Announcement: Action Required for State Privacy Law Updates (11/22/22)
In light of ongoing changes to state and federal laws and regulations, LiveRamp has made a number of changes to its policies, including our Data Marketplace policies. The sections below outline these changes, and any required actions on your part, depending on how you use LiveRamp.
Note
12/1/22: This article was updated with additional information.
On January 1, 2023, the California Privacy Rights Act (CPRA), an act amending the California Consumer Privacy Act (CCPA) of 2018, will go into effect, and a comprehensive privacy law will go into effect in Virginia. By the end of 2023, privacy laws in at least three other states (Colorado, Connecticut, and Utah) will go into effect. These laws amend and expand rights that consumers were afforded under the CCPA, add similar rights to new states, and create additional responsibilities relating to how LiveRamp handles personal data.
LiveRamp has always been a privacy-centric company focused on enabling the safe and effective use of data, and we welcome the passage of additional privacy laws. Many of the new state laws codify the policies and standards that LiveRamp has implemented for many years. As it was for the CCPA in 2018, LiveRamp is prepared to comply with the requirements of new state privacy laws when they go into effect, and we intend to serve as a trusted technology partner for our customers as we move forward in this process.
Brand and Agency Customers
As part of our efforts to facilitate compliance with new state privacy laws, we are surfacing a popup for some customers to review and accept our Data Processing Agreement and Platform Terms when they log in to their LiveRamp application. These terms will protect you and LiveRamp as these laws come into effect.
If you see the popup, you’ll need to review and accept these terms by January 1, 2023 to continue using our products. More information on what these requirements might mean for you and how LiveRamp is meeting these requirements can be found here.
Note
These terms and DPA are different from the Platform Terms and DPA required for data sellers.
Contact your Customer Success Manager with any questions relating to the Platform Terms, the Data Processing Agreement, or the new state privacy laws.
Data Marketplace Customers
Effective January 1, 2023, Virginia will be the first state to require opt-in consent for processing sensitive data with other states to follow as those laws go into effect later in the year. "Sensitive data" is defined under the Virginia privacy law here. While not yet final, the California CPRA draft regulations §7014 currently require consent from the consumer for sensitive data that was collected during the time the business did not provide the “Notice of Right to Limit” the use and disclosure of sensitive personal data.
LiveRamp’s Data Marketplace Data Policy is amended, effective January 1, 2023, to prohibit any “sensitive” segments that include data relating to Virginia residents (or California residents, if applicable).
In addition to these changes, LiveRamp makes the following clarifications, effective immediately:
Customers accessing data through the Data Marketplace should not expect LiveRamp to have conducted data seller data sourcing reviews to determine the data’s compliance with U.S. privacy laws.
LiveRamp will offer a way for data sellers to make information about their data sourcing available to Data Marketplace buyers to aid buyers in conducting their due diligence for the data they are accessing through Data Marketplace.
Data sellers are still required to comply with all applicable state and federal laws and regulations.
Customers Who Are Not Data Sellers
For data buyers (and any LiveRamp customer who is not a data seller), no action is required on your part. We just wanted to inform you that while LiveRamp has historically reviewed Data Marketplace Data Seller data sourcing practices, these reviews were never meant to be relied on by clients. In recent years the trend towards state-level privacy regulations has led to increasingly complex standards and variation among customers regarding interpretations of the laws and risks. These changes have led to the decision to help buyers make their own decisions about what is being accessed from sellers through the Data Marketplace.
Data Sellers
For data sellers, it is your responsibility to determine what within your data meets the Virginia law’s definition of sensitive data and to comply with LiveRamp’s updated policy by January 1, 2023. Data sellers continue to be required to comply with all applicable state and federal laws and regulations.
In addition, LiveRamp has reviewed its Data Marketplace policies and has updated Terms & Conditions and Data Processing Addendums (DPA) for all Data Marketplace data sellers to review and sign ASAP (and no later than April 1, 2023).
Note
These terms and DPA are different from the Platform Terms and DPA required for certain customers who are not data sellers.
If you’re a data seller, your LiveRamp account team will reach out with information about this process.