The Monopoly Report

Ben Isaacson, Founder of InHouse Privacy and longtime privacy attorney, joins the podcast to break down how California’s CPPA is reshaping the data broker landscape. From the DELETE Act and the drop mechanism to the broad definition of “sale” and “direct relationship,” Ben explains why ad tech, retail media, clean rooms, and even auto and smart TV companies may be in scope. He also shares what enforcement could look like in 2026, why smaller brokers may not survive, and the biggest misconception that continues to put companies at risk. Takeaways Ben Isaacson's journey into the privacy space began in 1995. The CCPA and CPRA have significantly influenced privacy regulations in California. Data brokers are now defined more broadly under California law. Ad tech companies must navigate complex compliance issues regarding data sharing. Retail media networks face challenges in adhering to data broker rules. Authorized agents may struggle with compliance as regulations evolve. The DELETE Act could lead to increased enforcement actions against data brokers. Misconceptions about data selling persist among companies. The future of data broker regulations may see more states adopting similar laws. Privacy by design is essential for companies to build trust with consumers. Chapters 00:00 Ben Isaacson’s privacy origin story and early internet lobbying 09:06 How CPPA enforcement is reshaping CCPA and CPRA 12:53 What California’s data broker definition really means 14:37 Why ad tech, DSPs, DMPs, and clean rooms may be in scope 17:42 Retail media networks and off platform monetization risk 26:26 The DELETE Act drop mechanism and 2026 enforcement timeline 29:02 Authorized agents and the rise of deletion services 38:06 The future of the data broker industry 41:15 The biggest misconception companies still believe about selling data Learn more about your ad choices. Visit megaphone.fm/adchoices

AI ethicist and governance pro Shoshana Rosenberg joins Alan Chapell to discuss how to build a framework for addressing the legal and regulatory risks involving AI. Given all the new AI and profiling rules flowing down into the ads space in 2026, Shoshana is exactly the person the ads space should be listening to right now. Pre-order Shoshana’s book “Practical AI Governance” here - www.practicalaigovernance.com Check out the Chapell Regulatory Insider here - https://chapellreport.substack.com/  Takeaways AI governance is less about compliance checklists and more about strategic oversight that prevents unseen liability. Digital agency means giving individuals context and control over how systems influence them. Post hoc explainability is insufficient because inference-driven systems are fundamentally probabilistic. Privacy Enhancing Technologies (PETs) can undermine marketplace trust when platforms utilizing PETs aren’t transparent about how they work and don’t allow advertisers to audit them.  Government procurement standards may drive AI accountability faster than direct regulation. Building on foundational AI models requires documenting what you add and controlling what you can evidence. The PRISM framework pushes teams beyond compliance toward structured ethical practice. Too many in the ad space are ignoring data and AI governance to their detriment. Chapters 00:00 Introduction and defining AI governance  01:09 Why AI governance is about strategy, not compliance  02:41 Shoshana’s path from engineer and Navy JAG to AI governance  05:22 Digital agency as a human right  09:13 What explainability should look like in advertising  11:23 The complexity of the ad tech ecosystem  13:25 Gaps in global AI regulation  17:06 Procurement and government contracting as enforcement levers  20:49 The tension between PETs and transparency  28:02 Agentic AI and worsening accountability gaps  29:30 Explainability by design by 2029  31:42 Practical guidance for little tech building with AI  35:11 The PRISM framework explained  38:43 Upcoming book and where to find Shoshana Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Chapell is joined by Professor Jess Miers, visiting assistant professor of the University of Akron School of Law. Jess and Alan discuss some of the inherent challenges around protecting kids on the internet, and how those challenges are increasingly leading policymakers to age verification as the solution. While Alan is curious to see how this approach plays out in Australia, both Jess and Alan are skeptical that age verification will be good for kids or privacy in general.  Professor Miers’ Bio: https://www.uakron.edu/law/faculty/directory/profile.dot?u=jmiers  Chapell Regulatory Insider: https://chapellreport.substack.com/  Takeaways Jess Miers’ career transitioned from policy work to academia, finding a place to express her views freely. Parents face significant challenges in monitoring their children's online activities. The impact of social media on youth mental health is complex and multifaceted. More and more places worldwide are turning to age verification.  