Skip to content

The NAI Summit 2025: Celebrating 25 Years of Moving Privacy Forward

Advertising technology leaders and privacy experts recently celebrated the NAI’s 25th anniversary as a leading privacy self-regulatory organization at its annual NAI Summit, held in San Francisco on May 21-22. The NAI Summit was a productive and thought-provoking event, and featured high-level government officials, ad tech professionals, and industry thought leaders. Participants gathered to celebrate the NAI’s success, to lay the groundwork for the future of responsible self-regulation, and explore pragmatic, collaborative solutions to the most urgent privacy challenges facing the industry.

This year’s Summit began with a nod to the NAI’s founders, and an introspective look at the industry’s challenges from 25 years ago and how the industry came together to develop strong privacy self-regulation as a comprehensive solution to those challenges. The NAI team then set the stage for forward-looking discussions focused on solving today’s most complex privacy issues. Attendees explored practical strategies, shared insights, and heard directly from key enforcement officials about their future priorities. 

Here are our top takeaways from the 2025 NAI Summit:

1. Pay attention to enforcement priorities and settlements from the CPPA to successfully navigate compliance.

The enforcement division of the California Privacy Protection Agency (CPPA) has been active this year, publishing two significant decisions—Honda and Todd Snyder—in addition to a steady drumbeat of data broker registration actions. Given this pace of CPPA enforcement activity, the NAI was delighted to host Deputy Director of Enforcement at the CPPA, Michael S. Macko, who shared the agency’s priorities and approach to enforcing the CCPA and the Delete Act. In a fireside chat with NAI General Counsel Tony Ficarrotta, Macko emphasized that the division, which is growing in its investigative capability, seeks to bring cases that have “strategic purpose” and build “foundational precedent” for the long term, and noted that the pace of investigations and enforcement actions does not abide by artificial timelines. He also indicated that while personal information is potentially powerful and useful, its use can also be risky—comparing personal information to “enriched uranium” that is dangerous in the wrong hands. 

Macko highlighted the division’s work on data minimization and choice, noting that the Honda and Todd Snyder cases both alleged a lack of data minimization and a poor opt-out user experience, and pointing to enforcement advisories that focused specifically on data minimization and choice architecture actions. Macko encouraged companies to pay close attention to issues raised in enforcement advisories, as those are likely to be priorities for enforcement. 

On data broker registration compliance, Macko spoke to the distinction between “selling” and “sharing” as those terms are defined in the CCPA; but he emphasized that if a business “shares” personal information, that does not necessarily mean the business is not also “selling” the same information because “sell” and “share” are overlapping concepts. How businesses evaluate whether their “shares” are also “sales” could implicate data broker registration requirements. Separately, he indicated that inferences ARE personal information under the CCPA, even if they are not derived from personal information (e.g., if they are derived from publicly available information), as demonstrated through the Background Alert enforcement action.

Finally, Macko highlighted that the CPPA had recently joined a consortium of eight state privacy regulators to better protect consumer privacy across their jurisdictions and emphasized this work will be a high priority moving forward.

2. Effective consumer choice requires industry collaboration. 

Consumer choice is the most visible way companies can present privacy rights to consumers and ensure those rights are properly exercised. To be effective, it must be done simply, thoughtfully, and collaboratively. The NAI is working tirelessly to simplify and align choice across the advertising industry to ensure that consumer choice is promulgated properly and respected by every company in the data supply chain. Industry collaboration will be a key component of creating choice that strengthens trust and empowers consumers.

While the responsibility for collecting and communicating consumer choice preferences has traditionally fallen to the third-party ad tech ecosystem, today’s legal requirements often shift that burden to publishers, and contradictory signals and fragmented implementations can create confusion and risk for all companies in the data supply chain. While several existing choice mechanisms show promise, these tools must be thoughtfully applied to meet both regulatory and consumer expectations. The opportunity ahead lies in simplifying and aligning these practices across the industry to ensure that consumer choice is respected. The NAI will be engaging with members to create opportunities for cross-industry collaboration to evaluate and implement clear, consistent choice signals that will be key to turning this challenge into an opportunity.

3. Congress has reset efforts around a national privacy law, but the focus remains on state-level legislation.

Though the number of comprehensive state privacy laws remains stuck at 19, for now, state legislatures are aligned in their focus on children’s data, consumer choice, sensitive data restrictions, and prohibitive data minimization requirements. Many state data minimization provisions restrict data collection to be “adequate, relevant and reasonably necessary,” but alternative proposals seek to align more closely with the Maryland Data Privacy Act’s “strictly necessary” standard. For now, however, Maryland remains a significant outlier. Sensitive data is defined differently across the states, with an increasing emphasis on location data and a shift away from health data. 

The 119th Congressional efforts on privacy are being led by the Republican Privacy Working Group in the House Energy & Commerce Committee, which is actively soliciting stakeholder input with the goal of drafting a national data privacy law that balances data protection with innovation. Despite these renewed efforts, bipartisan consensus in Congress seems unlikely. 

AI, once a key priority for both state and federal lawmakers, has seen substantially less focus in 2025. The outlook for a recent federal proposal to create a 10-year moratorium on state AI regulation is unclear. Although AI use cases continue to proliferate rapidly, legislation to regulate it seems unlikely in the near term.

