GPC and UOOMS: Do Consumers Want an On/Off Switch or a Dimmer?

Intro 0:00

Welcome to the She Said Privacy/He Said Security Podcast, like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st Century.

Jodi Daniels 0:21

Hi, Jodi Daniels, here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies.

Justin Daniels 0:35

Hello. I am Justin Daniels, I am a shareholder and corporate M&A and tech transaction lawyer at the law firm, Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk. And when needed, I lead the legal cyber data breach response brigade.

Jodi Daniels 1:00

And this episode is brought to you by that’s horrible Red Clover Advisors, so small no one could hear that we help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology e-commerce, professional services and digital media. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there’s greater trust between companies and consumers to learn more and to check out our best selling book, Data Reimagined: Building Trust One Byte at a Time. Visit redcloveradvisors.com Well, hello, hello. What’s up? You’re at your mellow. Maybe it’s like close to lunchtime.

Justin Daniels 1:45

You said, I can’t make fun of you, so now I don’t know what to do.

Jodi Daniels 1:48

Oh, my goodness, I thought for sure you’d find something else. No problem. We can focus directly on our guest today,

Justin Daniels 1:55

since we both know our guests very well, but we are talking about a subject matter that is decidedly in your wheelhouse.

Jodi Daniels 2:03

Oh, yes, yes, yes. Well, we have a return guest. We have Andy Hepburn, who is the co founder of NEOLAW and at General Counsel at SafeGuard. Andy is a privacy lawyer with deep experience helping clients in the digital advertising industry navigate complex privacy laws. Is there actually a simple privacy law? I don’t think so. I think all the privacy laws these days are complex.

Andy Hepburn 2:28

They’re all good. But I thought you simplify

Jodi Daniels 2:31

because they’re complex. They start complex, and then I I

Justin Daniels 2:37

try and simple. They put it through the Jodi algorithm, and poof, it’s simple. Oh, that’s a good

Jodi Daniels 2:42

plan. I could make like a little Jodi GPT, that could be fun.

Justin Daniels 2:46

Can I get a licensing fee for that?

Jodi Daniels 2:48

Absolutely not. No. Well, Andy, welcome back to the show. You must have had a good time to come back to our silliness over here. We’re really excited, but people might not have heard the first episode. So if you can share a little bit about your career journey and since then, you have some new fun that you were working on as

Andy Hepburn 3:06

well. Sure, yeah, I was looking back at our last session the notes I prepared for it, which was in 2020, so it’s been a little while, so it’s good to be Yeah, and I’m into my fourth decade of practicing law. So I don’t know how deep you want to go, but spent most of my career as a technology, media and privacy lawyer. Privacy was, you know, really became part of what I do. In 2012 I was working for a company then that that was in the in the TV advertising space, back when it was still just all linear, you know, the ad runs for everybody. Anybody that’s watching the program gets the ad, and they said, We need to replicate our success in the digital media space. And boom, all of a sudden, they had a lot of privacy compliance requirements that no one in the company understood. And having been around the space a fair amount, I knew that it was going to be big. The Laws were brewing at that time and and so I, you know, decided I was going to build some expertise in the area of privacy law and see what I can do with it. And it’s been great. It’s been quite an interesting journey. I think, you know, there’s so much policy around privacy like it really matters to human beings, and as you always say, Jodi, it matters to how companies build trust with their consumer customers. How do you treat my data? Is it, you know? Are you being responsible? So there’s a lot of policy around that stuff that I think you know should inform the privacy laws. And as it relates to what we’re going to talk about today, should inform how consumers interact with companies. Uh, to say, here’s what’s okay with me. And so I think that’s the that’s why it stays interesting for me as a aging, aging lawyer at this point, is it’s new stuff and it’s emerging, and that’s the kind of space I like to operate in.

