The Monopoly Report

Allison Schiff, managing editor at AdExchanger who covers privacy and ad tech, joins to unpack industry tensions around surveillance advertising and recent DHS interest. She discusses why companies stay silent, how incentives shape behavior more than ethics, the limits of regulation on location and sensitive data, and which forces might actually push reform.

Tony Katsur, CEO of IAB Tech Lab, joins Alan Chapell to unpack the rise of agentic AI and its impact on privacy and data governance. They explore why current approaches fall short and how the industry risks repeating past mistakes. The discussion breaks down vector embeddings and how they enable data matching without exposing raw user information. They also examine ongoing challenges around compliance, consent, and data deletion in AI-driven systems. Finally, the episode covers AI content marketplaces and how frameworks like COMP aim to bring structure, transparency, and fair compensation to publishers. The Chapell Regulatory Insider may be found here: https://chapellreport.substack.com/ Takeaways Agentic AI brings powerful automation but risks repeating past privacy failures without strong governance frameworks in place. Existing privacy standards like TCF and GPP can be embedded into agentic systems but need further evolution and enforcement. Vector embeddings enable privacy-conscious data matching by comparing similarity rather than sharing raw data. Data deletion and compliance remain unresolved challenges when user data is embedded into AI models or vectors. Audit, attestation, and accountability mechanisms are critical to prevent misuse and misrepresentation in agentic ecosystems. AI content marketplaces require structured licensing frameworks like COMP to support fair compensation and transparency. Tokenization of content could improve tracking, attribution, and source-of-truth verification for publishers and brands. The industry is still early in agentic development and must slow down to build privacy-first foundations. Chapters 00:00 Intro and discussion on agentic AI hype vs reality 01:12 Why privacy is missing from the agentic AI conversation 03:34 Challenges with DSARs and scaling privacy compliance 05:08 Existing privacy frameworks and how they apply to agentic systems 07:44 The role of privacy taxonomy and data classification 12:38 Explaining vector embeddings and privacy-safe data matching 18:30 Compliance challenges with embeddings and data transparency 24:26 Agent registry and identity verification in agentic systems 30:54 AI content marketplaces and the COMP framework 35:24 COMP vs RSL and licensing models 38:15 Content tracking, tokenization, and transparency challenges 42:48 The future of AI content marketplaces 44:38 Why industry participation in Tech Lab is critical Learn more about your ad choices. Visit megaphone.fm/adchoices

Sheila Colclasure joins host Alan Chapell to discuss some key lessons learned in a career that included significant privacy, AI and data governance roles at Acxiom and IPG. Sheila shares what inspired her to coin the term “March Fairness” as well as a few secrets on how to influence senior decision-makers on privacy and data governance issues. You can find the Chapell Regulatory Insider at https://chapellreport.substack.com/ Takeaways Sheila's journey into privacy began in 1997 at Axiom. Building a culture of privacy is essential for success. Documentation is crucial for privacy and AI governance. Words matter in privacy and AI governance discussions.. Data brokers play a vital role in the information services industry. Regulatory scrutiny on data brokers has evolved over the years. March Fairness highlights the importance of fairness in data usage. AI presents new challenges and opportunities for privacy. Understanding corporate strategy is key for privacy professionals. Sensitive data should generally be avoided in advertising use cases. Chapters 00:00 Introduction to Sheila Colclasure and the evolution of privacy governance. 02:00 Sheila’s privacy origin story and early work building Acxiom’s governance program. 04:20 Lessons from auditing data sources and creating ethical data sourcing standards. 09:20 Why documentation and governance discipline matter in privacy programs. 11:00 Building a digital responsibility framework across dozens of agencies at IPG. 17:30 The evolving debate around data brokers and regulatory scrutiny. 26:00 The concept of “March Fairness” and applying fairness to data governance. 30:30 AI, governance challenges, and the coming impact of quantum computing. 41:30 Career advice for privacy professionals Learn more about your ad choices. Visit megaphone.fm/adchoices

Ben Isaacson, privacy attorney and founder of InHouse Privacy with 25+ years in the field, explains how California’s laws recast who counts as a data broker. He covers why ad tech, retail media, clean rooms, smart TVs, and autos may fall under new rules. He also walks through the DELETE Act drop mechanism, the 2026 enforcement outlook, and why many companies misunderstand what counts as selling data.

