IAB Launches CJPP Compendium in Partnership with OneTrust and CookiePro

On July 22, 2021, IAB‘s Legal Affairs in partnership with OneTrust and BakerHostetler published a compendium outlining findings from its Cross Jurisdiction Privacy Project (CJPP). Initially, the project started off in 2020 by exploring the privacy laws of 11 countries around the world to determine how the different regulations and requirements apply to different advertising participants and the transactions they usually undertake. The ultimate end goal for the IAB Tech Lab is to take these findings and create a global string that IAB participants can use to communicate consent and preferences in a way that is compliant with multiple regions and jurisdictions.

Download the report: IAB Cross Jurisdiction Privacy Project Compendium

What’s in the IAB Cross Jurisdiction Privacy Project Compendium?

150 Lawyers from around the globe helped create the compendium along with OneTrust DataGuidance helping to identify specific requirements and BakerHostetler’s legal support and working groups.

The compendium’s ten chapters are detailed and you’ll gain insight into:

• The statutes, guidelines, and case law relevant to digital advertising activities; 
• Whether and when publishers’ and advertisers’ data processing activities trigger the extraterritorial reach (if any) of the privacy law; 
• Key privacy law definitions, including what it means to “collect” personal information and who (the publisher or ad tech company) is deemed to collect personal information when a publisher allows an ad tech company to integrate with its digital properties; 
• Whether pseudonymous identifiers, such as mobile advertising IDs, IP addresses, hashed email address, or publisher IDs, constitute personal information, either alone or in combination with other information about a data subject;  
• Data controller obligations, including the notice requirements for sharing personal information with third parties for advertising purposes, and the specific digital advertising activities or purposes that must be disclosed to data subjects; whether and what type of consent must be obtained for different types or uses of data; and the available legal bases for specific digital advertising activities; 
• The rights available to data subjects and which entities in the advertising chain must provide those rights; 
• Contractual requirements for processors to provide digital advertising services on behalf of data controllers, and the cross-border transfer limitations and obligations when ad tech data recipients are in a different jurisdiction;  
• Audit, accountability, data retention, and data protection officer requirements for parties in the ad-tech ecosystem; 
• The scope of liability for ad-tech companies for the collection activities of publishers and advertisers, and vice versa; and 
• Pending privacy bills and regulations that may change the digital advertising landscape if (or when) they go into effect. 

Additional CJPP Resources:

• OneTrust DataGuidance Resources: IAB Cross-Jurisdiction Privacy Project Compendium
• IAB Press Release: IAB Releases Cross-Jurisdiction Privacy Project Compendium and Legal Specifications 
• OneTrust DataGuidance Guidance Notes: Cookies & Similar Technologies 

CookiePro Supports

Watch CookiePro in action to see how we can help gather consent, comply with cookie regulations, provide a transparent user experience, and make trust a competitive advantage. Unlock a 5-minute pre-recorded demo, register for a live demo and webinar, or request a personalized 1:1 demo in our Demo Hub.