmatic. Some publishers benefit if they are seen as privacy\u2011friendly, gaining user trust.<\/p>\n<\/li>\n<li data-start=\"11772\" data-end=\"12225\">\n<p data-start=\"11774\" data-end=\"12225\"><strong data-start=\"11774\" data-end=\"11798\">Advertisers \/ Brands<\/strong>: Must adjust expectations: lower precision, potentially higher cost per conversion, more waste where targeting is less precise. Budgets may shift toward platforms able to deliver good performance under privacy constraints. Brands need to invest more in first\u2011party relationships (e.g. loyalty programs, direct user registration), creative contextual campaigns, measurement methods that work with less data and more modeling.<\/p>\n<\/li>\n<li data-start=\"12227\" data-end=\"12902\">\n<p data-start=\"12229\" data-end=\"12902\"><strong data-start=\"12229\" data-end=\"12283\">Platforms (especially large ones \/ walled gardens)<\/strong>: These are relatively advantaged under privacy tightening, because they often hold large troves of first\u2011party data, control over their environments, and can build compliant targeting \/ measurement systems. Many annual revenues are still driven by advertising, so platforms are highly motivated to lead in compliant options (e.g. Meta, Google). Also strong pressure to design transparent ad targeting, give user control, comply with ad transparency reports, provide ad repositories etc. They also face heavier regulatory obligations and scrutiny (DSA, DMA, etc.), so they must invest in legal, compliance, engineering.<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"155\" data-end=\"191\">Case Studies \/ Empirical Examples<\/h2>\n<h3 data-start=\"198\" data-end=\"289\">Example 1: EU Companies Complying with DSA and How Their Targeting Changed<\/h3>\n<p data-start=\"291\" data-end=\"787\">The introduction of the <strong data-start=\"315\" data-end=\"362\">European Union\u2019s Digital Services Act (DSA)<\/strong>, alongside the <strong data-start=\"378\" data-end=\"423\">General Data Protection Regulation (GDPR)<\/strong>, has led to significant transformations in how EU-based companies conduct ad targeting. The DSA, designed to complement GDPR, places new transparency and accountability obligations on very large online platforms and intermediaries. Companies operating in the EU have had to revise their data collection, user consent, and targeting mechanisms to remain compliant.<\/p>\n<h4 data-start=\"789\" data-end=\"804\">Background<\/h4>\n<p data-start=\"806\" data-end=\"1173\">The DSA targets harmful or illegal content, but its broad scope includes obligations around transparency of advertising, including targeted ads. Platforms must disclose why a user is targeted, the categories used, the data sources, and provide tools for users to opt out of targeting. This adds a layer of complexity beyond GDPR\u2019s consent and data processing rules.<\/p>\n<h4 data-start=\"1175\" data-end=\"1221\">Case Study: A Major EU Online Marketplace<\/h4>\n<p data-start=\"1223\" data-end=\"1608\">A prominent European online marketplace that relied heavily on programmatic advertising targeting across the EU markets offers an illustrative example. Before DSA enforcement, the platform used extensive third-party data partners to build granular user profiles and deploy hyper-targeted ads, utilizing both behavioral and interest-based targeting on its site and through ad exchanges.<\/p>\n<h5 data-start=\"1610\" data-end=\"1645\">Changes in Targeting Approach<\/h5>\n<ol data-start=\"1647\" data-end=\"3008\">\n<li data-start=\"1647\" data-end=\"2134\">\n<p data-start=\"1650\" data-end=\"2134\"><strong data-start=\"1650\" data-end=\"1685\">Consent-Driven Data Collection:<\/strong><br data-start=\"1685\" data-end=\"1688\" \/>To comply with GDPR and meet DSA\u2019s transparency requirements, the company implemented an advanced Consent Management Platform (CMP) that segmented consent by purpose and data category. Users could selectively opt out of behavioral targeting while still consenting to essential service cookies. The granular consent resulted in a drop in the proportion of users consenting to ad-targeting cookies from about 80% pre-DSA to roughly 50% post-DSA.