The U.S. legal landscape regarding age verification is evolving and is currently impeded due to First Amendment concerns. Advertisers must navigate a nebulous landscape regarding content directed at minors. Data privacy and security concerns are heightened with age verification requirements. Education of both parents and children is essential in addressing online safety. While these issues haven’t squarely hit the ad space just yet, Alan thinks that the post-COPPA 1.0 world will hit the ad space hard. Chapters: 00:01 Welcome + where Jess is calling from  00:36 Policy to academia + why it fits  02:07 Viral CA testimony moment  04:52 What problem age verification is trying to solve  07:03 Youth harm evidence and why causality is nuanced  10:27 Australia: under-16 ban and early consequences  13:54 Europe/UK: “age assurance,” feature limits, and gating  16:37 US: First Amendment and shifting legal strategies  22:55 Why age verification is risky: anonymity + data honeypots  44:28 Where to find Jess + wrap; transcript ends Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Chapell is joined by Tom Kemp, the Executive Director of California's privacy regulator CalPrivacy, to discuss the launch of the DROP data deletion mechanism and California’s rules regarding the Global Privacy Control. While complimentary of California's efforts, Alan attempts to uplevel the discussion to talk more broadly about the larger public policy goals driving California's privacy regime. Tom Kemp's Bio: https://cppa.ca.gov/about_us/ Tom Kemp's Article: https://www.techpolicy.press/lets-make-privacy-easy/ Chapell Regulatory Insider: https://chapellreport.substack.com/ Takeaways CalPrivacy is the first independent agency focused on consumer privacy. The DROP system allows Californians to manage their privacy rights easily. Over 200,000 Californians signed up for the DROP system within a month of launch. Consumers are increasingly interested in privacy protections. The agency is addressing privacy harms, especially for vulnerable communities. Collaboration with other states is on the table a priority for CalPrivacy - particularly re: the DROP. Transparency in data practices is essential for consumer trust. The agency aims to balance innovation with privacy regulations. Authorized agents play a crucial role in helping consumers exercise their rights. Future regulations will focus on reducing friction for consumers.  Alan shares his thoughts on how CalPrivacy can better align its stated policy goals with outcomes Chapters 00:01 Intro and where Tom is calling from 01:04 What CalPrivacy is and Tom’s role 03:33 Why he took the job and his background 06:18 What’s still on the roadmap from “Let’s Make Privacy Easy” 08:18 What DROP is and how it works 11:05 Early adoption: 200,000+ signups 14:26 Privacy paradox and why “making it easy” matters 17:39 Other states showing interest in a DELETE Act model 20:41 Whether DROP could expand beyond California 23:04 Privacy harms and enforcement focus areas 31:14 Opt out preference signals (GPC/OOPS) and how they fit 37:11 Browser conflicts of interest and potential OOPS regs 41:23 Authorized agents and possible additional regulation 45:57 Defining “data broker” and who must register 54:57 Where to find CalPrivacy resources and closing Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Brendan Benedict joins Alan Chapell to talk about some of the recent civil antitrust complaints filed against Google by publishers including Penske, The Atlantic, McClatchy, Conde Nast, and Vox Media. With Judge Brinkema's remedies decision pending and a slew of other jurisdictions (e.g., EU, Canada) attempting to remedy Google's adtech practices, why are so many publishers and adtech companies jumping into the pool? Brendan Benedict may be found at: https://www.benedictlawgroup.com/brendan-benedict  The Chapell Regulatory Insider is available at: https://chapellreport.substack.com/ Takeaways The DOJ ruling gives private plaintiffs a head start on liability. These cases will mostly come down to damages calculations. Google avoided a jury, but the detailed opinion may make appeals harder. Remedies are likely behavioral, not divestiture. Statute of limitations could decide how far back damages go. Chapters 00:00 Intro & Guest Welcome 02:20 DOJ Remedies Decision Still Pending 06:20 Overview of Private Civil Lawsuits Against Google 07:05 Publisher Allegations 08:30 Damages Scale Discussion 10:05 DOJ Heavy Lifting for Private Plaintiffs 13:00 Case Consolidation & MDL Structure 15:25 Google Appeal Strategy 19:05 Duke Energy & “Monopoly Broth” Issue 21:45 Jury Trial Avoidance and Implications 23:45 Texas AG Case Expansion 26:00 Europe and Divestiture Pressure 29:05 Calculating Lost Revenue Damages 31:10 Statute of Limitations Debate 33:05 Settlement Likelihood & Bellwether Trials 39:20 FTC Meta Appeal Sidebar 48:10 Final Takeaways Summary 52:15 Closing & Upcoming Guest Preview Learn more about your ad choices. Visit megaphone.fm/adchoices