AI ethicist and governance pro Shoshana Rosenberg joins Alan Chapell to discuss how to build a framework for addressing the legal and regulatory risks involving AI. Given all the new AI and profiling rules flowing down into the ads space in 2026, Shoshana is exactly the person the ads space should be listening to right now. Pre-order Shoshana’s book “Practical AI Governance” here - www.practicalaigovernance.com Check out the Chapell Regulatory Insider here - https://chapellreport.substack.com/  Takeaways AI governance is less about compliance checklists and more about strategic oversight that prevents unseen liability. Digital agency means giving individuals context and control over how systems influence them. Post hoc explainability is insufficient because inference-driven systems are fundamentally probabilistic. Privacy Enhancing Technologies (PETs) can undermine marketplace trust when platforms utilizing PETs aren’t transparent about how they work and don’t allow advertisers to audit them.  Government procurement standards may drive AI accountability faster than direct regulation. Building on foundational AI models requires documenting what you add and controlling what you can evidence. The PRISM framework pushes teams beyond compliance toward structured ethical practice. Too many in the ad space are ignoring data and AI governance to their detriment. Chapters 00:00 Introduction and defining AI governance  01:09 Why AI governance is about strategy, not compliance  02:41 Shoshana’s path from engineer and Navy JAG to AI governance  05:22 Digital agency as a human right  09:13 What explainability should look like in advertising  11:23 The complexity of the ad tech ecosystem  13:25 Gaps in global AI regulation  17:06 Procurement and government contracting as enforcement levers  20:49 The tension between PETs and transparency  28:02 Agentic AI and worsening accountability gaps  29:30 Explainability by design by 2029  31:42 Practical guidance for little tech building with AI  35:11 The PRISM framework explained  38:43 Upcoming book and where to find Shoshana Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Chapell is joined by Professor Jess Miers, visiting assistant professor of the University of Akron School of Law. Jess and Alan discuss some of the inherent challenges around protecting kids on the internet, and how those challenges are increasingly leading policymakers to age verification as the solution. While Alan is curious to see how this approach plays out in Australia, both Jess and Alan are skeptical that age verification will be good for kids or privacy in general.  Professor Miers’ Bio: https://www.uakron.edu/law/faculty/directory/profile.dot?u=jmiers  Chapell Regulatory Insider: https://chapellreport.substack.com/  Takeaways Jess Miers’ career transitioned from policy work to academia, finding a place to express her views freely. Parents face significant challenges in monitoring their children's online activities. The impact of social media on youth mental health is complex and multifaceted. More and more places worldwide are turning to age verification.  The U.S. legal landscape regarding age verification is evolving and is currently impeded due to First Amendment concerns. Advertisers must navigate a nebulous landscape regarding content directed at minors. Data privacy and security concerns are heightened with age verification requirements. Education of both parents and children is essential in addressing online safety. While these issues haven’t squarely hit the ad space just yet, Alan thinks that the post-COPPA 1.0 world will hit the ad space hard. Chapters: 00:01 Welcome + where Jess is calling from  00:36 Policy to academia + why it fits  02:07 Viral CA testimony moment  04:52 What problem age verification is trying to solve  07:03 Youth harm evidence and why causality is nuanced  10:27 Australia: under-16 ban and early consequences  13:54 Europe/UK: “age assurance,” feature limits, and gating  16:37 US: First Amendment and shifting legal strategies  22:55 Why age verification is risky: anonymity + data honeypots  44:28 Where to find Jess + wrap; transcript ends Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Chapell is joined by Tom Kemp, the Executive Director of California's privacy regulator CalPrivacy, to discuss the launch of the DROP data deletion mechanism and California’s rules regarding the Global Privacy Control. While complimentary of California's efforts, Alan attempts to uplevel the discussion to talk more broadly about the larger public policy goals driving California's privacy regime. Tom Kemp's Bio: https://cppa.ca.gov/about_us/ Tom Kemp's Article: https://www.techpolicy.press/lets-make-privacy-easy/ Chapell Regulatory Insider: https://chapellreport.substack.com/ Takeaways CalPrivacy is the first independent agency focused on consumer privacy. The DROP system allows Californians to manage their privacy rights easily. Over 200,000 Californians signed up for the DROP system within a month of launch. Consumers are increasingly interested in privacy protections. The agency is addressing privacy harms, especially for vulnerable communities. Collaboration with other states is on the table a priority for CalPrivacy - particularly re: the DROP. Transparency in data practices is essential for consumer trust. The agency aims to balance innovation with privacy regulations. Authorized agents play a crucial role in helping consumers exercise their rights. Future regulations will focus on reducing friction for consumers.  Alan shares his thoughts on how CalPrivacy can better align its stated policy goals with outcomes Chapters 00:01 Intro and where Tom is calling from 01:04 What CalPrivacy is and Tom’s role 03:33 Why he took the job and his background 06:18 What’s still on the roadmap from “Let’s Make Privacy Easy” 08:18 What DROP is and how it works 11:05 Early adoption: 200,000+ signups 14:26 Privacy paradox and why “making it easy” matters 17:39 Other states showing interest in a DELETE Act model 20:41 Whether DROP could expand beyond California 23:04 Privacy harms and enforcement focus areas 31:14 Opt out preference signals (GPC/OOPS) and how they fit 37:11 Browser conflicts of interest and potential OOPS regs 41:23 Authorized agents and possible additional regulation 45:57 Defining “data broker” and who must register 54:57 Where to find CalPrivacy resources and closing Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Brendan Benedict joins Alan Chapell to talk about some of the recent civil antitrust complaints filed against Google by publishers including Penske, The Atlantic, McClatchy, Conde Nast, and Vox Media. With Judge Brinkema's remedies decision pending and a slew of other jurisdictions (e.g., EU, Canada) attempting to remedy Google's adtech practices, why are so many publishers and adtech companies jumping into the pool? Brendan Benedict may be found at: https://www.benedictlawgroup.com/brendan-benedict  The Chapell Regulatory Insider is available at: https://chapellreport.substack.com/ Takeaways The DOJ ruling gives private plaintiffs a head start on liability. These cases will mostly come down to damages calculations. Google avoided a jury, but the detailed opinion may make appeals harder. Remedies are likely behavioral, not divestiture. Statute of limitations could decide how far back damages go. Chapters 00:00 Intro & Guest Welcome 02:20 DOJ Remedies Decision Still Pending 06:20 Overview of Private Civil Lawsuits Against Google 07:05 Publisher Allegations 08:30 Damages Scale Discussion 10:05 DOJ Heavy Lifting for Private Plaintiffs 13:00 Case Consolidation & MDL Structure 15:25 Google Appeal Strategy 19:05 Duke Energy & “Monopoly Broth” Issue 21:45 Jury Trial Avoidance and Implications 23:45 Texas AG Case Expansion 26:00 Europe and Divestiture Pressure 29:05 Calculating Lost Revenue Damages 31:10 Statute of Limitations Debate 33:05 Settlement Likelihood & Bellwether Trials 39:20 FTC Meta Appeal Sidebar 48:10 Final Takeaways Summary 52:15 Closing & Upcoming Guest Preview Learn more about your ad choices. Visit megaphone.fm/adchoices