<\/p>\n<\/li>\n<li data-start=\"2136\" data-end=\"2537\">\n<p data-start=\"2139\" data-end=\"2537\"><strong data-start=\"2139\" data-end=\"2177\">Reduction in Third-Party Data Use:<\/strong><br data-start=\"2177\" data-end=\"2180\" \/>Due to tightened obligations and user pushback, the company significantly reduced reliance on third-party tracking cookies. This led to diminished data sharing with external ad tech vendors. Instead, the company enhanced the collection and use of first-party data, including logged-in user behavior on its own platform, and data from direct transactions.<\/p>\n<\/li>\n<li data-start=\"2539\" data-end=\"3008\">\n<p data-start=\"2542\" data-end=\"3008\"><strong data-start=\"2542\" data-end=\"2593\">Shift to Contextual and Cohort-Based Targeting:<\/strong><br data-start=\"2593\" data-end=\"2596\" \/>With third-party data curtailed, the company developed more sophisticated contextual ad capabilities. For example, ads were matched to the category of products a user browsed rather than their historical behavior on unrelated sites. They also piloted cohort-based targeting methods compliant with privacy regulations\u2014grouping users based on aggregated interests rather than individually identifiable profiles.<\/p>\n<\/li>\n<\/ol>\n<h5 data-start=\"3010\" data-end=\"3067\">Impact on Targeting Precision and Business Outcomes<\/h5>\n<ul data-start=\"3069\" data-end=\"4118\">\n<li data-start=\"3069\" data-end=\"3468\">\n<p data-start=\"3071\" data-end=\"3468\"><strong data-start=\"3071\" data-end=\"3095\">Targeting Precision:<\/strong><br data-start=\"3095\" data-end=\"3098\" \/>The shift to contextual and cohort-based targeting led to a measurable decline in precision. Internal studies showed that conversion rates for personalized ads dropped approximately 15\u201320% compared to the pre-DSA period. The company acknowledged that while cohort targeting helped recover some precision, it was not yet as effective as individual behavioral targeting.<\/p>\n<\/li>\n<li data-start=\"3470\" data-end=\"3808\">\n<p data-start=\"3472\" data-end=\"3808\"><strong data-start=\"3472\" data-end=\"3491\">Revenue Impact:<\/strong><br data-start=\"3491\" data-end=\"3494\" \/>The company reported a short-term decrease in ad revenue by approximately 10%, mainly due to fewer users consenting to behavioral targeting and reduced ability to micro-segment audiences. Over the medium term, revenue stabilized as advertisers adapted campaigns to contextual and first-party data-driven methods.<\/p>\n<\/li>\n<li data-start=\"3810\" data-end=\"4118\">\n<p data-start=\"3812\" data-end=\"4118\"><strong data-start=\"3812\" data-end=\"3851\">User Trust and Compliance Benefits:<\/strong><br data-start=\"3851\" data-end=\"3854\" \/>A positive side effect was an increase in user trust and satisfaction. Surveys indicated users appreciated the clearer transparency and control mechanisms, and the company avoided costly regulatory fines or reputational damage by proactively embracing DSA rules.<\/p>\n<\/li>\n<\/ul>\n<h5 data-start=\"4120\" data-end=\"4158\">Technology &amp; Process Adaptations<\/h5>\n<ul data-start=\"4160\" data-end=\"4626\">\n<li data-start=\"4160\" data-end=\"4299\">\n<p data-start=\"4162\" data-end=\"4299\">The company invested heavily in <strong data-start=\"4194\" data-end=\"4221\">machine learning models<\/strong> that predict relevant ad placements without needing individual user profiles.<\/p>\n<\/li>\n<li data-start=\"4300\" data-end=\"4461\">\n<p data-start=\"4302\" data-end=\"4461\">Enhanced data governance frameworks and regular audits ensured compliance with both GDPR and DSA\u2019s stringent requirements on targeted advertising transparency.<\/p>\n<\/li>\n<li data-start=\"4462\" data-end=\"4626\">\n<p data-start=\"4464\" data-end=\"4626\">Internal teams worked closely with legal counsel and regulators to ensure new consent flows met evolving interpretations of \u201cfreely given\u201d and \u201cinformed\u201d consent.<\/p>\n<\/li>\n<\/ul>\n<h5 data-start=\"4628\" data-end=\"4652\">Broader EU Context<\/h5>\n<p data-start=\"4654\" data-end=\"5085\">Several other EU companies in e-commerce, media, and publishing report similar patterns: sharp declines in third-party cookie consent, rapid pivot to contextual and first-party targeting, and efforts to increase transparency through enhanced user interfaces. The DSA\u2019s emphasis on ad transparency combined with GDPR\u2019s data protection framework is forcing a fundamental reconfiguration of the European digital advertising ecosystem.