David LeDuc from the Network Advertising Initiative (NAI) sits down with host Alan Chapell to discuss the NAI's reinvention of its self-regulatory efforts in light of the influx of U.S. state privacy laws. They discuss what a good privacy law looks like, the challenges around finding the right balance, California's new Deletion tool, and the likelihood of a U.S. federal privacy law in the near term. More on David LeDuc and the NAI at https://thenai.org/about-the-nai-2/staff/ More on the Chapell Regulatory Insider at https://chapellreport.substack.com/ Takeaways The NAI has shifted from crafting self-regulatory rules to helping companies comply with complex state and federal privacy laws as enforcement accelerates. The California Delete Request and Opt-Out Platform (DROP) is likely the most impactful regulatory development for the ad space heading into 2026. Lumping third-party ad tech companies together with traditional data brokers may create regulatory confusion. Kids’ privacy is rapidly expanding beyond COPPA, creating major challenges for ad tech companies aound compliance given that most have no idea how to ascertain the age of a User. Enforcement sophistication and coordination among state attorneys general are increasing, changing the risk profile for companies that try to “keep their heads down” and do the minimum. Attempts to regulate AI indirectly through privacy and consumer protection laws are likely to continue as federal leadership stalls. Chapters 00:00 Welcome and episode overview 02:23 Who is David LeDuc and what is the NAI today 06:00 Are lobbyists really the problem 09:40 Kids’ data, age verification, and policy tensions 13:06 Educating regulators vs legislators 18:04 Ad tech vs data brokers 21:10 What does a “perfect” privacy law look like 30:27 California’s Delete Request and Opt-Out Platform 35:40 Global Privacy Control and browser obligations 39:25 AI regulation through privacy and consumer protection laws 44:20 Predictions for 2026 50:21 Where to find David and the NAI 52:10 – Final wrap-up Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Chapell is joined by Dr. Travis Hall - Director for State Engagement at the Center for Democracy & Technology (CDT), a nonpartisan organization focused on civil rights and liberties in the digital age. They talk about the ads space through a lens balancing consumer expectations with business interests and debate the merits of the private right of action. Travis Hall’s bio is available at https://cdt.org/staff/travis-hall/  Chapell Regulatory Insider is available at https://chapellreport.substack.com/ Takeaways: CDT focuses on a broad range of digital rights, not just privacy. Data minimization is essential for effective privacy laws. Consumer expectations often differ from actual online behavior. State privacy laws need strong enforcement mechanisms. The private right of action can drive regulatory change. Targeted advertising is an area of continued focus. Understanding technology is crucial for effective policymaking. Advocacy must balance user rights with industry needs. Collaboration between stakeholders is vital for progress. Historical context shapes current privacy advocacy efforts. Chapter: 00:00 Introduction and Personal Insights 01:18 Understanding the Center for Democracy and Technology 04:33 The Role of CDT in State Privacy Legislation 10:20 Consumer Expectations and Privacy Law 16:11 Elements of Effective State Privacy Laws 21:26 Challenges in Data Minimization Enforcement 24:27 The Impact of GDPR on Ad Tech 26:22 Enforcement Challenges in Digital Media 30:22 The Role of Private Right of Action 38:52 Improving Targeted Advertising Practices 46:02 Acknowledging the Tension in Data Practices Learn more about your ad choices. Visit megaphone.fm/adchoices

