The Digiday Podcast

To anyone hoping that California’s updated privacy law would help to simplify privacy compliance in the U.S., sorry. That doesn’t seem to be the case. Instead, the California Privacy Rights Act (CPRA), which takes effect on Jan. 1, seems set to muddy the privacy landscape even more. “CPRA is this unique kind of beast that has complicated privacy significantly for organizations in the U.S.,” said Sarah Bruno, a partner at the law firm Reed Smith, on the latest Digiday Podcast. One aspect of the CPRA needing clarification is the difference between the law’s “contractor” and “service provider” labels. “A contractor is a company that you make data available to, and a service provider’s a company that processes the data on your behalf. That’s not super clear, is it? We need more clarity on that,” Bruno said. The CPRA does clarify some aspects of California’s existing privacy law, the California Consumer Privacy Act (CCPA), which took effect in 2020. It covers the sharing of data for cross-contextual behavioral adv