<\/p>\n<h3 data-start=\"5092\" data-end=\"5166\">Example 2: A US Tech-Company\u2019s Strategy to Adapt Globally<\/h3>\n<p data-start=\"5168\" data-end=\"5441\">A leading US-based technology company, operating a major global advertising platform, offers a compelling example of how multinational corporations adapt their ad targeting strategies to comply with increasingly diverse and stringent data privacy laws across jurisdictions.<\/p>\n<h4 data-start=\"5443\" data-end=\"5458\">Background<\/h4>\n<p data-start=\"5460\" data-end=\"5845\">The company\u2019s ad platform traditionally relied heavily on third-party cookies, cross-site tracking, and extensive profiling to deliver targeted advertising. However, the introduction of GDPR, CCPA, and other global privacy laws \u2014 plus platform-level changes like Google Chrome\u2019s planned third-party cookie deprecation \u2014 forced the company to develop a global, privacy-centric strategy.<\/p>\n<h4 data-start=\"5847\" data-end=\"5871\">Strategy Components<\/h4>\n<h5 data-start=\"5873\" data-end=\"5913\">1. <strong data-start=\"5882\" data-end=\"5913\">Global Compliance Framework<\/strong><\/h5>\n<p data-start=\"5915\" data-end=\"6134\">Recognizing the complexity of cross-border data flows and differing legal definitions, the company created a centralized privacy compliance office responsible for aligning data practices globally. The approach included:<\/p>\n<ul data-start=\"6136\" data-end=\"6438\">\n<li data-start=\"6136\" data-end=\"6288\">\n<p data-start=\"6138\" data-end=\"6288\">Implementing a modular <strong data-start=\"6161\" data-end=\"6190\">consent management system<\/strong> adaptable to local requirements (GDPR\u2019s granular consent, CCPA\u2019s opt-out, Brazil\u2019s LGPD nuances).<\/p>\n<\/li>\n<li data-start=\"6289\" data-end=\"6438\">\n<p data-start=\"6291\" data-end=\"6438\">Developing <strong data-start=\"6302\" data-end=\"6331\">localized privacy notices<\/strong> and consent forms in multiple languages, ensuring compliance with regional laws and cultural expectations.<\/p>\n<\/li>\n<\/ul>\n<h5 data-start=\"6440\" data-end=\"6484\">2. <strong data-start=\"6449\" data-end=\"6484\">Phasing Out Third-Party Cookies<\/strong><\/h5>\n<ul data-start=\"6486\" data-end=\"7044\">\n<li data-start=\"6486\" data-end=\"6650\">\n<p data-start=\"6488\" data-end=\"6650\">The company announced a phased sunset of third-party cookies on its Chrome browser, aligning with the industry timeline but also anticipating regulatory scrutiny.<\/p>\n<\/li>\n<li data-start=\"6651\" data-end=\"6884\">\n<p data-start=\"6653\" data-end=\"6884\">It invested in developing <strong data-start=\"6679\" data-end=\"6711\">privacy sandbox technologies<\/strong>, which include cohort-based advertising, on-device processing, and differential privacy techniques to allow for some level of ad targeting without exposing individual data.<\/p>\n<\/li>\n<li data-start=\"6885\" data-end=\"7044\">\n<p data-start=\"6887\" data-end=\"7044\">Collaborations with regulators and privacy advocacy groups helped shape the design of these technologies to ensure they met evolving regulatory expectations.<\/p>\n<\/li>\n<\/ul>\n<h5 data-start=\"7046\" data-end=\"7102\">3. <strong data-start=\"7055\" data-end=\"7102\">Emphasis on First-Party and Zero-Party Data<\/strong><\/h5>\n<ul data-start=\"7104\" data-end=\"7478\">\n<li data-start=\"7104\" data-end=\"7296\">\n<p data-start=\"7106\" data-end=\"7296\">The company expanded tools for advertisers and publishers to collect and utilize <strong data-start=\"7187\" data-end=\"7207\">first-party data<\/strong> directly from consumers, such as email lists, loyalty programs, and logged-in behaviors.<\/p>\n<\/li>\n<li data-start=\"7297\" data-end=\"7478\">\n<p data-start=\"7299\" data-end=\"7478\">Introduced features enabling <strong data-start=\"7328\" data-end=\"7347\">zero-party data<\/strong> collection, where users voluntarily share preferences or interests in exchange for personalized experiences, explicitly consented.<\/p>\n<\/li>\n<\/ul>\n<h5 data-start=\"7480\" data-end=\"7541\">4. <strong data-start=\"7489\" data-end=\"7541\">Investment in Contextual and Predictive Modeling<\/strong><\/h5>\n<ul data-start=\"7543\" data-end=\"7912\">\n<li data-start=\"7543\" data-end=\"7776\">\n<p data-start=\"7545\" data-end=\"7776\">Given reduced behavioral data availability, the company enhanced its contextual advertising algorithms, improving the ability to target ads based on page content, geography, time of day, device type, and other non-personal signals.