Speaker 1
Hi, Max. How are you doing today?
Speaker 2
Good. How are you?
Speaker 1
You know, I'm good, but it's been busy. This is, this is one of the most whirlwind feeling, IPP Global Privacy Summits we've ever had.
Speaker 2
Right? Yeah.
Well, I think it's because there are seven conferences happening since I
Speaker 1
mean, when you put a conference between holidays, it all happens at once.
Yeah. So literally in the last forty eight hours, we've had IPP Global Privacy Summit, IAB Public Policy and Legal Summit, customer dinner last night. Like, it's just been I mean, we haven't had a moment to breathe, but it's good stuff. It's good.
Speaker 2
Live for it.
Speaker 1
Yeah. Still hucking the octopus the last two days of the booth. I mean, we've folks, we've produced probably three thousand of these things and still not everybody has one. So it's it's amazing.
Speaker 2
And yet, we're almost out.
Speaker 1
Yeah. So anyways, I think most of you know Max Anderson sitting to my right, but Max, introduce yourself for our audience.
Speaker 2
Of course. Hi. I'm Max Anderson, of the co founders and head of product to your Ketch.
Speaker 1
Awesome. So we wanna come on and do a privacy huddle live here from the *** people privacy summit because there's been a lot of interesting hot topics. Yeah. And so I wanna break down a few of them.
Frankly, starting with the IAB event today because there's some great sessions at Convene here in Washington DC put on by the IAB. Let's start with the keynote delivered by Michael Hahn with Tom Kemp of the CCPA or Cal Privacy rather.
He talked through a lot of things that were forcing priorities from their end. One, this has been a continued theme, but frictionless opt outs and the importance of that. We've heard about that a lot, but what's your current perspective on what's most important there?
Speaker 2
Yeah. I mean, I think it's clear from the conversation people are maybe less confused, but implementation seem to lag behind the understanding that has been hopefully taken away from from folks in the market about settlements around Dish, Sling, and Honda. You know, I think the big things that that come to mind for me listening to Tom Kim talk about it, you know, one click. Right?
Dark patterns and having the options to opt out be redirect to a privacy policy where they might say, yeah, we, of course, may or may not sell your data, but in the case that we do sell your data, you can do this and another link and so on and so forth. So frictionless means one click. And I think the other element of that certainly coming from Honda and Sling frankly to some degree is if you know who the individual is, don't ask them for information to facilitate the opt out request.
In no case, do you wanna implement a pattern where you're gonna have to verify identity.
And I think the last one, mostly the Honda related is, you know, too many form fields that aren't relevant for for the action people are taking. The the one that I'm biggest and bullish about is don't have a form and then also put in the subtext of the disclosure that if you really wanna opt out, you also gotta go to the CMP and and switch dials. I think that's like a really, important takeaway that we heard last here today.
Speaker 1
Absolutely. The CMP DSAR tooling integration.
Speaker 2
Correct.
Speaker 1
We also heard some folks talk about their marketing team is pushing on them to are you sure you wanna opt out?
Speaker 2
Which we
Speaker 1
should folks made it clear that's probably not something you
Speaker 2
should do.
One of the great questions from one of the breakouts was, who designed this? Like, is this a vendor thing or was somebody in marketing just trying to get a little bit clever with the implementation? We didn't discuss too much the, you know, the vendor nuances, but, certainly attention being paid to marketing's desires to keep the data in the boat.
Speaker 1
We can't help ourselves.
Speaker 2
It's a real problem.
Speaker 1
It is. Yeah. The other thing we're hearing Tom Kemp's keynote was on, you know, regardless of the vendor you're using to effectuate do not sell requests. If if the vendor if you if you're if you're getting kind of caught in in the way you've set it up, is it your fault? Is it your vendor's fault? And Tom can make it pretty clear the onus is on the brand.
Speaker 2
Absolutely. He did make it clear. It's a little bit of key change from what we were hearing, in other regulatory panels, you know, going back to CLA earlier this year. It definitely sounded like at that time there was, rumblings and implications that perhaps vendors are gonna be scrutinized in a new way. I suspect it's possible that will still happen, but, you know, I think Tom was very clear, you know, the the responsibility ultimately still does lie on the brand side.