Jodi Daniels 5:14

Well, there’s certainly a lot that is new and emerging in the five years since you joined our podcast. And actually our podcast is five years old, probably pretty, pretty close to when this episode will release, which is very exciting, and certainly a lot of version in that time period. One of the big areas that I know you have a passion for, and I talk a lot about, Ins, in the news, significantly, is global privacy control, also known as GPC. So we’ll probably call it GPC. That was your acronym glossary. Everybody listening, and it’s becoming more widespread in a variety of different laws. That started in California as a universal opt out mechanism, and other states really followed. So in your view, what are the benefits? And then where are the pitfalls

Andy Hepburn 6:03

with with GPC? Yeah. I mean, I think first we got to talk about a little bit about the context in which GPC is arising. And, you know what? Why is it needed? And so the first thing I would say is GPC, and also, as you mentioned, is known in the law as a universal opt out mechanism, which actually is more descriptive, I think, for what it what it’s how it’s actually being implemented, but it’s sort of an alternative to consent management platforms and tools. And for folks that may not know what all those are, those are the pop up boxes you see on a website or in an app that say, Do you want to consent to cookies? And here we can you can’t consent to we have to use our fun, our essential cookies that make the internet run. But then you have functionality, cookies and analytics, cookies and marketing cookies. And so the first thing you got to think through is, how much does the consumer understand about what those kinds of cookies are? Do they care? You know, is it even feasible in a pop up notice when they want to get to their news article or their latest, you know, social media feed or whatever, is it even feasible for them to have an understanding of what they’re consenting to just to get to their content? So GPC is, is a an alternative to a more complex tool that is widespread in the industry and in a in society. So, you know, I think the one of the benefits that we’ll talk about for GPC is it’s way simpler. You set it one time in your browser or on your mobile device, and it sort of walks with you as you traverse the web or an app or app ecosystem or whatever. And it tells, in theory, tells everyone whose site you hit or app you use that you want to opt out of their use of your data for sales to pay to brokers and for targeted advertising. So, you know, so why is? Why would that be better than the, you know, the ubiquitous consent management platforms and cookie pop up notices? Well, like I said, it’s way simpler. And the other thing about the consent management platforms is, you know, there this thing known as cookie fatigue, or consent fatigue, is a real thing, and privacy fatigue is a real thing when you’re interacting with consumers. It’s been pretty well analyzed by by academics. And I was doing a little research, and I found out that one of the academic studies showed that if you actually read every policy, privacy policy that’s put in front of you through a consent notice online, it would take you seven what is it? 76 working days each year to read all those policies. I don’t know about I read a lot of privacy policies, but 76 working days worth, and we’re talking 24 hours a day working so, I mean, it’s, you know, it’s just not feasible for consumers to, you know, to read all that much less how dense and complex privacy policies he can be and understand them. So the nice thing about, I think, CMPs and GPC are that they’re trying to create a more useful user experience. And I think a really important policy question is, are they achieving that goal? So when I started thinking, when I first saw GPCs come on to the market and begin to be discussed, I don’t know if you know this. Yes, Jodi and Justin, but GPC is it originated in the World Wide Web Consortium w 3c and then Consumer Reports got involved and started endorsing it, and it also advocating for it with consumers. And they have a good consumer audience. Well, it’s not the first, it’s not the W, 3c, first effort at this kind of thing. They had the Do Not Track initiative. And the digital advertising industry got involved with the Do Not Track initiative and said, you know, nice in theory, but you can’t just have it be an on off switch. And so it died. They were able to essentially make it die. And so here it is again. It’s an on off switch either, either I you know, either I say, Do Not Track and do not and I’m opting out of targeted advertising, and I’m opting out of any selling of data that you’re doing, or I’m all in. And my question all along has been, is that really what consumers want? Do we really want a system that says all or nothing? And what I would say is, first of all, you got to say, well, are all consumers the same? And I gave a, I gave a taught a class at Kennesaw State University recently in their MIS, one of their introductory mis messes, and I showed what I called a a privacy sensitivity scale. And on the left side, I had my dad, you know, who’s like, I don’t want anybody to have my data, not the government, not companies. You may not have my data. You may not target ads for me. And then on the other side, I had my kids at a concert at a Beyonce. No, it was Lady Gaga concert. And, you know, they’re digital creatures. They’ve never known a life without the internet and phones and apps and all that stuff. And they’re kind of like Dad, I’m an open book, whatever, whatever I’ve said, it’s out there, and I can’t get it back. And so, you know, they’ve kind of given up. And I don’t think either one of those extremes necessarily represents the average consumer. So the question is, if we, if we want something that actually addresses that privacy, privacy, sensitivity scale. It can’t just be the on off switch that GPC is presenting. It needs to be something more nuanced. So let me pause there and see if you guys have any thoughts, comments, questions.

