On October 13th and 14th, Didomi attended the IAPP Privacy. Security. Risk. 2022 conference in Austin, Texas, an event focusing on the intersection of privacy and technology, packed with a wide variety of sessions and workshops on integrating privacy into technology product, service and system development. 


Continuing our expansion in North America, our Chief Privacy Officer Thomas Adhumeau, VP of Sales North America Christopher Beirne and Head of Product North America Jeff Wheeler attended the event to present our Global Privacy Suite, from the Consent Management Platform (CMP) to the Preference Management Platform (PMP), and our competitive intelligence platform Agnostik.


After two days of intense networking and learning in Austin, it’s time to share our learnings and takeaways from the event, and to give some insights on where we believe privacy is headed in the United States in the next few months.






Data privacy in the US is heating up


Our team had already identified some key US trends at the IAPP Global Privacy Summit 2022 last May, some of which have been confirmed since:


  • While some progress has been made towards a federal privacy bill, complications have emerged and it is not likely that it will happen anytime soon

  • A replacement for the Privacy Shield is in the works, with President Biden signing an executive order on EU-US data protection agreement

  • The balance between compliance and user experience remains a hot topic, as Didomi’s Preference Management Platform (PMP) continues to raise interest in North America

US companies are coming together with the idea that privacy cannot and will not be an afterthought for leading businesses anymore. Organizations are gearing up for 2023, as a number of new state data privacy laws are set to be enforced.


US privacy law tracker maps didomi-1


New regulations in California and Virginia will be the first to become effective with the CPRA and VCDPA on January, 1st, followed by Colorado (CPA) and Connecticut (CTDPA) in July, and Utah (UCPA) in December. 


Download our State Privacy Regulation Tracker


Businesses are becoming increasingly aware of this big shift and are getting ready to implement solutions to manage customer choice, such as a Consent Management Platform (CMP), especially now that enforcements have started taking place, with the Sephora settlement for example. 


But we’re also identifying other needs, especially and more interestingly a potential move towards an opt-in model, much like we’ve seen in Europe with the General Data Protection Regulation (GDPR).


Towards opt-in, GDPR-like requirements in the US? 


Privacy in the US has followed an opt-out model so far, requiring users to proactively restrict tracking and/or data sharing from occurring. At first glance, this is fundamentally opposed to the European opt-in system where, according to the GDPR, consent needs to be freely given, specific, informed and unambiguous.


While the upcoming regulations don’t necessarily challenge the American stance, we believe that emerging technologies, frameworks and initiatives such as the Global Privacy Control (GPC), universal opt-out mechanisms and industry Global Privacy Platform (GPP) embedded directly in browsers and operating systems (Apple’s “Ask app not to track” feature, for example) will.


Indeed, as these universal opt-out mechanisms become more widely adopted by users, organizations are bound to observe a significant impact on their data collection practice. Consequently, they will need to implement solutions to re-engage users and collect consent when possible.


This notion of “consent after opt-out” is mentioned in the publication of rules and opinions proposed by Colorado’s Attorney General:


“If a Controller wishes to proactively obtain Consent to Process Personal Data for an Opt-Out Purpose after the Consumer has opted out of Processing for that Purpose, a Controller shall provide a link or similar mechanism on its website or application that enables the Consumer to provide Consent.”

Code of Colorado Regulations, Department of Law – Consumer Protection (Rule 7.05 - B)


For Didomi, this is going full-circle as we’ve started our company around European regulations, building the notions of opt-in and consent at the very core of our products. In light of these developments and our expertise, we strongly believe that we will be a partner of choice for US businesses to tackle their data privacy challenges in the near future.


Two key products to watch out for


Finally, we’ve identified two lines of products that will cover very important themes in North America as the new regulations progressively roll out: Data Subject Access Request (DSAR) and Dynamic Vendor List Management.


We’ve already talked about Data Subject Access Requests (DSARs) in our last takeaways from the IAPP Global Privacy Summit 2022, and have continued to invest in the topic since. We believe DSARs will be critical in the coming months in the United States, for organizations to ensure that users requests are handled appropriately, whether we’re talking about accessing, updating or deleting their data.


Learn everything you need to know about DSARs


Vendor list management is emerging as another topic that will become very important for American companies, as they will need solutions to track vendors and scan their websites to reduce the risk of a potential legal breach, ensure effective monetization, etc. 


It is starting to become clear that the list of vendors, which will need to be disclosed to users with CPRA, will have to be updated regularly. Ideally this list will need to be updated dynamically, taking into account any addition of a new vendor using trackers.


This is something ​​the Vendor Management and Monitoring solutions from Didomi allow users to manage. To learn more about vendor lists and why it matters to manage them properly, head to our article about the topic.


What’s next?


With these insights, how can you get ready for the data privacy challenges ahead in the United States? 2023 is coming up fast, and as data privacy regulations (and heavy fines) are starting to materialize, now is the time to make data privacy a priority. 


With a presence in 27 countries and over 45 languages, Didomi helps global enterprises make the right privacy decisions and deliver the best experience possible to their customers.  


To learn more about how we can help with your consent and preference management efforts, schedule some time with one of our experts today:


Talk to an expert