Professor Daphne Keller joins host Alan Chapell to discuss the implications of the EU Court of Justice decision in Russmedia - demonstrating that "breaking the Internet" is no longer solely the domain of pop stars like Taylor Swift. An expert in platform regulation and intermediary liability, Professor Keller explains how the CJEU's Russmedia decision poses significant challenges for companies operating in the digital media space in Europe. Daphne Keller's bio may be found at https://law.stanford.edu/daphne-keller/.  The Chapell regulatory outlook report may be found at https://chapellreport.substack.com/. Takeaways The Russmedia case shifts the EU rules on intermediary liability significantly. Intermediary liability laws aim to balance online safety, free speech, and innovation. The court's decision highlights a long-standing tension as between GDPR and the e-commerce directive. Platforms may now be considered joint controllers of user data under GDPR. Identifying harmful content at scale is a major challenge for platforms. The Russmedia case Chapters 00:00 Welcome and show premise 02:05 Daphne Keller and why Russmedia matters 04:00 Why intermediary liability shields exist 06:20 Distinction between Section 230 in the U.S. (absolute liability shield) and the EU notice and takedown regime under the e-commerce directive. 08:45 GDPRand right to be forgotten as background context. 11:00 Russmedia facts and Romanian state court path 13:45 Advocate General view processor vs controller 16:00 CJEU view as joint controllership is the lynchpin of the case. 23:30 Proactive checks and the general monitoring contradiction 34:40 What platforms can do now and the practical tradeoffs Learn more about your ad choices. Visit megaphone.fm/adchoices

Host Alan Chapell welcomes Commissioner Mark Meador of the Federal Trade Commission to talk about the future of conservative antitrust, the importance of protecting kids and the impact of the regulatory environment on the digital media marketplace. Commissioner Meador's bio can be found at https://www.ftc.gov/about-ftc/commissioners-staff/mark-r-meador. The Chapell Report can be found at https://chapellreport.substack.com/ Takeaways Privacy and online safety for children are top priorities for the FTC. The FTC is focused on tangible harms rather than ethereal issues. Antitrust enforcement has seen a bipartisan consensus on the need for more action. The FTC uses 6B studies to understand new markets and inform future regulations. Learning from past FTC experiences is crucial for effective enforcement. AI and deceptive claims are monitored under existing laws. Consumer choice is essential in a competitive marketplace. The FTC is committed to enforcing laws that protect children online. Regulatory actions should avoid creating unintended consequences. Chapters 00:00 FTC Priorities for 2026 03:53 Antitrust Focus and Challenges 07:50 Protecting Children Online 12:08 The Role of 6B Studies 15:54 Learning from Past FTC Experiences 19:41 Addressing AI and Deceptive Claims 23:43 Consumer Choice and Market Dynamics 27:43 Key Takeaways for Digital Media Stakeholders Learn more about your ad choices. Visit megaphone.fm/adchoices

Peter Craddock joins Alan Chapell to discuss the EU Digital Omnibus proposal - and debate the value of simplification of the digital privacy rules in Europe. Peter views these changes as pragmatic, while Alan is concerned that we’re trading in one set of ambiguities to another. More on Peter Craddock https://www.khlaw.com/people/peter-craddock. More on Alan's Regulatory Outlook Substack https://chapellreport.substack.com/welcome Takeaways Peter believes the Digital Omnibus changes are intended to add a layer of pragmatism to EU data protection law. The GDPR was designed to enshrine privacy as a fundamental right, but that doesn’t mean privacy should prevail over everything else. You also take into account other fundamental rights: fundamental right of information and freedom of expression. Chapters 00:00 Peter returns and sets the stage for what the EU Digital Omnibus is and why it exists. 04:20 How the proposal and Court of Justice rulings reshape the meaning of personal data for ad tech. 10:00 What pseudonymous companies can argue today under SRB and related cases. 15:40 Why ePrivacy consent rules still bite even if GDPR does not apply. 20:40 Browser-based consent controls and why industry expects pushback. 26:10 How regulators may respond, and why pragmatism is becoming more visible. 35:40 Legitimate interest for AI training versus consent for monetization. 41:00 Whether the changes help smaller players and what uncertainty remains. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Digital Omnibus proposal seeks to upend the EU data protection rules. In part 1 of our coverage, Alan Chapell chats with Dr Gabriela Zanfir-Fortuna of the Future of Privacy Forum about what's driving the Digital Omnibus, and whether it is likely to have a positive impact. More on Gabriela at https://fpf.org/person/dr-gabriela-zanfir-fortuna/. More on Alan's Substack at https://chapellreport.substack.com/. Takeaways The Digital Omnibus aims to simplify, reduce compliance burden and boost EU competitiveness, but may introduce new ambiguities and complexities.  Narrowing the definition of personal data could let some pseudonymous ad tech processing fall outside GDPR coverage. A browser level do not track style signal is proposed, yet timelines and technical feasibility remain uncertain given past failures and current standards backlogs. AI model training via legitimate interest raises difficult questions about privacy choices. Some EU regulators are likely to resist these shifts, meaning enforcement may stay privacy forward - creating a lack of certainty for those seeking to comply with these new rules.  