Jodi Daniels 12:36

Well, first I’ll share. I’m so glad you brought up. Do Not Track anyone who reads a lot of privacy notices, hopefully you read the paragraph that is still required, because that law didn’t go away. B3 70 that says you have to say if you are or are not honoring Do Not Track. And I think there were about five companies that actually decided to honor Do Not Track, don’t quote me, on five. It was a very small number of companies. Yeah, I decided to honor it, but it was exactly the challenge, because no one could agree. What does track? What What am I tracking? What’s okay to track, what’s not okay to track. And then it fast forward. Here we are. Regulators decided, modern version figured out, yeah, that’s kind of my my short way. But for anyone who only knew GPC and didn’t know the history of Do Not Track, I do encourage you to go. There’s no shortage of content online. It is a fascinating story of a lot of effort and very significant thought went into this concept of track and what you can and should and how do you quantify all of that? And now here we are, back in this kind of binary situation, right, that you’re forced to do on or off, right?

Andy Hepburn 13:46

Yeah, it’s really interesting. If you start reading the academic research and Jodi, I know, you know, Dan Solove, the professor at George Washington University that does the privacy and security conferences. He’s, you know, he’s written a lot about, is consent, really, really a reasonable way to interact with the consumer at scale, about this kind of topic. And his point is exactly that, what does do not track me to the consumer, because some tracking you want it like, do you? You know, some people use the Find My functionality in in iOS and in mobile devices. That can be really useful. When you’ve got a kid and you want to see where they are, you might even require them to turn it on. Well, you can’t do that. If you’ve said, do not track right my location, do not track my so it’s just that’s the point I’m making is that it’s not a bad idea, but it needs to be more nuanced. And when you talk about, how do you make it more nuanced, you get into the whole thing about, how do you let the consumer know what they’re agreeing to? Right? Or what they’re stopping when they implement GPC in their browser or on their phone. How do you let them know? So there’s a lot of thinking going on around that subject, and it’s it’s really interesting. Dan Solo says there is no way for the average consumer to really understand what they’re consenting to when they say functionality cookies are okay. Do they know that the functionality we’re talking about is the Facebook the meta pixel, the Snapchat pixel. That mean that’s what’s in that third party pixels are in the category of functionality. But when you read the consent management platform. Notice it typically says, if you turn this off, some functionality in our website may not work. Oh, I don’t want that. I want this. I want the functionality to work. They’re not really saying in any detail anyway, the functionality we’re talking about is social media functionality, and there’s other functionality too. I’m not but that’s the that’s an example of, how does the consumer know that I should only agree to essential, which I don’t have the option on on that one, but maybe to analytics. That’s my practice. I force myself to do it. I go, I go into the CMP, and I say, you can do analytics in essential and that’s it, and I spend way more time on that than I should, so I’m looking for ways to make it simpler for consumers. And the thing that Dan Solove argues is we really need to be focusing on harms, because the use of my data to determine if I have a disease because I’ve been searching a website that says, Have you just contracted diabetes? Here’s what you should do. Well, that does that tell them that I have diabetes? Maybe it might mean that my friend has diabetes, and I’m interested. You know it doesn’t, and so but, but the point is, the consumer. There’s, if you know what the advertising technology ecosystem does with data, you have to spend a lot of time learning that stuff, and the consumer is not going to do it, and we should not expect them to do it. So what’s a way to, you know, to to do better and provide reasonable choices to consumers that also allow them some, you know, some flexibility, depending on where they are on the privacy sensitivity spectrum, which is my term for dad and my kids on two ends. And that’s what, that’s what I’m arguing for with GPC, is a more granular approach. So we can talk more about, you know what that means?

Justin Daniels 17:47

Sounds like you should talk about what you think that means to be between the two extremes. Yeah.