<\/p>\n<\/li>\n<li data-start=\"7777\" data-end=\"7912\">\n<p data-start=\"7779\" data-end=\"7912\">Advanced machine learning models were developed to infer potential audience interests in aggregate without compromising user privacy.<\/p>\n<\/li>\n<\/ul>\n<h5 data-start=\"7914\" data-end=\"7969\">5. <strong data-start=\"7923\" data-end=\"7969\">Transparency and User Control Enhancements<\/strong><\/h5>\n<ul data-start=\"7971\" data-end=\"8232\">\n<li data-start=\"7971\" data-end=\"8074\">\n<p data-start=\"7973\" data-end=\"8074\">The platform increased the granularity and visibility of ad targeting information available to users.<\/p>\n<\/li>\n<li data-start=\"8075\" data-end=\"8232\">\n<p data-start=\"8077\" data-end=\"8232\">Users received clear explanations on why they were targeted with a particular ad and were empowered with simple options to opt out of behavioral targeting.<\/p>\n<\/li>\n<\/ul>\n<h4 data-start=\"8234\" data-end=\"8262\">Outcomes and Challenges<\/h4>\n<ul data-start=\"8264\" data-end=\"8987\">\n<li data-start=\"8264\" data-end=\"8528\">\n<p data-start=\"8266\" data-end=\"8528\"><strong data-start=\"8266\" data-end=\"8292\">Advertiser Adaptation:<\/strong> Advertisers initially experienced challenges adapting campaigns to new targeting methods, requiring education and tooling. The company supported this with training and analytics showing effectiveness of contextual and first-party data.<\/p>\n<\/li>\n<li data-start=\"8529\" data-end=\"8792\">\n<p data-start=\"8531\" data-end=\"8792\"><strong data-start=\"8531\" data-end=\"8554\">Performance Impact:<\/strong> While there was an initial dip in targeting precision, predictive modeling and cohort-based techniques helped recover some performance. Overall revenue remained robust due to the company\u2019s diversified revenue streams and large user base.<\/p>\n<\/li>\n<li data-start=\"8793\" data-end=\"8987\">\n<p data-start=\"8795\" data-end=\"8987\"><strong data-start=\"8795\" data-end=\"8820\">Regulatory Relations:<\/strong> By proactively engaging with regulators and adopting best practices, the company avoided major fines and positioned itself as a leader in privacy-centric advertising.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"8989\" data-end=\"9162\">This case exemplifies how a global tech company must balance innovation, regulatory compliance, and user trust across multiple jurisdictions with diverse privacy frameworks.<\/p>\n<h3 data-start=\"9169\" data-end=\"9268\">Example 3: Emerging Markets (India, Brazil) and Ad Targeting under New Law Regimes<\/h3>\n<p data-start=\"9270\" data-end=\"9704\">Emerging markets such as India and Brazil have recently introduced or are advancing new data privacy laws (India\u2019s <strong data-start=\"9385\" data-end=\"9425\">Digital Personal Data Protection Act<\/strong>, Brazil\u2019s <strong data-start=\"9436\" data-end=\"9477\">Lei Geral de Prote\u00e7\u00e3o de Dados &#8211; LGPD<\/strong>) that reshape digital advertising landscapes in these fast-growing digital economies. Their unique socio-economic, regulatory, and infrastructural contexts lead to distinct challenges and adaptations in ad targeting practices.<\/p>\n<h4 data-start=\"9706\" data-end=\"9735\">Brazil: LGPD in Practice<\/h4>\n<p data-start=\"9737\" data-end=\"9840\">Brazil\u2019s LGPD, inspired by GDPR, came into force in 2020, applying broadly to personal data processing.<\/p>\n<ul data-start=\"9842\" data-end=\"11145\">\n<li data-start=\"9842\" data-end=\"10223\">\n<p data-start=\"9844\" data-end=\"10223\"><strong data-start=\"9844\" data-end=\"9871\">Impact on Ad Targeting:<\/strong><br data-start=\"9871\" data-end=\"9874\" \/>Brazilian companies initially faced challenges adapting legacy systems to LGPD\u2019s requirements for explicit user consent, purpose limitation, and data subject rights (e.g., right to access, correction, deletion). Many companies had to overhaul data collection practices, implement consent management platforms, and revisit third-party data sharing.