We're thrilled to bring you the highly anticipated Part 2 of our exclusive interview series on Navigating Data Privacy. Join our Chief Revenue Officer, Lori...
Plug in your earbuds and take a listen to our very own Chief Revenue Officer, Lori Paikin, as she teams up for an EXCLUSIVE interview with Legal Expert, David Bertoni from Brann & Isaacson.
In today's digital landscape, understanding and complying with privacy regulations is paramount for individuals and businesses alike. Marketers face the constant challenge of protecting data from unauthorized access or misuse while delivering effective campaigns. That's why we're thrilled to bring you an interview with renowned legal expert David Bertoni, Partner at Brann & Isaacson.
In this insightful interview, our Chief Revenue Officer, Lori Paikin, sits down with David Bertoni to dive deep into the evolving world of data privacy. Together, they explore the complexities, best practices, and the implications of privacy regulations for marketers in this digital era. Stay tuned for next week's release of our exclusive Navigating Data Privacy Part 2, this episode will help arm you with the knowledge to protect your data, respect privacy rights, and build trust in the digital world.
Hi everyone. Welcome to this edition of Two Gals & Some Data. I'm so excited to be talking with David Bertoni today. David is a partner with the law firm, Brann & Isaacson, and a prominent authority on multichannel advertising and data privacy. David has recently authored white paper, An Advertiser's Guide to Data Privacy in 2023, and is here to talk about it with us today. Thanks, David.
It's good to be here.
David, you have a pretty interesting background, and if we have time later, I may have a question or two about that, but for now, could you share a little bit about how you came to work with and specialize in online and multichannel marketing?
My first privacy case was back in 1987. Before the internet although, many of my clients at the time were defense contractors and so they had an internet of their own before it became commercial. And my first case involved a partner who was working with an author on a book called In Search of the "Manchurian Candidate", turns out that the CIA was engaged in all sorts of activities involving brain reprogramming and so forth, and so a lot of federal privacy laws existed at the time that we looked at. Back then, privacy was about the government taking your information, not about private companies taking your information. And so, there was a sea change after that. And I ultimately moved to Maine and joined a firm that was general counsel to L.L.Bean and a lot of large players in the mail order industry. And as that mail order industry evolved into online commerce, I came along for the ride and learned about online privacy really as a novel concept that everybody was trying to figure out as it unfolded.
Well, most of the NaviStone team has spent their careers working with multichannel marketers as well, so our history goes back with you many, many years. And when you mentioned 1987, it didn't sound like that far back to me because I started my career working with multichannel marketers in 1989 and again, pre-internet days. But at NaviStone, we are bridging the gap between online and offline channels. So, in addition to having that experience working with these types of advertisers, our solution truly is a multichannel solution. And I think this white paper is such a valuable resource for our clients because when you work with online and offline data, maintaining data privacy is so important in maintaining compliance with all of the different regulations is top of mind for us.
I think one of the biggest challenges that our clients have is not just becoming compliant but then remaining compliant because the privacy landscape continues to evolve and advertisers have to do more than just simply remain compliant with the regulations from the state their business is in, but the states that their customers reside in and those regulations vary. Last week I read that the state of Montana became the latest state to pass comprehensive privacy law becoming number nine now, and just giving advertisers one more set of regulations to comply with. So, we were of course thrilled to team up with you on this important topic, but David, talk a little bit about what caused you to want to team up with NaviStone?
Well, NaviStone really was engaging in a business that had at its core technology that is very commonplace on the web. And what I liked about NaviStone and fortunately some of us as attorneys get a choice of who to represent, NaviStone had a business that was really built from the ground up in complying what was the bellwether idea about internet privacy and the use of information offline, and that is always keep individual identity information separate from whatever other information you collect. It's a rule that was started back in the ancient history of online legal analysis. Back in 2001, there was a seminal decision involving DoubleClick, you may remember that. DoubleClick had gone very public with an idea that it was going to combine its database used by direct marketers with clickstream data, the kind of data that shows what those individuals do online.
That got the attention not only of the Federal Trade Commission but also a large number of private lawyers who ended up suing DoubleClick. The case ended up settling the FTC ended up closing the case, but it really left in place this idea that the core way to protect privacy is to keep personal information separate from what is presumptively anonymous activity on the web or at least just perceived to be anonymous by the public, keeping those separate protects core privacy rights.
So it's interesting that you mentioned the case against DoubleClick. I don't know if you remember, but I was an employee at DoubleClick at that time. I actually joined the Abacus team in 1993 and then shortly after we were acquired by DoubleClick, and it was that whole notion of that offline data and that online data being resident or house or known by the same entity that made people really nervous. But after reading through the white paper, I hadn't realized that consumer privacy dates back even longer than that, I think it's 100 years back. So talk a little bit about that. How's the privacy landscape changed over time going back to the early days in the early 1900s?
