During my tenure at Freestar, the only real constant I’ve seen in digital advertising is change. Specifically, one of the biggest disruptors for publishers has been the evolving patchwork of privacy laws. 

A year ago, there were only nine US state privacy laws. Today, there are 20, with more planned – not to mention the potential for federal laws in the future. At Freestar, we work closely with our publisher partners to help them stay ahead of these changes – from regulatory shifts to enforcement actions that can impact revenue and audience trust.

A constantly evolving landscape

The fact that state privacy regulations have more than doubled in the last twelve months doesn’t do enough to illustrate the depth of the problem. The bigger issue is that each state has created its own version of consumer protection legislation – with its own thresholds, requirements, and in some cases, beneficial carve-outs. In turn, this creates new demands on tech stacks, legal oversight, and partner integrations.

For example, while some state laws allow for an entity-level exemption for certain businesses, completely exempting the business from the state’s privacy laws, others only provide a data-level exemption, meaning only specific types of data are exempt. This mixture of different exemption types is a major reason why compliance for a single business can vary drastically from state to state.

It would be easy if everyone just replicated California’s initial CCPA, but they didn’t. Instead, many new state laws, while sharing commonalities, have introduced their own unique requirements, such as Maryland’s ‘strictly necessary’ data minimization standard for sensitive data, or the right to opt out of profiling in Minnesota. So every time a new state privacy law is announced, there’s a whole new set of hoops to jump through.

For publishers operating globally, the challenge is even bigger. You’re not just dealing with US state laws, you’re also managing GDPR (General Data Protection Regulation) compliance for European traffic, and potentially more international regulations depending on your audience. And so the burden to keep up feels never-ending.

Why ‘set it and forget it’ doesn’t work

Publishers might be forgiven for thinking that once they have compliance measures in place, they can sit back and relax – but many have already learned this lesson the hard way. Compliance missteps can lead to enforcement actions, reputational damage, or lost demand from buyers. 

We’ve seen how even minor misconfigurations can trigger audits from the likes of the UK’s ICO (Information Commissioner’s Office). These actions often stem from a failure to meet fundamental legal requirements, such as obtaining proper consent and honoring consumer signals like Global Privacy Control (GPC). And it’s becoming extremely easy for authorities to track down violations, for example using automated cookie crawlers to check for compliance. 

The key here is that most of the violations – e.g., cookies firing when users select ‘reject all’; cookies firing before users make a consent choice; or incorrect consent management platform configurations – are easily prevented.

In the past, implementing automated tools like OneTrust was usually enough to meet the requirements, but today, how they are configured is equally as important. Proper configuration is critical because publishers remain legally responsible for their vendors’ tools and the consumer rights they are meant to operationalize. That’s why we offer proactive compliance audits and real-time platform configuration support as standard, so our publisher partners don’t fall into easily avoidable traps.

Putting a proper privacy process in place 

For publishers juggling multiple adtech partners and consent platforms, building a privacy-first monetization strategy can feel daunting. Our data privacy team acts as a strategic partner, advising on the most efficient and compliant path forward.

A core part of this process involves identifying the proper legal basis for each type of data processing, such as user consent or ‘legitimate interests’, to avoid unnecessary restrictions in UK and European markets.

For example, if you’re operating in UK or European markets, the options for cookies are well established – accept all, reject all, and manage preferences – with limited flexibility outside of that framework.

Beyond the legal basis for processing, a robust UK/EU privacy process must also operationalize all data subject rights, including the right to access, rectification, right to be forgotten, and data portability. 

For the state-specific laws in the US, there is more flexibility in how you configure your consent management platform. California’s CCPA and CPRA now mandate very similar standards to those the GDPR brought about. And there’s a good business case for establishing federal regulations, which would bring everything under one set of standards.

Beyond consent management, compliance with laws like the CCPA/CPRA, the Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act (CPA) requires providing clear mechanisms for consumers to exercise rights like ‘Do Not Sell or Share’ and ‘Limit the Use of Sensitive Personal Information’.

Future-proofing your approach

To protect ad revenue and reduce legal exposure, publishers need consistent, scalable frameworks. Freestar has built its approach around standards like the TCF (Transparency and Consent Framework) for UK and EU markets, and the GPP (Global Privacy Platform) String for North America – while staying flexible enough to pivot as interpretations evolve. 

For example, recent European court decisions have raised questions about how consent strings should be handled, signalling a shift in the global landscape. At Freestar, we help our partners maintain compliance with current applicable standards while keeping an eye on the horizon to understand what’s coming up. So if a particular way of processing or analyzing data is deemed no longer compliant with evolving rules, we can pivot and look at other options. The key is being agile while maintaining reliability for our publisher partners.

The advance of AI technology has also added a new layer of complexity to the privacy landscape. Now that an LLM (Large Language Model) can manage personal data processing, it’s becoming harder to know exactly what’s happening with what data without the right structures in place – so it’s important to work with a partner who is on top of the latest developments in adtech, and specifically, AI and machine learning. 

As privacy regulations and AI continue to reshape digital advertising, publishers don’t need to go it alone. Freestar’s unique position as a leading SSP and privacy expert means we’re not just reacting to changes – we’re helping publishers future-proof their monetization strategies through proactive guidance, tooling, and agile implementation.

Related Posts

No Tricks, Just Treats: How Freestar Scares Away Bad Ads

No Tricks, Just Treats: How Freestar Scares Away Bad Ads

October 23, 2025
Freestar Partners with Ad-Shield to Recapture Revenue from “Dark Traffic” — Lost to a New Generation of Ad Blockers

Freestar Partners with Ad-Shield to Recapture Revenue from “Dark Traffic” — Lost to a New Generation of Ad Blockers

October 21, 2025
Unlocking Ad Dollars: A Publisher’s Guide to Q4 Monetization

Unlocking Ad Dollars: A Publisher’s Guide to Q4 Monetization

September 23, 2025
How our ‘Publisher-First’ Mindset Shapes Engineering at Freestar

How our ‘Publisher-First’ Mindset Shapes Engineering at Freestar

September 4, 2025