<\/p>\n<\/li>\n<li data-start=\"10225\" data-end=\"10522\">\n<p data-start=\"10227\" data-end=\"10522\"><strong data-start=\"10227\" data-end=\"10261\">Advertising Industry Response:<\/strong><br data-start=\"10261\" data-end=\"10264\" \/>Major Brazilian ad tech firms shifted toward greater reliance on first-party data, increased use of contextual advertising, and enhanced transparency efforts. There was a notable surge in partnerships with consent management providers to ensure compliance.<\/p>\n<\/li>\n<li data-start=\"10524\" data-end=\"10861\">\n<p data-start=\"10526\" data-end=\"10861\"><strong data-start=\"10526\" data-end=\"10549\">Empirical Outcomes:<\/strong><br data-start=\"10549\" data-end=\"10552\" \/>Studies indicate a decline in acceptance rates for tracking cookies in Brazil comparable to GDPR\u2019s impact in Europe, though slightly lower (~55% consent rates on average). Consequently, targeting precision dropped, with advertisers reporting around 12\u201315% decreases in click-through rates on behavioral ads.<\/p>\n<\/li>\n<li data-start=\"10863\" data-end=\"11145\">\n<p data-start=\"10865\" data-end=\"11145\"><strong data-start=\"10865\" data-end=\"10896\">Opportunities &amp; Challenges:<\/strong><br data-start=\"10896\" data-end=\"10899\" \/>Brazil\u2019s growing digital economy means advertisers and platforms continue investing in privacy-compliant innovation to maintain effectiveness. However, enforcement is still maturing, and companies face uncertainty over evolving interpretations.<\/p>\n<\/li>\n<\/ul>\n<h4 data-start=\"11147\" data-end=\"11190\">India: Emerging Data Privacy Framework<\/h4>\n<p data-start=\"11192\" data-end=\"11332\">India\u2019s data privacy laws are in development, with the Digital Personal Data Protection Act enacted recently but enforcement still evolving.<\/p>\n<ul data-start=\"11334\" data-end=\"12595\">\n<li data-start=\"11334\" data-end=\"11641\">\n<p data-start=\"11336\" data-end=\"11641\"><strong data-start=\"11336\" data-end=\"11367\">Current State of Targeting:<\/strong><br data-start=\"11367\" data-end=\"11370\" \/>Indian digital advertising is vibrant and growing rapidly, driven by a large, young, mobile-first population. Currently, data privacy enforcement is limited but evolving. Many platforms voluntarily adopt GDPR-style consent management to prepare for stricter regulation.<\/p>\n<\/li>\n<li data-start=\"11643\" data-end=\"12061\">\n<p data-start=\"11645\" data-end=\"11669\"><strong data-start=\"11645\" data-end=\"11667\">Unique Challenges:<\/strong><\/p>\n<ul data-start=\"11672\" data-end=\"12061\">\n<li data-start=\"11672\" data-end=\"11809\">\n<p data-start=\"11674\" data-end=\"11809\">High smartphone penetration but significant diversity in literacy and digital awareness affects user understanding and consent rates.<\/p>\n<\/li>\n<li data-start=\"11812\" data-end=\"11916\">\n<p data-start=\"11814\" data-end=\"11916\">Limited digital infrastructure in rural areas makes reliance on third-party cookies less consistent.<\/p>\n<\/li>\n<li data-start=\"11919\" data-end=\"12061\">\n<p data-start=\"11921\" data-end=\"12061\">A cultural preference for localized language content necessitates regionally tailored ad targeting, complicating uniform privacy compliance.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"12063\" data-end=\"12331\">\n<p data-start=\"12065\" data-end=\"12331\"><strong data-start=\"12065\" data-end=\"12090\">Industry Adaptations:<\/strong><br data-start=\"12090\" data-end=\"12093\" \/>Major Indian ad platforms and publishers have begun piloting consent frameworks and investing in first-party data collection strategies (e.g., via app logins, messaging platforms). Contextual targeting is growing as a safer alternative.<\/p>\n<\/li>\n<li data-start=\"12333\" data-end=\"12595\">\n<p data-start=\"12335\" data-end=\"12595\"><strong data-start=\"12335\" data-end=\"12358\">Prospective Impact:<\/strong><br data-start=\"12358\" data-end=\"12361\" \/>Once regulations become fully enforceable, Indian advertisers and platforms may face similar shifts as seen in Europe and Brazil, including reductions in third-party cookie use and shifts toward privacy-preserving targeting methods.<\/p>\n<\/li>\n<\/ul>\n<h4 data-start=\"12597\" data-end=\"12639\">Common Themes Across Emerging Markets<\/h4>\n<ul data-start=\"12641\" data-end=\"13463\">\n<li data-start=\"12641\" data-end=\"12809\">\n<p data-start=\"12643\" data-end=\"12809\"><strong data-start=\"12643\" data-end=\"12676\">Balancing Growth and Privacy:<\/strong><br data-start=\"12676\" data-end=\"12679\" \/>Rapid digital adoption encourages innovation and investment, but privacy laws introduce new operational and technological costs.