Well, in the early 1900s, there were scholars who began thinking very carefully about information and the way that it was being gathered and disseminated and called out an alarm about people getting information about other people's ordinary day-to-day activities and thinking about ways in which it ought to be protected because there's no contrary to popular belief, there is no generic federal privacy protection absent what Congress does. Now, some Supreme Court cases have derived a right of privacy from what they call the penumbra of certain other constitutional provisions, but the US Constitution does not have an enumerated right to privacy. And what these scholars were looking at was basically extrapolating from, say, the protections against unreasonable searches, the protections given to essentially freedom of expression, things that get chilled when they're intrusive eyes. It was a novel idea when it was first debated and Congress really didn't act on it because they were all pressing Congress to do something because it was very difficult to create a right of privacy out of common law or out of the US Constitution.
And so, that was the academic side of this. And then in parallel, you had folks like Aldous Huxley who were falling an alarm. In fact, in the 1960s shortly before his death, he was talking about how mass media and mass forms of information dissemination could influence elections and change people's behavior and be used as the new tool of fascist depression, that it was no longer physical constraints but the inundating people with information that would cause this. And so, you had a bunch of forces coalescing to try to protect individual freedom and the privacy that goes along with it.
Yeah. I know a lot of our clients give us feedback that they're struggling to understand what legislation exists today versus what's being proposed and what states are impacted. Can you envision a time when we have federal regulation?
Well, in this area, it's very difficult to say. I am engaged from time to time to meet with the sad group of young interns working for Congress, people who ask why their job entails them doing nothing. And when you look at what Congress has done in recent years, the most prevalent activity is renaming post offices. So, I don't have a lot of hope in this front, and each year, there are candidates for potential legislation that filter their way up because it's a useful campaign slogan to say, "I care about privacy, but the devil is in the details." Having said that, we are now reaching what I think is a critical mass, we are reaching a place where we're likely to have individual state privacy laws in dozens of states. The number of states that are actively now considering this kind of legislation is multiplying rapidly and some of these laws are pretty crazy.
So, we're going to find that Congress will eventually, I think, feel an obligation to step in and try to create a uniform standard the way they did with spam. You may recall the CAN-SPAM Act, the federal act was triggered by a California law that said that before you send an email to anyone, you need to have their written consent to receive it. And rather insane but not atypical of California regulation that provoked Congress to act and the CAN-SPAM Act is a pretty sound rational approach to regulating email marketing. It doesn't deal with consent, it gives everyone a free shot at an email, but gives the consumer the right to stop them. So, you can put on your best sorcerer's hat to predict what's going to happen next, but I think perhaps we are going to see some action as more of these bills come online.
Yeah. So, I think there are nine states that already have legislation in place today, but you had mentioned that there are dozens more that are actively working to get that legislation. How different or similar are they to each other? Because I think that there are some core fundamental practices that are common to all, and then there are some of these unique components that each state might throw in. But I'm just curious from your perspective, because I know you addressed that in the white paper, similarities and differences key components of each of the state regulations. I'm just kind of curious how you think about it, how similar are they all?
They all attempt to get at the same issue, and I'm happy to talk about what that issue is because I'm not quite sure that the states really understand what the issue they're getting at is. But what you've got are laws that want to place a greater amount of consumer choice in place, but go about it in very different ways. And then you have other provisions which are always trying to sneak into these laws which create basically a bounty hunter class, private plaintiff's lawyers who effectively become deputized to enforce these laws. And that's the greatest danger, I think, to business and the growth of the internet. There used to be states that employed bounty hunters to go after taxes, getting a percentage of what was collected, and that ended up to be a nightmare rife with abuse, and we're seeing the same thing going on in privacy there.
These cases are being filed and driven by profit minded plaintiff's lawyers who are very much like the character in The Untouchables when Harrison Ford says, "I didn't murder my wife!" their reaction is, "I don't care." And in this case, no one was harmed by our practices "I don't care," there's no sort of taking into account good faith efforts to comply, there's no taking into account good corporate citizenship. That's the fear that I see. And there are laws that are being debated in a variety of states including Iowa and Louisiana. Louisiana, by the way, has a bill in place and they're the last bastion of the bounty hunter tax bar. So, that's the thing I would be most concerned about.
But as we saw in data breach rules, there's a plethora of those, there's self-contradicting elements. One thing that must be reported in Massachusetts, it's a crime to report it somewhere else. And managing these inconsistencies, I think, almost drives you back to a more fundamental idea about what are the real issues to protect against. And I think the industry is coming along to understand that what they're protecting against isn't so much whether they've harmed consumers or violated privacy rules, but whether they've become a target for litigation. And it's an unfortunate dichotomy because what we should be caring about is privacy, not the fact that there may be these predators waiting to file a lawsuit over a technicality, which is really what's become of privacy protection in America.
David lets pause here for today and pick it back up next week to finish our discussion on consumer privacy. In the interim please download An Advertiser’s Guide to Data Privacy in 2023 at www.brannlaw.com or www.navistone.com see you all back here next week.