David LeDuc from the Network Advertising Initiative (NAI) sits down with host Alan Chapell to discuss the NAI's reinvention of its self-regulatory efforts in light of the influx of U.S. state privacy laws. They discuss what a good privacy law looks like, the challenges around finding the right balance, California's new Deletion tool, and the likelihood of a U.S. federal privacy law in the near term. More on David LeDuc and the NAI at https://thenai.org/about-the-nai-2/staff/ More on the Chapell Regulatory Insider at https://chapellreport.substack.com/ Takeaways The NAI has shifted from crafting self-regulatory rules to helping companies comply with complex state and federal privacy laws as enforcement accelerates. The California Delete Request and Opt-Out Platform (DROP) is likely the most impactful regulatory development for the ad space heading into 2026. Lumping third-party ad tech companies together with traditional data brokers may create regulatory confusion. Kids’ privacy is rapidly expanding beyond COPPA, creating major challenges for ad tech companies aound compliance given that most have no idea how to ascertain the age of a User. Enforcement sophistication and coordination among state attorneys general are increasing, changing the risk profile for companies that try to “keep their heads down” and do the minimum. Attempts to regulate AI indirectly through privacy and consumer protection laws are likely to continue as federal leadership stalls. Chapters 00:00 Welcome and episode overview 02:23 Who is David LeDuc and what is the NAI today 06:00 Are lobbyists really the problem 09:40 Kids’ data, age verification, and policy tensions 13:06 Educating regulators vs legislators 18:04 Ad tech vs data brokers 21:10 What does a “perfect” privacy law look like 30:27 California’s Delete Request and Opt-Out Platform 35:40 Global Privacy Control and browser obligations 39:25 AI regulation through privacy and consumer protection laws 44:20 Predictions for 2026 50:21 Where to find David and the NAI 52:10 – Final wrap-up Learn more about your ad choices. Visit megaphone.fm/adchoices

Alan Chapell is joined by Dr. Travis Hall - Director for State Engagement at the Center for Democracy & Technology (CDT), a nonpartisan organization focused on civil rights and liberties in the digital age. They talk about the ads space through a lens balancing consumer expectations with business interests and debate the merits of the private right of action. Travis Hall’s bio is available at https://cdt.org/staff/travis-hall/  Chapell Regulatory Insider is available at https://chapellreport.substack.com/ Takeaways: CDT focuses on a broad range of digital rights, not just privacy. Data minimization is essential for effective privacy laws. Consumer expectations often differ from actual online behavior. State privacy laws need strong enforcement mechanisms. The private right of action can drive regulatory change. Targeted advertising is an area of continued focus. Understanding technology is crucial for effective policymaking. Advocacy must balance user rights with industry needs. Collaboration between stakeholders is vital for progress. Historical context shapes current privacy advocacy efforts. Chapter: 00:00 Introduction and Personal Insights 01:18 Understanding the Center for Democracy and Technology 04:33 The Role of CDT in State Privacy Legislation 10:20 Consumer Expectations and Privacy Law 16:11 Elements of Effective State Privacy Laws 21:26 Challenges in Data Minimization Enforcement 24:27 The Impact of GDPR on Ad Tech 26:22 Enforcement Challenges in Digital Media 30:22 The Role of Private Right of Action 38:52 Improving Targeted Advertising Practices 46:02 Acknowledging the Tension in Data Practices Learn more about your ad choices. Visit megaphone.fm/adchoices