<\/p>\n<\/li>\n<li data-start=\"12810\" data-end=\"13038\">\n<p data-start=\"12812\" data-end=\"13038\"><strong data-start=\"12812\" data-end=\"12854\">Need for Education and Infrastructure:<\/strong><br data-start=\"12854\" data-end=\"12857\" \/>Both users and companies require education on privacy rights and compliant data handling, plus tools that can operate effectively given variable connectivity and digital literacy.<\/p>\n<\/li>\n<li data-start=\"13039\" data-end=\"13236\">\n<p data-start=\"13041\" data-end=\"13236\"><strong data-start=\"13041\" data-end=\"13072\">Global vs Local Compliance:<\/strong><br data-start=\"13072\" data-end=\"13075\" \/>Companies operating in these markets must reconcile global standards (e.g., GDPR, CCPA) with local laws and practices, complicating their targeting strategies.<\/p>\n<\/li>\n<li data-start=\"13237\" data-end=\"13463\">\n<p data-start=\"13239\" data-end=\"13463\"><strong data-start=\"13239\" data-end=\"13266\">Innovation Opportunity:<\/strong><br data-start=\"13266\" data-end=\"13269\" \/>Emerging markets provide fertile ground for privacy-preserving ad tech innovations that could leapfrog older models, integrating mobile-first, AI-driven contextual, and cohort-based targeting.<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"13470\" data-end=\"13480\">Summary<\/h2>\n<p data-start=\"13482\" data-end=\"13909\">These case studies highlight the complex, multifaceted impacts of data privacy laws on ad targeting across geographies. EU companies adjusting to the DSA show the challenges of balancing compliance with targeting effectiveness, US tech giants illustrate global adaptation strategies blending technology and legal compliance, and emerging markets reveal how nascent regulatory environments interact with unique local conditions.<\/p>\n<p data-start=\"13911\" data-end=\"13942\">Together, they underscore that:<\/p>\n<ul data-start=\"13944\" data-end=\"14276\">\n<li data-start=\"13944\" data-end=\"14008\">\n<p data-start=\"13946\" data-end=\"14008\">Consent and transparency are now cornerstones of ad targeting.<\/p>\n<\/li>\n<li data-start=\"14009\" data-end=\"14126\">\n<p data-start=\"14011\" data-end=\"14126\">The decline of third-party tracking accelerates innovation in first-party data and privacy-preserving technologies.<\/p>\n<\/li>\n<li data-start=\"14127\" data-end=\"14203\">\n<p data-start=\"14129\" data-end=\"14203\">The business models of ad networks, platforms, and publishers must evolve.<\/p>\n<\/li>\n<li data-start=\"14204\" data-end=\"14276\">\n<p data-start=\"14206\" data-end=\"14276\">Cross-border complexity demands nuanced, locally sensitive approaches.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"14278\" data-end=\"14362\" data-is-last-node=\"\" data-is-only-node=\"\">If you want, I can help expand any section or provide supporting data or references!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction In recent years, the landscape of online advertising has been undergoing one of its most significant transformations. Driven by growing public concern over privacy, misuse of personal data, and the opaque mechanisms of ad targeting, governments around the world have introduced or strengthened regulations to protect the rights of individuals. Among the most prominent [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6897","post","type-post","status-publish","format-standard","hentry","category-technical-how-to"],"_links":{"self":[{"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/posts\/6897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/comments?post=6897"}],"version-history":[{"count":1,"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/posts\/6897\/revisions"}],"predecessor-version":[{"id":6898,"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/posts\/6897\/revisions\/6898"}],"wp:attachment":[{"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/media?parent=6897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/categories?post=6897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lite16.com\/blog\/wp-json\/wp\/v2\/tags?post=6897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}