Chapters 00:00 Alan introduces the show, the guest, and why the Digital Omnibus matters for GDPR and the AI Act. 03:40 Gabriela shares her privacy origin story and why privacy harms can be systemic, not just individual. 11:40 The pair unpack the Commission’s stated goals of simplification and competitiveness, and why Gabriela doubts the path. 17:00 They examine the proposed narrowed definition of personal data and the risk of fresh compliance confusion. 20:50 Discussion of a new consent revocation signal and the long road to workable standards. 26:40 A media services carve out is questioned, especially its impact on consent fatigue and digital ads. 32:00 Gabriela outlines the biggest AI related proposals, especially legitimate interest for training and use. 44:40 They predict regulator pushback and what that means for enforcement over the next decade. 50:30 Closing reflections on why the Omnibus may fail its simplification promise and what comes next. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Alan chats with Vermont State Representative Monique Priestley about her multi-year attempt to get a privacy law passed in the State of Vermont. They discuss Vermont's approach, what Monique has learned from the successes and failures of other state efforts, and what a "good" privacy law looks like.  Rep Priestley's bio may be found at: https://priestleyvt.com/about/ The discussion re: Private Rights of Action in Privacy Laws with Dr. Lauren Scholz is available at: https://www.youtube.com/live/RVb8xXWkYPQ?si=sb89gvUiT_WzKYsp&t=2448. My reaction to Dr. Scholz's testimony is available on my Substack at: https://chapell.substack.com/p/more-on-the-private-right-of-action Takeaways Lobbying pressure shapes privacy bills long before the public ever sees them. Consumer rights only work if people can actually enforce them. Data minimization is essential but difficult to regulate. Political campaigns are major contributors to data misuse. States struggle to keep definitions aligned as technology shifts. Chapters 00:00 Origin story of Rep. Priestley 03:15 How lobbying shapes privacy legislation 08:10 What a strong privacy law should include 13:20 Why data minimization is so complicated 18:45 The role of political campaigns in data abuses 24:30 Data brokers and updates, states are pushing 31:40 Authorized agents and deletion requests 36:30 How Vermont approaches sensitive data Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Butler from the Electronic Privacy Information Center (EPIC) joins Alan Chapell to discuss EPICs recent blog post critiquing the March 2025 decision of the French competition authority holding that Apple's App Tracking Transparency (ATT) is anti-competitive. This is a robust discussion pitting the views of the advocacy community against those of the business community... and demonstrating the tension that can sometimes exist between privacy and competition law.  The discussion referenced a number of articles and consumer research. Epic's blog post on ATT is at https://tinyurl.com/2avfss69 The French Competition decision is at https://tinyurl.com/27tav2dv Research from Columbia Univ is at https://tinyurl.com/399az6ht Research from USC is at https://tinyurl.com/55d76n87 Takeaways EPIC saw Apple’s App Tracking Transparency (ATT) as a rare, meaningful win for user privacy amid decades of unchecked data collection. Alan Butler draws a distinction as between first-party tracking and third-party behavioral tracking - a distinction that may be at odds with competition regulators such as the UK Competition and Markets Authority. Butler argued that consent pop-ups and CMPs are manipulative, not genuine privacy controls - Chapell agreed, but noted that Apple uses its own form of manipulation with ATT. European regulators viewed ATT as anti-competitive, but Butler said ATT rightly prioritizes user privacy over ad-tech interests. Chapell provided research suggesting that Apple's cohort tracking might not be as user-friendly as some advocates have suggested. Apple’s ad revenue growth in the wake of ATT raised competition and fairness concerns. Butler called for ad models that allow publisher sustainability without compromising user privacy. Chapters00:00 Introduction and EPIC’s role in privacy advocacy02:30 Apple’s App Tracking Transparency explained04:45 Ad-tech backlash and regulatory scrutiny in Europe06:15 First-party vs. third-party data use distinctions09:50 How tracking and profiling differ across contexts12:40 Consent mechanisms and why they fail users15:50 The “double consent” debate under EU law20:00 Competition concerns and privacy as a design choice24:30 Publisher monetization and skepticism of tracking’s value28:00 Intersection of privacy, competition, and market power31:30 Consumer understanding of ATT and tracking preferences34:00 Apple’s data use and the question of transparency37:00 Whether ATT unfairly advantages Apple41:00 Broader implications for competition and privacy balance45:30 Parity between ATT and consent systems discussed48:30 Closing reflections on privacy, fairness, and user control   Learn more about your ad choices. Visit megaphone.fm/adchoices