Andy Hepburn 17:54

So right now what we said is that GPC is an on off switch either track me as much as you want or don’t track me at all, and I’m opting out of the sale of my data, and the I’m opting out of target use of my data for targeted advertising. And so what could be in between those two extremes? Well, you know, I don’t know, you guys might be old enough to remember the early versions of Internet Explorer, but way back when they had a little slider switch in their user interface that allowed you to go to from no tracking to moderate tracking to, you know, unlimited tracking. So there was an idea. There was a there was a company that had a dominant position in the marketplace saying, we want to give consumers a choice. And then if you wanted to understand what those settings meant, they gave you, you know, some information buttons that could let you dig in a little bit. So that’s one idea for how you could do it. But you know, the problem I’m having with GPC is even on their in the FAQs, on their website, they say it permits users to easily and clearly exercise their privacy rights. Again, that’s true only if you want to turn off all targeted advertising. If you turn it on, that’s what happens. Maybe that’s what you want. But, you know, I’ll just use myself as an example. There are circumstances where I want some at some targeted advertising, and it’s around what I you know, what I care about. So an example might be, if I’m shopping for a new car, Justin, you’ve ridden in my new car, I might want to get an ad that gives me a discount or an offer, right? That says, you know, here’s the ad, click here and and you’ll get a 10% discount off your car. Hey, I’m clicking on that ad. Well, I’m only going to get it if I’ve allowed targeted advertising, because that’s the only way for the ad. Advertiser to know that I’m an auto in tender, which is the taxonomy for the audience segment, for identifying people who are shopping for new cars. Well, okay, so I want to turn that off until I buy the new car, and then I don’t want any more of those ads. So why can’t I do that? So that’s my idea. That’s kind of in a nutshell. The idea that I have for a more nuanced GPC is a method where you you know GPC, you go into your browser or your mobile device, you turn it on and you set it and forget it. That’s the Pro is you’re not interacting with every website in every app and reading their privacy policies and trying to understand their cookie descriptions and setting those on a publisher by publisher basis, or an advertiser by advertiser basis. What you do is you go into a, you know, you go into the browser GPC functionality, and you say, Yeah, you know what I’m interested in, cars, and for me, it might be music and sort of outdoor adventure. Those are three things I’m, I’m curious about and interested in, and I’m, I’m okay with getting some targeted ads about those topics. Other than that, I’d really rather not. That’s how I that’s how I would set it up. So it’s not it’s not a the idea that I have is not a significantly more complex solution than what’s being offered, but it gives you the opportunity to permit some targeted advertising based on your expressed interests, and then that profile that you set in your browser or on your phone, it travels around. So you get ads. You get ads based on what you’re interested in, or if you don’t want any turn it off, and that just seems like a more reasonable way to address consumers actual privacy preferences than an on off switch, which is what GPC is today.

Jodi Daniels 22:00

And I’m curious, what are your thoughts we have laws and regulations, we have regulators, and we obviously also have standards, like IAB has a number of different standards. If you were to think about all of those different pieces, what do you think is the role of them in trying to help solve this issue that you’re talking about?

Andy Hepburn 22:23

Yeah, I mean, I think standards are huge. I mean, it’s, it’s, you mentioned, the IAB and the global privacy protocol or platform, is a method for publishers and advertisers and all of the ad tech intermediaries in between them to get a notice about what the consumer has selected for their privacy preferences. And so it carries that, you know, we won’t get into programmatic advertising and all that stuff on this call, but it allows you, it basically allows the consumer preference to travel with through the advertising ecosystem from the website publisher saying, hey, Andy’s on the website, and he’s, he’s okay with getting ads about cars and and, you know, music and so here you go. Advertisers. Do you want to bid on, on serving an ad into my website for this for this individual, and I’m pseudonymized in that context. But so, how? So? So, along with that, the IAB is promoting the the Multi-State Privacy Agreement, which is it’s not a contract that everybody signs between the publisher and the advertiser. It’s really a standard that says, hey, if you get this signal, you’re agreeing to treat it this way. So it has what are called springing obligations. So that’s one example of an industry initiative to create a standard that that you know might be helpful in making sure that not only the publisher whose site you’re on and the advertiser who’s serving you an ad, but all the people that might touch your data in between them. And again, without going into too much detail, there can be hundreds for one ad, for every single ad, of intermediaries touching your data. How Do They Know what your preferences are so the GPP with the NSPA is designed to address that issue. So why don’t we have more of those, and why hasn’t the industry adopted them? Great question. Because standards are hard. I once heard somebody say standards are great because everybody has their own. So not only do we have competition, you know, in the marketplace, but we have competition among the standard setters, you know, and there’s, there’s some, there’s different industry organizations representing different constituencies in the marketplace, and they don’t necessarily agree on. What the standard would be. So they’re hard, but I think they’re, you know, enormously useful. And SafeGuard is SafeGuards another, you know, shameless plug, but it’s another attempt to create some industry standards around the way that buyers, meaning companies that are buying services from advertising companies can evaluate their privacy posture. And instead of having, you know, one to one discussions about that, it’s it’s aimed at making that sort of a standardized if I’m the vendor, I fill out an assessment, and I can share it with any number of of my customers or other, you know, constituents that might be interested in my privacy profile. So there are efforts underway to do standards, and you know, the problem is, I think competition, you know, that’s that’s the problem in the industry, but it’s not impossible. And I’ll give you, give you an example for a standard that was completely successful, which is the barcode. You know, I’m old enough to remember, the cashier picking up the item, looking at the price, typing it into the cash register, moving it down the conveyor belt. You know, that’s not how we do it anymore, right? You scan the barcode and and your price pops up, including whatever discounts of the day you may have, so that the barcode came about through IBM, essentially wrangling the the grocery industry into adopting this solution. Because, you know, the sellers wanted something easier than than having to put a price label, and the grocers wanted it too. So there were some alignment around this is too hard. We need automation. We need something that’ll help. So it is possible, if the incentives are throughout the you know the marketplace are strong enough to to make that happen. So what do you think are the incentives strong enough in the in the advertising space to to get a good standard?

