We exchanged emails for this interview and it has been slightly condensed and edited.
Marc Goldberg:Gary tell me about your work history?
Gary Kibel: When I graduated from Business School, I thought that was it in terms of my education. I went to work on Wall Street as an information technology professional in an Investment Bank. After spending late nights in a server room staring at the blue screen of death, I decided to go to law school (part time while working full time). Upon graduation, I started to work in technology law, and quickly moved into digital media, privacy and advertising law once I joined Davis & Gilbert. That was almost 20 years ago! It was the stone age of the digital media industry, so many of the deals I worked on established the standards going forward.
MG: D&G is a big firm, do you have any specialty?
GK: D&G has been around for over 115 years, and throughout most of its history has specialized in the marcom industry. While we are a full service law firm with typical corporate, litigation, labor/employment and real estate practices, I am a partner in a very unique group that does not exist at most law firms. Our practice group of approximately 30 attorneys focuses on day-to-day issues in this industry, including content creation, media buying, sweepstakes/promotions, intellectual property registration and licensing, union issues, music licensing, and basically any sort of consumer-facing issue you can think of. I help lead a group that focuses on digital media, privacy and data security; primarily in the marcom industry, but in many other industries as well.
MG: So Virginia is in the news…What is different about the new Virginia Law? Who is next?
GK: The new Virginia Consumer Data Protection Act (“CDPA”) is a big deal, in that it is the 2nd State in the U.S. with a comprehensive consumer privacy law. But they won’t be the last! The CDPA has elements similar to California’s CCPA and the EU’s GDPR, but does not match up perfectly with either law. It has an effective date of January 1, 2023, but companies should put compliance programs in place well in advance.
MG:So with the Virginia announcement, it seems that we are going to have a patchwork of laws or will we get a US law soon?
GK: I predict a growing patchwork before/if Congress steps in to make a consistent national standard. So that’s not good for the industry (but, uh, pretty good for privacy lawyers….).
So expect to see more states pass privacy laws, and then Congress will debate whether a national law will set the floor for all State privacy laws or will preempt all State privacy laws.
MG: Cookies are crumbling and Google’s announcement punched The Trade Desk in the belly with an instant 20% decrease. Do you think the burden of these laws is going to restrict overall spending in digital channels?
GK: The industry is definitely going to change, but I don’t think that necessarily means less spend. Folks will be trying to find what is the most effective method and channel for reaching consumers when older methods are closed off.
MG: I read a recent story that a retailer was charging more based on location data. If I go close to the store then I am more likely to pay more if I go online, the dynamic pricing is a great tool for online retailers but really designed to hurt the user. Isn’t this more important to address rather than getting served oh my gosh a targeted ad.
GK: Firstly, the CCPA specifically has language about not discriminating against consumers based upon the exercise of their rights, unless there is a direct relationship to the value of the data. That said, there’s no denying that data has value, and if businesses are not getting the value they expect from the data, you can expect there to be a reaction and changes.
MG: So location, Wifi/bluetooth, facial recognition all make our phones work. Is the law only designed to protect users by putting up a box to “inform” us and YES is our consent? How is this protecting users? Should we make clearer laws for specific actions ? Like you can’t use my location to price gouge me. You can’t listen to my conversation to sell me something. Again, right now, we are saying don’t serve me an AD!
GK: Consumers are inconsistent. If you asked consumers if they want to stop being tracked online by ad tech companies, they would say yes. If you asked the same consumers if they still want free services online (which are ad supported), they would also say yes. So we need to find the balance between a consumer’s reasonable privacy expectations and the ability of businesses to monetize their data in order to support free online services. You hear the privacy advocates on one side and the industry on the other side talking past each other, but there should be a compromise in the middle.
MG: We have IAB, TAG, ANA, MRC, all of these bodies to put structure and sense to digital advertising. An issue that I continue to see is that all of the companies that belong to these organizations are trying to play by the rules. The problem is…the amount of companies that don’t belong are doing the bad stuff. The underbelly of digital marketing is where a lot of bad stuff happens. The regulators focus on big companies while all of these folks break all of the rules. How do we make regulators focus on these types?
GK: Self-regulation has always been the industry’s way of keeping regulators and lawmakers at bay. If we can regulate ourselves, then you don’t need to pass new laws. However, I think we are well past that point. Lawmakers do not trust the industry and the growing cry for more privacy laws will not subside. So industry needs to have a voice in this debate and do its best to push for reasonable legislation, while respecting the concerns of lawmakers and privacy advocates. In doing so, the industry needs to do a better job of explaining how it works and its value to consumers. The vast majority of the industry is acting reasonably and just trying to gather data in order to deliver the right ad at the right time. But lawmakers see it differently. For example, Senator Ron Wyden spoke recently at the IAB’s annual leadership meeting and spoke of data brokers selling data to the U.S. Immigration and Customs Enforcement and other questionable activities. We in the industry know that such activities are not the core of the ad tech ecosystem, but that’s an impression that must be confronted.
MG: Your newsletter is great, What advice are you giving your clients, the free version Gary!
GK: The free version Gary? Well, you get what you pay for 🙂 Yes, send me an email at email@example.com to sign up for our digital media/privacy newsletters and event invitations. Most importantly piece of advice is to not put your head in the sand. Be proactive. Be critical when looking at your data collection and processing practices. Do your disclosures pass the smell test? Would your grandmother understand what you are doing? If not, fix your disclosures and/or your practices so that consumers are not surprised.
MG: How has the Pandemic changed the way you work?
GK: I haven’t had to get a pair of pants dry cleaned in a year. Shirts, yes. Pants? All secrets are safe on Zoom.
MG: Where are you going to dinner when you get back into the city?
GK: I’m going to Shake Shack behind Centerfield at Citifield so I can kill two birds with one stone. Have a good burger and watch my Mets (of course, I’ve been a Mets fan for a long time, so I know how that goes —