Cory Doctorow is a prolific writer of both fiction and non-fiction. His latest book is Enshittification: Why Everything Suddenly Went Wrong and What To Do About It. Cory and host Alan Chapell discuss the three stages of enshittification, its root causes, and the underlying social movement that is critical to addressing (and perhaps even reversing) its impact. Recognizing that they come at this from very different perspectives, Alan and Cory also go deep into some of the endemic challenges of the ads space while wrestling with pro's and con's of data minimization, contextual advertising and how to offer a private right of action to the enforcement of privacy laws.  Alan's Substack on CIPA the VPPA and anti-SLAPP laws is at https://chapell.substack.com/p/can-anti-slapp-save-ad-tech-from and should complement the discussion. Cory's bio is at ⁠https://craphound.com/bio/⁠ and you can find out more about his book Enshittification at ⁠https://tinyurl.com/y7u698a6⁠.  Takeaways Enshittification describes how digital platforms decay under monopoly power, shifting value from users to advertisers and then shareholders. Monopoly and weak regulation allow corporations to capture markets and regulators, eroding user rights and competition. Loss of interoperability and restrictive IP laws (like the DMCA) prevent users from fixing or improving technology. Privacy and data exploitation are central to tech monopolies’ power, stronger, simpler rules are needed over complex consent systems. Behavioral advertising should be replaced by contextual models to reduce surveillance and restore balance for publishers. Private right of action can help enforce privacy rights when regulators fail. Global antitrust movements in Europe, Canada, and Asia show more progress than the U.S. Coalition building across privacy, labor, and antitrust advocates is key to countering corporate concentration. Chapters00:00 Introduction and Enshittification explained04:20 How monopolies cause platform decay11:15 Market consolidation and regulatory capture13:30 Tech worker power and the loss of interoperability20:25 Key issues, privacy, competition, and IP27:25 Problems with consent-based privacy systems29:45 Case for banning behavioral advertising41:25 Enforcement and the role of private litigation51:00 Antitrust progress and shifting global momentum55:30 Building coalitions to fight tech monopolies Learn more about your ad choices. Visit megaphone.fm/adchoices

The care and feeding of a successful career - particularly in privacy or regulatory circles remains an under-discussed topic. Career coach Doug Miller joins Alan to discuss the changing role of the privacy pro over the past two decades and the challenges we all face as we try to juggle the goals of making an impact while finding happiness.  Takeaways Privacy executives must engage with the organization to change minds. Building alliances is crucial for effective privacy advocacy. It's important to connect with C-suite members beyond the CEO. Understanding product launch goals can align privacy initiatives. Strategic thinking is essential for future planning in organizations. The context of the industry influences product implementation. Collaboration across teams enhances privacy efforts. Privacy considerations should be integrated into product development. Long-term planning is vital for organizational success. Effective communication can bridge gaps in understanding privacy needs. Career burnout for privacy and regulatory pros is real - Doug shares a number of tips for career development.  Chapters00:00  Introduction & Evolution of Privacy  04:20  Early Privacy Careers & AOL Story  07:30  Mergers, Culture & Lessons Learned  09:20  Shifting from Reactive to Proactive Privacy  16:30  Convincing Leadership & Building Value  20:50  Career Growth, Burnout & Reinvention  38:40  Curiosity, Purpose & Closing Thoughts   Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Alan Chapell is joined by Connecticut State Senator James Maroney as the Senator shares the backstory regarding how he got involved in pushing for a privacy law in Connecticut, how those efforts are impacted by lobbying efforts, and how different states are collaborating to create the privacy and AI patchwork. The Senator also shares what's on his mind when it comes to future privacy and AI laws for Connecticut. The Senator's bio is available at https://www.senatedems.ct.gov/senator/james-maroney/bio" Takeaways Privacy policymaking often starts accidentally, not by design. Lobbying pressure remains the biggest barrier to passing strong privacy laws. Persistence and bipartisan cooperation helped Connecticut succeed after three years. The Global Privacy Control requirement made Connecticut a national privacy leader. Simplified opt-out processes improve user empowerment and enforcement. Consent fatigue weakens privacy protections; minimization is a better path. Broad definitions of personal data can discourage privacy innovation. Data brokers and AI oversight are the next frontiers in state privacy policy. Multi-state collaboration is reshaping privacy and AI governance in the U.S. Federal law should set a strong floor, not a ceiling, for privacy protections. Chapters 00:00 Introduction and Senator Maroney’s background 01:00 How privacy legislation found him 02:32 Early challenges and heavy lobbying resistance 05:04 Lessons from failed attempts and building allies 07:46 Adding the Global Privacy Control requirement 10:02 Balancing consent fatigue with real user protection 12:45 Defining personal vs. de-identified data 15:31 Strengthening Connecticut’s law through updates 17:47 Considering data broker oversight and the DELETE Act 20:31 Multi-state collaboration and AI policy efforts 23:45 Regulating sensitive data and consent standards 27:00 Authorized agents and consumer rights limits 31:02 Rulemaking challenges and avoiding patchwork laws 35:32 Federal preemption, enforcement, and private actions 40:30 Enforcement, lawsuits, and the search for balance 43:00 Closing remarks and UConn basketball predictions Learn more about your ad choices. Visit megaphone.fm/adchoices

Journalist Patrick McGee joins host Alan Chapell to discuss his book "Apple in China" as Alan draws additional pearls of wisdom from Patrick's work that can be used to guide everyone working in the digital media and regulatory world. From an in-depth discussion of geopolitics, a funny Seinfeld reference and (and a less funny one about Michael Moore) and important lessons for regulatory folks looking to hold your attention.... this is a great discussion. It's also helpful for everyone in the ads space to have a clear sense of Apple's motivations. You can buy Apple in China here - https://www.simonandschuster.com/books/Apple-in-China/Patrick-McGee/9781668053379 Takeaways Apple’s design-first philosophy thrived in China’s uniquely flexible manufacturing ecosystem. The partnership between Apple and China turned into a masterclass in innovation — and imitation “China speed” gave Apple unmatched production agility, but also trained future competitors. Apple underestimated how much intellectual property and know-how it was exporting. Patrick McGee frames Apple’s China story as both a business triumph and a geopolitical shift. Privacy remains central to Apple’s brand — but compromises in China tell a more complex story. The book reveals how Apple’s success fueled China’s tech dominance and influenced global policy. Regulatory lessons: even the biggest players can be blinded by their own success. Patrick’s storytelling turns a complex supply chain saga into an engaging, human narrative.Alan Chapell emphasizes that clear storytelling is key to making policy and economics resonate. Chapters 00:00 Introduction and Guest Welcome 00:52 The Premise Behind Apple in China 03:10 How Apple’s Design Culture Met China’s Flexibility 05:40 Training the Competition: The Hidden Cost of Outsourcing 08:15 “China Speed” and the Rise of Domestic Tech Rivals 12:20 Apple’s Privacy Paradox in the Chinese Market 15:05 Lessons for Regulators and Global Businesses 17:45 Storytelling as a Tool for Complex Topics 19:30 Reflections on Apple’s Future and Geopolitical Risks 21:00 Supporting Local Bookstores and Final Thoughts Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Chapell continues his discussion with Jon Leibowitz on some of the key regulatory issues raised from 2004 - 2013. This includes the investigation re: Google Buzz and Google's settlement of FTC charges it Misrepresented Privacy Assurances to Users of Apple's Safari Internet Browser (which Alan believes had a huge impact on Google's approach to probabilistic advertising). They also talk about the historical regulatory role of telecommunications companies vs edge providers like Google and Meta as well as a discussion of the ongoing antitrust cases Google is facing.  Takeaways First-party data has real limits; it isn’t a universal fix. The FTC’s Intel case shows antitrust can unlock competition (e.g., aiding Nvidia’s rise). Journalism’s sustainability is strained by dominant platforms; collective bargaining may help. Google’s 2012 Safari case (rooted in earlier Buzz issues) became a lasting privacy deterrent. Privacy enforcement reshaped ads, pushing platforms away from third-party data tactics. Structural vs. behavioral remedies: breakups are rare; well-designed conduct rules often carry the day. Chrome divestiture was viewed as overreach; Judge Mehta’s search remedies felt cautious. Consent fatigue is real; data minimization and retention limits may work better. Privacy trade-offs vary by socioeconomic context; one-size rules can entrench incumbents. The ad-supported web has eras: DoubleClick (’94–’03), Google’s ascent (’04–’13), then Big Tech dominance. Chapters 00:09 Introduction & episode setup; first-party data riff; sponsor note 02:06 Intel case lessons; exclusivity, APIs, and competition effects 04:02 Journalism town halls (2009–10); platforms, news economics, misinformation 08:54 Google Safari cookie-circumvention case; ties to Google Buzz order 12:30 Consent vs. probabilistic advertising; platform caution post-settlement 15:00 Privacy trade-offs across economic classe 15:50 Google Search remedies; amicus brief; Chrome divestiture debate 23:30 Remedies are hard: structural vs. behavioral; Microsoft as precedent 26:00 Post-FTC: privacy coalition with Mary Bono; telco vs. edge provider rules 29:31 Rulemaking hurdles (Mag-Moss); unrealized federal privacy push 30:27 Regulation can entrench incumbents; EU lessons for startups 32:01 Data minimization & retention over blanket consent 32:50 Closing: three eras of the ad-supported internet; subscribe CTA Learn more about your ad choices. Visit megaphone.fm/adchoices

Host Alan Chapell is joined by Jon Leibowitz, former chair of the FTC to discuss the Commission's impact on the digital media landscape from 2004 until 2013. In part 1 of the discussion, Chapell and Mr. Leibowitz talk about the FTC's COPPA rethink, the DNT standard, some early FTC attempts to rethink journalism, and some of the antitrust and privacy enforcements against big tech during his tenure. Jon Leibowitz' bio may be found here - https://en.wikipedia.org/wiki/Jon_Leibowitz.  Takeaways The FTC’s push for “Do Not Track” showed how hard it is to get industry consensus on privacy. Global Privacy Control may succeed where “Do Not Track” failed, as cookies phase out. COPPA’s update made pseudonymous data count as personal data, reshaping online advertising. Age verification measures create new risks, even while aiming to protect children. Industry self-regulation (like ad icons) fell short, with state laws setting stronger standards. The FTC’s “bully pulpit” speeches often influenced industry behavior more than enforcement. Google’s acquisitions (DoubleClick, AdMob, etc.) raised competition questions but were welcomed by much of the ad industry. The tension between innovation, regulation, and consumer protection continues to shape digital advertising. Chapters00:00 Introductions & Setting the Scene03:00 Achievements at the FTC: Early Digital Ad Regulation08:00 The Rise and Stall of “Do Not Track”15:00 Protecting Kids Online & COPPA’s Redefinition of Data24:00 Self-Regulation vs. State Regulation in Ads32:00 Antitrust and Google’s Expansion40:00 Closing Reflections on Innovation and Oversight Learn more about your ad choices. Visit megaphone.fm/adchoices

UK data protection pro Robert Bateman joins host Alan Chapell to discuss how the EU seems to be heading in the opposite direction than the U.S. as the CJEU narrows the definition of personal data ever so slightly. Robert also shares thoughts on a cookie consent consult taking place in the UK - and gives a prediction on the future of EU to U.S. cross-border transfers.  Takeaways The definition of personal data has evolved significantly since the GDPR. Pseudonymization is often misunderstood and oversold in its benefits. The SRB case clarified the relative nature of personal data definitions. ICO's consultation may lead to significant changes in cookie regulations. Cross-border data transfers are essential for the digital economy. The adequacy decision ensures data safety when transferring data to the US. Max Schrems' challenges have significantly impacted data transfer frameworks. The ICO's approach to enforcement may signal a shift in privacy regulations. The role of journalism is crucial in understanding and shaping data protection issues. Different perspectives in data protection can foster better dialogue and solutions. Chapters 00:00 Evolving Definitions of Personal Data 06:03 The SRB Case and Its Implications 11:45 Rethinking Privacy Regulations in the UK 17:59 Cross-Border Data Transfers and Their Importance 29:40 Challenges to the EU-US Data Privacy Framework 35:43 The Role of Journalism in Data Protection Learn more about your ad choices. Visit megaphone.fm/adchoices