Episodes

  • Episode 62: The Future of Self-regulation in Digital Ad Privacy

    Episode 62: The Future of Self-regulation in Digital Ad Privacy
    Jan 21 2026
    David LeDuc from the Network Advertising Initiative (NAI) sits down with host Alan Chapell to discuss the NAI's reinvention of its self-regulatory efforts in light of the influx of U.S. state privacy laws. They discuss what a good privacy law looks like, the challenges around finding the right balance, California's new Deletion tool, and the likelihood of a U.S. federal privacy law in the near term. More on David LeDuc and the NAI at https://thenai.org/about-the-nai-2/staff/ More on the Chapell Regulatory Insider at https://chapellreport.substack.com/ Takeaways The NAI has shifted from crafting self-regulatory rules to helping companies comply with complex state and federal privacy laws as enforcement accelerates. The California Delete Request and Opt-Out Platform (DROP) is likely the most impactful regulatory development for the ad space heading into 2026. Lumping third-party ad tech companies together with traditional data brokers may create regulatory confusion. Kids’ privacy is rapidly expanding beyond COPPA, creating major challenges for ad tech companies aound compliance given that most have no idea how to ascertain the age of a User. Enforcement sophistication and coordination among state attorneys general are increasing, changing the risk profile for companies that try to “keep their heads down” and do the minimum. Attempts to regulate AI indirectly through privacy and consumer protection laws are likely to continue as federal leadership stalls. Chapters 00:00 Welcome and episode overview 02:23 Who is David LeDuc and what is the NAI today 06:00 Are lobbyists really the problem 09:40 Kids’ data, age verification, and policy tensions 13:06 Educating regulators vs legislators 18:04 Ad tech vs data brokers 21:10 What does a “perfect” privacy law look like 30:27 California’s Delete Request and Opt-Out Platform 35:40 Global Privacy Control and browser obligations 39:25 AI regulation through privacy and consumer protection laws 44:20 Predictions for 2026 50:21 Where to find David and the NAI 52:10 – Final wrap-up Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    54 mins
  • Episode 61: State Privacy Law from the POV of Civil Society w/Travis Hall of the CDT

    Episode 61: State Privacy Law from the POV of Civil Society w/Travis Hall of the CDT
    Jan 14 2026
    Alan Chapell is joined by Dr. Travis Hall - Director for State Engagement at the Center for Democracy & Technology (CDT), a nonpartisan organization focused on civil rights and liberties in the digital age. They talk about the ads space through a lens balancing consumer expectations with business interests and debate the merits of the private right of action. Travis Hall’s bio is available at https://cdt.org/staff/travis-hall/ Chapell Regulatory Insider is available at https://chapellreport.substack.com/ Takeaways: CDT focuses on a broad range of digital rights, not just privacy. Data minimization is essential for effective privacy laws. Consumer expectations often differ from actual online behavior. State privacy laws need strong enforcement mechanisms. The private right of action can drive regulatory change. Targeted advertising is an area of continued focus. Understanding technology is crucial for effective policymaking. Advocacy must balance user rights with industry needs. Collaboration between stakeholders is vital for progress. Historical context shapes current privacy advocacy efforts. Chapter: 00:00 Introduction and Personal Insights 01:18 Understanding the Center for Democracy and Technology 04:33 The Role of CDT in State Privacy Legislation 10:20 Consumer Expectations and Privacy Law 16:11 Elements of Effective State Privacy Laws 21:26 Challenges in Data Minimization Enforcement 24:27 The Impact of GDPR on Ad Tech 26:22 Enforcement Challenges in Digital Media 30:22 The Role of Private Right of Action 38:52 Improving Targeted Advertising Practices 46:02 Acknowledging the Tension in Data Practices Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    48 mins
  • Episode 60: Did the CJEU just break the Internet?

    Episode 60: Did the CJEU just break the Internet?
    Dec 24 2025
    Professor Daphne Keller joins host Alan Chapell to discuss the implications of the EU Court of Justice decision in Russmedia - demonstrating that "breaking the Internet" is no longer solely the domain of pop stars like Taylor Swift. An expert in platform regulation and intermediary liability, Professor Keller explains how the CJEU's Russmedia decision poses significant challenges for companies operating in the digital media space in Europe. Daphne Keller's bio may be found at https://law.stanford.edu/daphne-keller/. The Chapell regulatory outlook report may be found at https://chapellreport.substack.com/. Takeaways The Russmedia case shifts the EU rules on intermediary liability significantly. Intermediary liability laws aim to balance online safety, free speech, and innovation. The court's decision highlights a long-standing tension as between GDPR and the e-commerce directive. Platforms may now be considered joint controllers of user data under GDPR. Identifying harmful content at scale is a major challenge for platforms. The Russmedia case Chapters 00:00 Welcome and show premise 02:05 Daphne Keller and why Russmedia matters 04:00 Why intermediary liability shields exist 06:20 Distinction between Section 230 in the U.S. (absolute liability shield) and the EU notice and takedown regime under the e-commerce directive. 08:45 GDPRand right to be forgotten as background context. 11:00 Russmedia facts and Romanian state court path 13:45 Advocate General view processor vs controller 16:00 CJEU view as joint controllership is the lynchpin of the case. 23:30 Proactive checks and the general monitoring contradiction 34:40 What platforms can do now and the practical tradeoffs Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    39 mins
  • Episode 59: FTC Commissioner Mark Meador on Digital Media Regulatory