Speaker 1
Absolutely. So, yeah, Tom had a great to know this morning, and then the other thing that we heard this afternoon was a really interesting breakout around just just breaking down the recent enforcements and and what does that mean in practical terms. How are people implementing? And I think the topic that came up and just generated the most kinda raised hands and questions in the room was there's a lot of seemingly colliding modern privacy requirements around I have to effectuate do not sells, I have to worry about giving appropriate notice relative to ****, VIPA claims, I think I might need a cookie banner for GDPR but I don't know about California, and so a lot of just questions in the room about how do you handle all this in the context of a single banner or a single thing. So Max, obviously you're talking with our customers dealing with how they deal with these conflating requirements. How are you thinking about it?
Speaker 2
Well, I think even before that, the the most salient takeaway look, there's a lot of confusion. One of the women who attended the breakout, you know, asked the question, we were talking about the Honda settlement and the requirement that you need to have a reject all button. And she said, well, yet, concurrently, just twenty minutes ago, was in the other room and they said I didn't need a cookie banner at all. Right.
So I think there is a lot of confusion about whether you need a cookie banner or not. Certainly from my position and the implementations we see in the way we read the guidance, a disclosure, and I'm very intentionally not using a cookie banner word because I don't think this is a cookie banner problem at all. Under CCPA, you know, right to opt at a sale or share personal information is the target. The ability to do that may or may not be facilitated by a cookie banner, but I'm not sure I would even write the word cookies in the actual set of options.
Would talk about do not sell or share as the high order of it. Whether that is implemented through a software of the category, you know, CMP or cookie banner is another element. But the disclosure is really around minimizing your exposure under CEFA. Making sure you give disclosures that, you know, tracking technologies, data collection, etcetera will happen.
I think that's the best practice, but I think the do not sell or share link needs to be about do not sell or share. And I don't think you need to be talking about cookies at all, which is the irony of this. And so the concept of reject all coming out of a settlement under CCPA is, you know, it's it's just it's illustrative that that it's still confusing.
Speaker 1
One, it's it's interesting too because I've talked to a number of folks that, you know, you say, well, it's it's more than a cookie banner, and some folks will say, oh, I know. That's just like shorthand.
Speaker 2
Yeah.
Speaker 1
But then other folks do mean cookies, and they need a little bit of a broader education. So we have it in this interesting place of education in the market where cookie banner doesn't mean the same thing to everybody.
Speaker 2
Exactly. And and I I call upon my esteemed colleagues in the legal department to depend on precision of language. Words have meaning and we should use them intentionally. And I think it is because of that confusion using the term or invoking cookie banner to describe solutions in this market is fundamentally unhelpful. And so we're very, very intentional not to talk about cookie banners as a as the thing, but, you know, consent management as a mechanism to facilitate this.
Speaker 1
Yeah.
Well, Max, it's been a pleasure talking with you today. I appreciate your time. I I can't let the audience go without acknowledging Max, you're from Oklahoma. Oh, yes. Max's home state finally decided to join the data privacy party and and is and is looking at a consumer privacy law. You must have an inside scoop, right, being from the Sooner State. Right?
Speaker 2
Hey, man. I've I've been hitting the pavement hard for a long time, and I I'm I'm grateful that the hard effort has ultimately born fruit, and I'm really proud of my colleagues from the great state of Oklahoma. It's it's great not to be last. You know? Oklahoma has a tendency to be last of the party in some of these things, and Look at us blazing the trail for the first time in a long time.
Speaker 1
I love it. Well, congratulations, sir.
Speaker 2
Thank you. Thank you.
Speaker 1
Let your family know. I'm happy for them.
Speaker 2
Of course. Yes. I will. I will.
Speaker 1
And thank you all so much. For those of you we've seen in person last couple days, always a treat. It's been so much fun spending time together in DC, and we'll see you on the next huddle.