Jodi Daniels 27:06

I think that’s kind of typical market dynamics. I think we’re getting there. It’s a little little bit slower. My belief is I really like the various standard tools that you describe, the MSPA, that contract, as well as that diligence framework. And what will happen is you need, I think, more customers pushing on agencies and their vendors to say, I require this of you. Then we’re going to have more of those vendors and agencies all start to participate more and more, and the companies also want to participate. We’re seeing it. We talked in our little pre show that we’re seeing that movement. I think the more enforcement actions that come out, I also think will help propel that forward,

Andy Hepburn 27:48

right? And I think the industry you know, you and I both work with companies of widely differing sizes, and you know, for for a small or medium sized company privately held privacy compliance is ridiculously hard and complex. I don’t know if ridiculously is the right word, but it’s extremely hard and complex and and they’re just like, well, is anybody getting in trouble other than Google and meta and Amazon? Not too many. It’s starting to happen. We’ve seen Florida and Texas has done some. So, you know, there’s this, there’s been this open question is, are the regulators going to actually regulate? And I think we’re seeing movement toward that now. And wow, look at that. People are starting to worry about it. People are starting to say, Oh, maybe I need to actually address this in my shop. So I agree enforcement is critical if we want the industry to move together toward reasonable solutions that work for everyone. You know, competition is another barrier to to adoption around standards is, you know, everybody wants their own standard that that maximizes their opportunity and minimizes their competitors opportunity. You can’t get away from that, and that’s why the important enforcement stuff is, I think, critically important, but

Justin Daniels 29:22

doesn’t the enforcement stuff take budget and now we’re in a situation where the federal government is stripping funds that might go to the state for other stuff. And so if the states have to do that other stuff, what then happens to the budgets? Because you’re right. Andy, I get into interesting debates on LinkedIn and other professionals, where you know, how do you get companies to care? It’s what you identified. But if you don’t have the budget to have the staff to regulate beyond the big tech, how does that actually operationalize to use it for. Someone else here likes so that you do have the regulation where people like, Oh, I could get snared up in this. I really do need to change my practices.