    Episode 59: FTC Commissioner Mark Meador on Digital Media Regulatory
    Dec 17 2025
    Host Alan Chapell welcomes Commissioner Mark Meador of the Federal Trade Commission to talk about the future of conservative antitrust, the importance of protecting kids and the impact of the regulatory environment on the digital media marketplace. Commissioner Meador's bio can be found at https://www.ftc.gov/about-ftc/commissioners-staff/mark-r-meador. The Chapell Report can be found at https://chapellreport.substack.com/ Takeaways Privacy and online safety for children are top priorities for the FTC. The FTC is focused on tangible harms rather than ethereal issues. Antitrust enforcement has seen a bipartisan consensus on the need for more action. The FTC uses 6B studies to understand new markets and inform future regulations. Learning from past FTC experiences is crucial for effective enforcement. AI and deceptive claims are monitored under existing laws. Consumer choice is essential in a competitive marketplace. The FTC is committed to enforcing laws that protect children online. Regulatory actions should avoid creating unintended consequences. Chapters 00:00 FTC Priorities for 2026 03:53 Antitrust Focus and Challenges 07:50 Protecting Children Online 12:08 The Role of 6B Studies 15:54 Learning from Past FTC Experiences 19:41 Addressing AI and Deceptive Claims 23:43 Consumer Choice and Market Dynamics 27:43 Key Takeaways for Digital Media Stakeholders Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    38 mins
  • Episode 58: The EU Digital Omnibus, Part 2: With Peter Craddock

    Episode 58: The EU Digital Omnibus, Part 2: With Peter Craddock
    Dec 10 2025
    Peter Craddock joins Alan Chapell to discuss the EU Digital Omnibus proposal - and debate the value of simplification of the digital privacy rules in Europe. Peter views these changes as pragmatic, while Alan is concerned that we’re trading in one set of ambiguities to another. More on Peter Craddock https://www.khlaw.com/people/peter-craddock. More on Alan's Regulatory Outlook Substack https://chapellreport.substack.com/welcome Takeaways Peter believes the Digital Omnibus changes are intended to add a layer of pragmatism to EU data protection law. The GDPR was designed to enshrine privacy as a fundamental right, but that doesn’t mean privacy should prevail over everything else. You also take into account other fundamental rights: fundamental right of information and freedom of expression. Chapters 00:00 Peter returns and sets the stage for what the EU Digital Omnibus is and why it exists. 04:20 How the proposal and Court of Justice rulings reshape the meaning of personal data for ad tech. 10:00 What pseudonymous companies can argue today under SRB and related cases. 15:40 Why ePrivacy consent rules still bite even if GDPR does not apply. 20:40 Browser-based consent controls and why industry expects pushback. 26:10 How regulators may respond, and why pragmatism is becoming more visible. 35:40 Legitimate interest for AI training versus consent for monetization. 41:00 Whether the changes help smaller players and what uncertainty remains. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    51 mins
  • Episode 57: The EU Digital Omnibus with Dr. Gabriela Zanfir-Fortuna

    Episode 57: The EU Digital Omnibus with Dr. Gabriela Zanfir-Fortuna
    Dec 3 2025
    The Digital Omnibus proposal seeks to upend the EU data protection rules. In part 1 of our coverage, Alan Chapell chats with Dr Gabriela Zanfir-Fortuna of the Future of Privacy Forum about what's driving the Digital Omnibus, and whether it is likely to have a positive impact. More on Gabriela at https://fpf.org/person/dr-gabriela-zanfir-fortuna/. More on Alan's Substack at https://chapellreport.substack.com/. Takeaways The Digital Omnibus aims to simplify, reduce compliance burden and boost EU competitiveness, but may introduce new ambiguities and complexities. Narrowing the definition of personal data could let some pseudonymous ad tech processing fall outside GDPR coverage. A browser level do not track style signal is proposed, yet timelines and technical feasibility remain uncertain given past failures and current standards backlogs. AI model training via legitimate interest raises difficult questions about privacy choices. Some EU regulators are likely to resist these shifts, meaning enforcement may stay privacy forward - creating a lack of certainty for those seeking to comply with these new rules. Chapters 00:00 Alan introduces the show, the guest, and why the Digital Omnibus matters for GDPR and the AI Act. 03:40 Gabriela shares her privacy origin story and why privacy harms can be systemic, not just individual. 11:40 The pair unpack the Commission’s stated goals of simplification and competitiveness, and why Gabriela doubts the path. 17:00 They examine the proposed narrowed definition of personal data and the risk of fresh compliance confusion. 20:50 Discussion of a new consent revocation signal and the long road to workable standards. 26:40 A media services carve out is questioned, especially its impact on consent fatigue and digital ads. 32:00 Gabriela outlines the biggest AI related proposals, especially legitimate interest for training and use. 44:40 They predict regulator pushback and what that means for enforcement over the next decade. 50:30 Closing reflections on why the Omnibus may fail its simplification promise and what comes next. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    52 mins
  • Episode 56: The People of Vermont want privacy too!