4. National security concerns have created new risk assessment and data governance requirements.

The U.S. government’s increased focus on limiting national security risks posed by the sale of Americans’ sensitive data to foreign adversaries represents a new compliance challenge for companies that rely on the collection and use of data for advertising. The complexity—and ambiguity—of these new policies require new diligence measures, and significantly more resources to assess partners and their data practices. The DOJ and FTC have both indicated that enforcement of these new requirements will be a key priority, and while there is a substantial lack of clarity around available resources or parameters for cooperation at these agencies, traditional sensitive consumer data related to health and precise geography are likely candidates for their initial focus. The NAI will work on behalf of members to play a key role in deciphering the complex and disparate definitions and requirements, and to develop industry best practices.

5. The FTC will focus on more traditional enforcement areas, like fraud, consumer protection, and trade regulation, but will still prioritize sensitive data. 

One of the standout moments of the NAI Summit was a fireside chat with FTC Chairman Andrew Ferguson. Since assuming office, Chairman Ferguson has led the agency in a new direction, signaling a shift away from broad rulemaking and toward a renewed focus on traditional enforcement priorities. In his remarks, Chairman Ferguson emphasized that the FTC is re-centering its efforts on fraud prevention, consumer protection from unfair and deceptive practices, and trade regulation. Rather than pursuing expansive rulemaking, which he identified as overly resource intensive, the agency under his leadership aims to enforce the laws Congress has already enacted.

The Chairman emphasized that he will continue to prioritize the protection of sensitive and children’s data, expressing strong support for COPPA 2.0 and committing to actively enforcing the recently updated COPPA rule through enforcement actions and amicus briefs. He also highlighted a renewed focus on growth and innovation, noting that the FTC is soliciting input from all federal agencies to identify regulations that may hinder technological progress. On AI, he advocated for a measured, informed approach: focusing on preventing existing legal violations such as deception and anti-competitive behavior, rather than rushing to overregulate emerging technologies.

Importantly, Chairman Ferguson distanced the agency from the term “surveillance advertising” used by the previous FTC, recognizing that the online economy is driven by the value exchange created by data-driven advertising. Ferguson also pointed out that he is a strong proponent of protecting consumer privacy under the FTC’s current Section 5 authority, highlighting that he voted in support of most of the privacy actions brought during his tenure, even if he disagreed on certain applications of that authority to data practices.

Chairman Ferguson acknowledged that current laws governing data use and online advertising are outdated and reaffirmed the need for a comprehensive national privacy framework. While the Chairman emphasized that this law must come from Congress, rather than FTC rulemaking, he said that he would gladly welcome enforcement responsibility should Congress authorize it.

6. Self-regulation contributes to enhanced industry compliance and consumer protections, but must, and will, evolve. 

In today’s evolving legal environment, self-regulation serves as a critical leadership tool, especially amidst a complex patchwork of state privacy laws. Organizations like the NAI play a vital role in helping businesses navigate this shifting landscape with a flexible, proactive approach that prioritizes both consumer protection and industry integrity. By working closely with regulators like the FTC, and by educating consumers, government bodies, and industry stakeholders, the NAI fills a much-needed gap in the current regulatory framework. In doing so, it not only strengthens trust and accountability across the digital ecosystem but also helps NAI member companies turn privacy into a competitive advantage—enabling them to build stronger consumer relationships, differentiate themselves in the marketplace, and stay ahead of evolving legal and ethical expectations.

During his fireside chat, FTC Chairman Ferguson offered a powerful analogy: “Self-regulation organizations are like effective neighborhood watches. They make the industry safer.” We couldn’t agree more. At the NAI, we are committed to making the industry safer—through privacy, trust, & accountability.

THANK YOU!

Thank you to each of our keynote panelists, FTC Chairman Andrew N. Ferguson, CPPA’s Head of Enforcement Michael Macko and DOJ’s Deputy Assistant Attorney General Mark Hamer, and all of our amazing speakers: Sarah Barrows, Dennis Buchheim, Sam Castic, Alan Chapell, Joyce Chen, Tom Daly, Devon DeBlasio, Ken Dreifach, Tony Ficarrotta, Leigh Freund, Rachel Glasser, Daniel Goldberg, Nur-ul-Haq, Ghita Harris-Newton, Dylan Hoffman, Chris Hoofnagle, Dan Jaye, Gary Kibel, David Kohl, David LeDuc, Jessica Lee, Ari Levenfeld, Nancy Libin, Bill Magrath, Willy Martinez, Noel McMichael, Karen Miller Reese, Laura Riposo VanDruff, Susan Rohol, Julie Rooney, Tracy Shapiro, Shailley Singh, Zane Witherspoon & Dave Zinman!

A big thank you goes out to all of our sponsors for your support of the 2025 NAI Summit and helping bring leaders in the ad-tech industry together: Yahoo, Davis+Gilbert, Google, OptimizeRx, Kelley Drye, ZwillGen & Boltive!

See you next year in Washington, D.C. for our 2026 NAI Summit!

Similar Posts

Benefits of Tailored Advertising

March 26, 2021
Tailored advertising plays an integral role in driving economic growth and encouraging competition among companies. It affords small businesses and startups the ability to create new content and services. We’re
Read More