Andy Hepburn 30:10

Yeah, and it’s a great point Justin, because as you, as you know, on the cybersecurity side of this discussion, you know, every state has their has their breach notification laws, they’re similar, you know? And some of them enforce. Some of them do stuff with notifications they receive of a breach. Some of them don’t do much because they don’t have the budget. So it’s a it’s, it’s a difficult thing. And you know, the states where we’re seeing enforcement, California, what is it like? The fourth largest GDP, if it were a country in the world right now? So they’ve got some budget. Texas, big, big state, lots of revenue. They’ve got some budget. Arkansas did one. I don’t know if they’ve had a big budget, but you know, it was, it was kind of a, kind of an outlier, I think, and then you look at other states like Connecticut has a has a robust privacy law, and in a handful of regulators that care a lot and are trying, what’s interesting is, I think that this is worth, I think, mentioning on this Call is there’s now a consortium of state privacy regulators that are working together on enforcements. And I think that thing exists because the problem, the challenge of having enough budget to actually do any meaningful amount of enforcement, is so great that there’s they’re getting together the state AGs, and they’re saying, why don’t we share the load? So that might be one way that it gets addressed is through, you know, kind of pooling of resources. The biggest privacy enforcement agency historically is the Federal Trade Commission, and they do that under the FTC act. You know, the unfair and deceptive acts and practices authority that they have, and it’s like, like you said, things have changed in the new administration, and you’re not seeing as much enforcement. So I think that’s, you know, there’s no getting around that the administration in power is going to affect how much government regulation of business practices is going on in the marketplace. And right now we have an administration that is, you know, hands off. I won’t say completely. They’re not, they’re not saying that nothing matters. And examples of where you’re still seeing the FTC stay involved is around children. It’s children’s privacy and and online security, that’s a hot topic in the advertising and privacy space in the FTC still still investigating those types of things. So there, I think it’s becoming more aimed at specific types of privacy issues and harms, which isn’t, you know, healthcare is another one that that, I think the FTC, we could still see some enforcement out of them, or in some activity on that front. So, you know, it’s it, but it’s going to ebb and flow, for the reasons you mentioned

Jodi Daniels 33:19

Andy, knowing all that, you know, what is the best personal privacy or security tip you might offer those listening?

Andy Hepburn 33:30

I have a recent one. My poor mom, she’s 85 and and she got a she got a check. I won’t I won’t name the retailer, but she got a check for $700 from a retailer. She had no idea why. She had no knowledge of being owed any refunds or credits or rebates. It just arrived in her mailbox out of the blue. Now, was it this retailer, or was it not? So I don’t know the answer to that yet. It’s an active investigation by Andy Hepburn, the Son, but I have I’m very concerned that there’s a sophisticated fraud happening for her. So I’ve told her, do not, do not give any information on phone calls and do not get link click on any links in emails or texts that you might receive about this. So my number one tip is, learn about phishing attacks, learn what they are, how they’re implemented, and take steps to avoid them as much as you can. And the FTC does have some good guidance on their consumer.ftc.gov site. So there’s good information. I mean, you can just search it online. You can find good information about how to spot phishing attacks. So that would be my number one recommendation.

Jodi Daniels 35:00

I think this is a good time Justin for you to plug another opportunity of where people can learn to help protect seniors.

Andy Hepburn 35:08

Ah, that is true. So I am a board member of you. What side Andy? I said, do tell Oh,

Justin Daniels 35:18

just another person we I met on LinkedIn and become friends with her. She’s been on our show. Lexi Lutz, we did a whole episode. So I’m a board member of optinspire, that’s an organization whose mission is to help educate seniors about online scam. So it’s materials, putting together webinars, actually coming in-person to assisted facility list living facilities to educate

Andy Hepburn 35:47

all that stuff. Sign me up as a volunteer.

Jodi Daniels 35:50

Yeah, um, so for everyone listening, we feel really strongly about this as a reminder any of you who are IAP P certified privacy professionals by participating in the training and doing one of these sessions for an hour, you can actually get CPE credit, and so we will certainly share it with you Andy and for the broader audience, it’s a really important piece. I am sure everyone listening here knows a neighbor, a friend, a grandma, a parent, somebody who needs this information sounds when you’re not doing all things privacy and protecting your mom. What do you like to do for fun?

Andy Hepburn 36:31

Well, this weekend, I’ll be at the shaky knees festival festival in Piedmont Park, listening to a whole bunch of bands with all about 100,000 of my friends and neighbors. So that’s that’s live music is one of my big passions. So I’ll be with the kids listening to a bunch of good live music this weekend.

Jodi Daniels 36:52

Very nice. Well, Andy, we’re so excited that you came back to share the latest on global privacy control, and if people would like to connect and learn more, where should they go?

Andy Hepburn 37:04

You can send them to neolaw.com, which is my law firm’s website, so neolaw.com. You can also contact me through the website.

Jodi Daniels 37:15

Wonderful. Well, thank you again. We appreciate it.

Andy Hepburn 37:18

Always a pleasure. Have a good day.

Outro 37:24

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.