    Episode 56: The People of Vermont want privacy too!
    Nov 19 2025
    In this episode, Alan chats with Vermont State Representative Monique Priestley about her multi-year attempt to get a privacy law passed in the State of Vermont. They discuss Vermont's approach, what Monique has learned from the successes and failures of other state efforts, and what a "good" privacy law looks like. Rep Priestley's bio may be found at: https://priestleyvt.com/about/ The discussion re: Private Rights of Action in Privacy Laws with Dr. Lauren Scholz is available at: https://www.youtube.com/live/RVb8xXWkYPQ?si=sb89gvUiT_WzKYsp&t=2448. My reaction to Dr. Scholz's testimony is available on my Substack at: https://chapell.substack.com/p/more-on-the-private-right-of-action Takeaways Lobbying pressure shapes privacy bills long before the public ever sees them. Consumer rights only work if people can actually enforce them. Data minimization is essential but difficult to regulate. Political campaigns are major contributors to data misuse. States struggle to keep definitions aligned as technology shifts. Chapters 00:00 Origin story of Rep. Priestley 03:15 How lobbying shapes privacy legislation 08:10 What a strong privacy law should include 13:20 Why data minimization is so complicated 18:45 The role of political campaigns in data abuses 24:30 Data brokers and updates, states are pushing 31:40 Authorized agents and deletion requests 36:30 How Vermont approaches sensitive data Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    40 mins
  • Episode 55: A truly EPIC discussion about Apple ATT

    Episode 55: A truly EPIC discussion about Apple ATT
    Nov 12 2025
    Alan Butler from the Electronic Privacy Information Center (EPIC) joins Alan Chapell to discuss EPICs recent blog post critiquing the March 2025 decision of the French competition authority holding that Apple's App Tracking Transparency (ATT) is anti-competitive. This is a robust discussion pitting the views of the advocacy community against those of the business community... and demonstrating the tension that can sometimes exist between privacy and competition law. The discussion referenced a number of articles and consumer research. Epic's blog post on ATT is at https://tinyurl.com/2avfss69 The French Competition decision is at https://tinyurl.com/27tav2dv Research from Columbia Univ is at https://tinyurl.com/399az6ht Research from USC is at https://tinyurl.com/55d76n87 Takeaways EPIC saw Apple’s App Tracking Transparency (ATT) as a rare, meaningful win for user privacy amid decades of unchecked data collection. Alan Butler draws a distinction as between first-party tracking and third-party behavioral tracking - a distinction that may be at odds with competition regulators such as the UK Competition and Markets Authority. Butler argued that consent pop-ups and CMPs are manipulative, not genuine privacy controls - Chapell agreed, but noted that Apple uses its own form of manipulation with ATT. European regulators viewed ATT as anti-competitive, but Butler said ATT rightly prioritizes user privacy over ad-tech interests. Chapell provided research suggesting that Apple's cohort tracking might not be as user-friendly as some advocates have suggested. Apple’s ad revenue growth in the wake of ATT raised competition and fairness concerns. Butler called for ad models that allow publisher sustainability without compromising user privacy. Chapters00:00 Introduction and EPIC’s role in privacy advocacy02:30 Apple’s App Tracking Transparency explained04:45 Ad-tech backlash and regulatory scrutiny in Europe06:15 First-party vs. third-party data use distinctions09:50 How tracking and profiling differ across contexts12:40 Consent mechanisms and why they fail users15:50 The “double consent” debate under EU law20:00 Competition concerns and privacy as a design choice24:30 Publisher monetization and skepticism of tracking’s value28:00 Intersection of privacy, competition, and market power31:30 Consumer understanding of ATT and tracking preferences34:00 Apple’s data use and the question of transparency37:00 Whether ATT unfairly advantages Apple41:00 Broader implications for competition and privacy balance45:30 Parity between ATT and consent systems discussed48:30 Closing reflections on privacy, fairness, and user control Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    54 mins