Data Privacy Spotlight: Publisher Highlights And a Checklist For Evaluating New Publisher Partners

8th May 2024

Neutronian Data Privacy Scores take the guesswork out of vetting new partners. Designed to help organizations evaluate the privacy practices of brands, publishers, data providers and platforms, these scores are an easy way to get a gut check on a partner that is new to you or keep an eye on partners you are already working with. This is especially important as we continue to see more and more privacy legislation pass making it feel near impossible to keep upFor this Data Privacy Spotlight, let’s take a look at several well known publishers’ data privacy scores.

Publisher Privacy Scores for Social Publishers
Publisher Privacy Scores for E-Commerce Sites

Publisher Privacy Scores for News Publishers
Publisher Privacy Scores for Sports Publishers

The above publishers are sure to represent a sizable portion of most media plans. It’s not surprising that the major publishers listed above “have their ducks in a row” and seem to have more established data privacy practices. However, chances are your clients’ campaigns are running on more than just the big name sites and that is where the risk lies…in the unknown.

 A first line of defense is to have a process in place to evaluate new publisher partners and monitor those you are already partnering with. This checklist is a starting point to assess a publisher website’s compliance with privacy regulations in order to help ensure that you and your clients are working with low privacy risk partners. It’s important to note that specific requirements can vary depending on the jurisdiction(s) a website operates in. Consulting with a legal professional is always recommended for comprehensive legal advice.

Checklist For Assessing A New Publisher Partner

  • Privacy Policy: Is there a clear and accessible privacy policy posted on the website?

  • Personal Data Collection and Usage: Does the privacy policy explain, in plain language, key details about the data they are collecting and using including the types of data collected, purposes of data processing, data sharing practices, and how users can exercise their privacy rights?

  • Cookie Notice: Is there a clear and accessible cookie notice explaining how cookies and similar tracking technologies are used? Do users have the option to accept or reject non-essential cookies and are those cookie preferences stored and respected across sessions?

  • Consent Mechanism: Does the website obtain clear and verifiable user consent for the collection and use of personal data, especially for sensitive data or targeted advertising, before collecting any data? Are consent mechanisms, such as checkboxes or pop-up banners, prominently displayed and easy to understand? Do users have the option to withdraw their consent at any time?

  • U.S. State Privacy Compliance: Does the website comply with the requirements for all active U.S. state privacy regulations? Do users have the ability to exercise the privacy rights outlined in each of these laws (ex. data access, deletion, opt-out, etc.)? Currently the list of active U.S. regulations includes:
    • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
    • Colorado Privacy Act (CPA) 
    • Connecticut Data Privacy Act (CTDPA)  
    • Virginia Consumer Data Protection Act (VCDPA) 
    • Oregon Privacy Act (OCPA) Utah Consumer Privacy Act (UCPA) 

  • EU/UK (GDPR) Compliance: Does the website comply with the General Data Protection Regulation requirements for data subject rights, lawful basis for processing, and data transfer limitations (if applicable)?

Remember, this checklist is a general guide, and legal requirements can change. It is important to stay on top of regulations and monitor your partners ongoing to ensure they remain compliant as requirements evolve. The good news is you do not need to do this all internally. There are tools available to help you with these efforts including Neutronian’s Data Privacy Scores. Our Data Privacy Scores dataset can be used to enhance your existing whitelist or as an avoidance mechanism similar to brand safety. It is accessible through any DSP.


Share this Post: