Vault JS

Thank you so much to everyone who came out to the IAB Public Policy and Legal Summit in DC this week! We were honored to be a principal sponsor of this event. Our CEO, Josh Manion, had a session with Andrew Tobel, Assistant General Counsel, IAB, on the need for organizations to view compliance requirements as auditable proof, not just processes in place. It was a great time with the team out on the east coast, having conversations on the floor on the moving landscape when it comes to digital tracking, compliance, and how companies can stay ahead. Stay tuned for more insights from the event! #iab

California regulators have moved beyond privacy policies and consent banners. In the Healthline ($1.55M), Tractor Supply ($1.35M), and Todd Snyder ($345K) enforcement actions, they requested and reviewed actual vendor contracts, and found the terms insufficient. The IAB's response: the most significant revision to its Multi-State Privacy Agreement since launch. The Fifth Amended MSPA takes effect June 2, 2026, with provisions designed specifically for advertisers managing data disclosures across the ad tech supply chain. We broke down what changed, why it changed, and what privacy and compliance teams should evaluate now. Read the full blog at https://lnkd.in/eQUJvBmf. #IAB #MSPA #CCPA #DataPrivacy

Don't miss our upcoming webinar with Tripadvisor! 🗓️ Date: Wednesday, April 15 🕰️ Time: 11 ET (8 AM PT | 4 PM BST) The team responsible for your privacy policy is rarely the same team deploying the tools that create compliance obligations, and Tripadvisor's Director, Legal & DPO and Head of Data Engineering are joining us to share how they bridge that gap. Legal owns the regulatory interpretation, but IT, data engineering, marketing, and product teams each make choices daily that carry compliance implications. ☑️ A new tracking pixel is a privacy event. ☑️ A data pipeline feeding an AI model is a PIA trigger. ☑️ A vendor migration can invalidate consent management configurations. When there is no structured framework connecting these decisions back to the compliance function, the gaps tend to surface externally first. In our upcoming webinar, we will dig into the coordination challenge, specifically: 💡 How to map governance responsibilities across legal, IT, data, and marketing teams without creating new bottlenecks. 💡 Where cross-functional gaps most commonly create compliance exposure, and what the early warning signs look like. 💡 What Tripadvisor has learned about coordinating data governance at scale, from the perspectives of both their DPO and their Head of Data Engineering. Featuring Vanessa McKay (Director, Legal and DPO, Tripadvisor), Sarah Manning (Senior Director, Head of Data Engineering, Tripadvisor), and our Co-Founder Julie Oberweis. Save your spot today at https://lnkd.in/evvciKBr.

We are excited to be a co-principal sponsor for the IAB Public Policy & Legal Summit in DC on March 31! If you're going to be there, don't miss Breakout Session A with our CEO, Josh Manion, and IAB Assistant General Counsel, Andrew Tobel on "Controls that Count: Turning Privacy Requirements into Executable, Auditable Proof". The key takeaways from this session will be as follows: 1️⃣ A practical, control-based framework for turning privacy requirements into auditable, regulator-grade evidence your organization can actually deploy. 2️⃣ A working understanding of how to automate GPP string verification and MSPA compliance documentation across your ad tech stack. 3️⃣ A repeatable approach to automated vendor data mapping for onboarding and data protection assessments. Looking forward to seeing everyone there! #iab #dataprivacy #ccpa

In 2025, CIPA class action settlements tied to common tracking pixels exceeded $196 million. CalPrivacy issued its largest fine to date over opt-out mechanisms that didn't actually stop data sharing. And a misconfigured Google Analytics setup exposed the health data of 4.7 million people for nearly three years before anyone caught it. These outcomes share a common thread: regulators and plaintiff's counsel now build enforcement cases by capturing live network traffic, testing consent flows, and analyzing what tracking technologies actually do in production. This has made two trends for 2026 quite clear. Vendor questionnaires and periodic audits cannot keep pace with dynamic code execution. Consent platforms alone cannot close the gap between configuration and real-world behavior. We put together a white paper that maps this gap at enterprise scale. It covers the enforcement methods driving nine-figure exposure, why the observability problem is structural rather than procedural, and what the 2025 enforcement patterns tell us about where compliance risk is headed next. If you’re looking to take the next step with your compliance program and understand the greater context around these enforcement actions, download the white paper today at https://lnkd.in/egqH9pBR. #DataPrivacy #CIPA #CCPA #GDPR

Most data governance programs were built when the work lived in one or two departments, and Tripadvisor's compliance and data engineering leaders are joining us to talk about what happens when that is no longer the case. Date: April 15 Time: 11 AM EST (8 AM PST | 4 PM BST) RoPA workflows now require input from IT, marketing, data engineering, and legal - just to name a few. Cookie compliance has shifted from a CMP configuration exercise to an ongoing technical enforcement challenge. AI governance is arriving on top of all of it, with few established playbooks. The organizations navigating this well are not adding more checkboxes. They are restructuring governance to generate operational value across every one of these areas. Here is what we will cover: ✅ Why governance programs structured around a single department are increasingly exposed as compliance obligations span more teams and more technologies. ✅ How Vendor due diligence, RoPA and PIA processes can surface operational intelligence, not just satisfy regulatory requirements. ✅ Where AI governance fits into existing privacy frameworks, and where it requires entirely new approaches. ✅ What cross-functional coordination looks like in practice, from legal strategy to data infrastructure. Featuring Tripadvisor's Vanessa McKay (Director, Legal, DPO) and Sarah Manning (Senior Director, Head of Data Engineering), alongside our COO and Co-Founder Julie Oberweis, CFA, CIPP/US. Save your spot today at https://lnkd.in/e2TUiPf7. #DataGovernance #DataPrivacy #PrivacyByDesign #AIGovernance

By 2025, European regulators stopped evaluating privacy policies alone and started evaluating systems. The enforcement data tells a clear story: 1️⃣ A €479M ruling that turned GDPR non-compliance into an unfair competition claim. 2️⃣ A €45M fine that dismantled the "vendor defense." 3️⃣ Security baselines that now treat missing MFA as structural negligence. We analyzed the major GDPR enforcement trends from 2025 and what they mean for enterprise compliance heading into 2026. Check out the full blog to learn more about what this means for your organization at https://lnkd.in/enJNuuYs #GDPR #DataProtection #DataGovernance

Three new state privacy laws went live on January 1. Cure periods are expiring in Delaware, Montana, and New Jersey. California's DELETE Act platform is now accepting requests. And that's just the first half of 2026. We mapped out the full landscape: new laws, enforcement acceleration, the widening consent model divide, and what it means operationally for privacy teams managing compliance across a dozen or more jurisdictions. Check out the full blog to learn more at https://lnkd.in/ejTDvCnN. #Privacy #DataPrivacy #Compliance #CCPA #ConsentManagement

The 2026 Winter Olympics and the Annual Privacy Summit, hosted by the California Lawyers Association, ended the same week. Different venues. Similar lesson. Performance is about the quiet, operational discipline that shows up when someone is watching. At the Summit, regulators from California, Maryland, Oregon, New Jersey, and Colorado outlined where enforcement is heading. The short version: coordinated, detail-oriented, and focused on whether your systems do what your documentation says they do. Our Co-Founder and COO Julie Oberweis, CFA, CIPP/US broke down the three most relevant takeaways for privacy teams. Read the article to learn more!