Haven't read all the deets, but good news in general, (I think)...........

The first fallout from Europe's data privacy law

As Europe's sweeping new GDPR privacy law went into effect on Friday, it triggered multi-billion dollar lawsuits, the shuttering of news websites overseas and a crash in the European market for programmatic (automated) ads.

Why it matters:
There hasn't been any indication that enforcement will actually be that stringent — in fact, policymakers have indicated they'll be more lenient in the beginning that businesses realize — but ominous press coverage built up over many months and the fear of heavy penalties has so far been enough to rattle the industry, according to Axios' Sara Fischer.

The latest:

  • Some U.S. news outlets have gone dark in Europe: News publishers — many of which were linked to newspaper holding group Tronc, like The Chicago Tribune and The Los Angeles Times — shut down access to their websites from Europe on Friday. As of Monday, those sites were still reportedly blocked.
  • New paywalls are launching in Europe: Other publishers, like The Washington Post, are adding EU-specific paywalls, that are ad-free and tracking-free, but are more expensive.
  • The tech giants are being hit with complaints: Google and Facebook, the two biggest data-driven advertising companies globally, were hit complaints filed by European privacy advocate Max Schrems just hours after GDPR went into effect. Potential penalties, Schrems argues, total up to €7 billion in total.
  • Programmatic ad buying has plummeted: Since the early hours of May 25, ad exchanges have seen European ad demand volumes plummet between 25 and 40 percent in some cases, sources tell Digiday. "Ad tech vendors scrambled to inform clients that they predict steep drops in demand coming through their platforms from Google."

Go deeper: Sara has more here.

The big picture: The panicked reaction to GDPR is significant because U.S.-based attempts to clean up the advertising industry have basically been ignored by marketers.

  • The Federal Trade Commission (FTC) has had native advertising guidelines around deception since 2015, but a lack of enforcement around the rules has caused many publishers to ignore them.

Be smart: Expect enforcement in the U.S. to become a bigger priority now that there has been a full turnover of the five Commissioner positions at the Federal Trade Commission, which enforces consumer protection standards.

  • Two former FTC Commissioners told Axios in March that they expect data privacy and security to be their top consumer protection priority.

What's next? Digital advertising giants are already lobbying the next mega European law, a new ePrivacy Regulation that protects the confidentiality of electronic communications.

Beware "Son of GDPR!" EU privacy czars are crafting something even stricter!
Source: European Commission

And in the US..........

Congress pushes patch for outdated email privacy law

Supporters hope this will finally be the year that the Email Privacy Act will become law. The draft legislation — which has passed the House twice before — would require authorities to get warrants before gathering evidence stored in the cloud, and it's included in the House versions of two must-pass bills announced over the past week.

Why it matters: You might expect that police would always need a warrant to search someone's web-based email archive, cloud-stored files or social media direct messages. In reality, that's not a sure thing.

A 1980s-vintage law known as the Electronic Communications Privacy Act (ECPA) actually gives law enforcement the right to seize files without judicial review if they have been stored on someone else's hard drive for more than 180 days. Courts have limited ECPA's reach, but the outdated rule is still on the books.

Background: That statute made more sense before people started putting all their information online and leaving it there.

  • Nearly all major online providers require a warrant for that data despite ECPA.
  • In 2010, a landmark Sixth Circuit federal court decision ruled it unconstitutional for law enforcement to conduct these searches without a warrant.
  • "The Fourth Amendment is very clear — if the federal government wants to access Americans’ digital content, it must get a warrant," said Rep. Kevin Yoder (R-Kansas), who co-wrote the bill with Rep. Jared Polis (D-Colo.). "It’s time our laws reflected that principle."

Why new legislation is needed: "The Sixth Circuit case technically only applies in the Sixth Circuit," said Tommy Ross, senior policy director at BSA, a software industry lobby. "It's important to codify what is already common practice."

But, but, but: Not all Federal agencies have the ability to obtain warrants. For a Security and Exchange Commission investigation, for example, ECPA is the only game in town. The new law would tie its hands.

Why now: The Email Privacy Act passed the House in 2016 and 2017, but failed in the Senate each time. Supporters think this time will be different.

  • The act is attached to two high-priority bills — the defense authorization bill and the finanancial services appropriations bill.
  • Ross is optimistic because there has been some ECPA reform already this year, including passage of the CLOUD Act that changed the process for international data warrants. The pending Supreme Court decision in Carpenter v. U.S., a case about whether law enforcement can access cell tower data without a warrant, also deals with ECPA.