I worked some in marketing and targeting modeling within retail finance.
From what I saw, the data privacy rules and client contracts are followed scrupulously, and infractions are noted and remediated. Encryption slowed us down at least 10X,and bureaucracy another 10X.
While frustrating at times, I appreciated that most if not all actually wanted to stay well within the legal guardrails.
Of course, this is one person's experience, and obviously can't apply to every company. Genie and cork, toothpaste, and all that.
What many companies do is they sprinkle some magic "anonymous" pixie dust on their data and then tons of laws no longer apply, even if the data is trivially identifiable stuff. And location data is often of that nature.
The will is there sometimes to attempt this, which is why following risk procedures is tied to performance ratings at better companies. Companies also delete data after specified time, as required by numerous legal entities.
And engage with third party matching services so that personally identifying information is salted and hashed until the print shop
Do you know whether there are actual audits happening by third parties?
I've never had anything to do with ad tech, but the (few) certification processes I've been involved with were largely documentation and "yes, we do have backups. no, unauthorized persons cannot access our servers" promises without anybody actually auditing/testing.
Do they have independent auditors regularly look at the tech and operation to verify that they actually do conform with the laws and don't just claim to?
Many. It represents a massive cost. Hence the emphasis on employee incentive to do the right thing in the first place.
Further, any time there is a broad news story (e.g. Wells Fargo's bogus accounts) or legal item in pipeline with broad impact, you can be assured every company looks to make sure they aren't in bad shape.
From what I saw, the data privacy rules and client contracts are followed scrupulously, and infractions are noted and remediated. Encryption slowed us down at least 10X,and bureaucracy another 10X.
While frustrating at times, I appreciated that most if not all actually wanted to stay well within the legal guardrails.
Of course, this is one person's experience, and obviously can't apply to every company. Genie and cork, toothpaste, and all that.