Blog The American Privacy Rights Act of 2024:...

The American Privacy Rights Act of 2024: The latest privacy framework impacting mobile marketing

The “privacy era” that today’s mobile marketers are operating in has been punctuated by the introduction of numerous privacy standards, both on a global scale and specific to particular countries and regions. Arguably one of the most transformative was Europe’s General Data Protection Regulation (GDPR), which is soon to be joined by the American Privacy Rights Act of 2024 (APRA)—parallel legislation in progress for enactment with U.S. congress.

Frameworks such as the GDPR and the APRA, introduced by legislative bodies and therefore legally enforceable, have far-reaching implications for app developers and marketers, changing the way data is measured, analyzed, and processed.  As well as a shift in mindset, these laws are necessitating a shift in the technologies we’re using to run and optimize mobile marketing campaigns, as well as measure their success.

So what are the key privacy laws we should be aware of, and what do they mean in practice?

Key global privacy standards

Among the most far-reaching and influential of these privacy-preserving measures are:

Europe:

India:

  • Digital Personal Data Protection Act (DPDP Act)

U.S.:

  • California Consumer Privacy Act (CCPA)
  • New Jersey S332

Brazil:

  • Lei Geral de Proteção de Dados Pessoais (LGPD)

The thread between all of the above frameworks is their focus on protecting the data of regular consumers and service users.

Consent management platforms
In line with such legislation, how do marketers remain on top of whether users have provided consent relating to the processing of their data? Learn more about consent management platforms as a way to streamline consent collection, processing, retention, and deletion.

From the perspective of mobile measurement, one of the results of this global legislative movement is a great reduction in marketers’ ability to access device-specific data—individual markers such as device IDs—for attribution and campaign optimization.

Having traditionally relied on device IDs and similar, the industry faces a real shift in the mechanics of measurement and attribution.

As the custodians of much of the world's device-level data, Apple and Google have also moved to transform their data-handling processes to become compliant with these new requirements.

With SKAdNetwork (SKAN) and its successor, AdAttributionKit, Apple was the first to release a privacy-centric framework to ensure compliance. Google’s solution—Privacy Sandbox on Android—is just around the corner. Read more on Privacy Sandbox on Android terminology.

The result for mobile marketers? New limits to the measurement and attribution markers that the industry (as downstream consumers of the data provided by Apple, Google, and others) have access to. Rather than being able to identify and measure a user based on device ID, gaining insights from aggregated, fully anonymized, and delayed data, is more and more necessary, which in turn necessitates an altogether different approach.

Privacy frameworks and next-gen tech

The transformation of our measurement and attribution processes is leading to the transformation of the role of the mobile growth marketer. Understanding, appreciating, and implementing next-generation tech solutions has become paramount. And it’s fair that marketers expect a lot from these solutions—namely the ability to maintain the same growth levels while remaining absolutely compliant with the requirements of these new, complex, and continually evolving legislative frameworks.

Adjust is at the forefront of technical innovation in the industry, responding to this change with tools that represent the future of mobile measurement. Thanks to the way our market-leading solutions digest aggregated data and use it to produce meaningful insights, we’re continuing to empower mobile marketers to optimize campaigns and celebrate significant app growth in times of change. Three of the solutions that drive and maximize measurement capabilities in the privacy era are:

At the heart of these three approaches, and indeed the majority of future-focused tech in mobile marketing, is artificial intelligence (AI) and machine learning (ML). Sophisticated applications of AI and ML make it possible for marketers to glean actionable insights from aggregated and anonymized data in real-time.

It’s important to mention that device IDs—where user consent has been provided—continue to enable traditional attribution. These next-gen solutions exist in parallel, offering a future-proofed and complementary source of data that allows marketers to continue to run targeted campaigns, to strategize effectively to scale user acquisition, and grow at pace.

The American Privacy Rights Act (APRA)

We’ve listed just a couple of U.S.-state-specific privacy frameworks above, but, in fact, 17 states have now created (with some yet to introduce) their own separate—but very similar—forms of privacy legislation. These include:

  • The Virginia Consumer Data Protection Act (2023)
  • The Texas Data Privacy and Security Act (2024)
  • The Florida Digital Bill of Rights (2024)
  • The New Hampshire Data Privacy Law (2025)
  • The Iowa Consumer Data Protection Act (2025)

The APRA (introduced in April and currently being considered by U.S. Congress) aims to be the first bill that protects user privacy at a national level, simplifying compliance messaging by avoiding state-specific nuances, and forcing U.S. businesses to reconsider how they’re processing the data of their users or customers.

The purpose of the American Privacy Rights Act of 2024

A key difference between the GDPR and APRA is that the GDPR applies to the data of any E.U. citizen, regardless of the geographical location of the business processing the data. APRA (in its current form at least) is more focused on data protection within the U.S.

In the same way that the GDPR revolutionized business processes the world over, the APRA will trigger significant ripples through U.S. business. With huge swathes of mobile apps available in U.S. app stores, it’s big news for mobile marketers.

The focuses and obligations of the GDPR and APRA are similar—both center on the type of consumer data being stored, deletion policies, opt-outs, consent, certification, and data processing. Think of it as all of the elements involved in truly giving a consumer control over their personal data.

As we await an announcement around the enactment of the APRA, it’s prudent for mobile marketers to conduct planning and strategizing with stringent data protection requirements in mind. Whether the APRA passes through U.S. Congress or stalls, it’s clear that frameworks taking a similar shape will continue to appear and make waves across the globe.

With this ever-growing list of global privacy measures in mind, it’s critical for mobile marketers to focus on tech that drives app growth in a transformed privacy landscape. Request your Adjust demo to talk to the team about how we’re future-proofing your app’s growth.

Be the first to know. Subscribe for monthly app insights.