If it feels like privacy rules change every time you blink, you’re not alone.
The newest wave concerns consumer health data (CHD) laws. States including Washington, Nevada, Colorado, and Connecticut are rolling out stricter requirements for how health-related data is collected, used, and shared.
These regulations extend beyond medical records and can include everyday signals, such as IP addresses, when tied to health-related activities. Even less obvious products—like sunscreen, symptom-based beauty items, vitamins, wellness products, and supplements—may be affected as a result of claims made on the product or website.
It’s a lot to take in, so here’s a quick breakdown of what’s changing and how PebblePost is approaching it.
What is Actually Changing?
In these states, brands now generally need:
- Affirmative opt-in consent for consumer health data
- Clear, purpose-specific language (not catch-all boilerplate)
- Consent captured at or near the point of collection, before data is gathered or shared
That means any data considered consumer health data must come from people who knowingly said “yes” to the specific ways it will be used.
PebblePost’s Stance
Rather than waiting for the strictest enforcement scenario, PebblePost is choosing to operate to the highest standard from the start.
Our guiding principles:
- Consumer health data should only be collected and shared when there is explicit, purpose-specific opt-in consent.
- That consent should be captured before CHD is transmitted to PebblePost or any other partner.
- If those conditions are not met for people in these states, we would rather not accept or process that data than risk being out of step with the laws or with consumer expectations.
In sum, we’re treating CHD as the VIP of data categories. If it’s on the guest list, it needs a very clear invitation.
What This Means For Brands
For brands whose programs intersect with consumer health data or adjacent categories, these laws raise the bar on:
- How consent flows are designed
- How consent is documented and stored
- How partners receive and use CHD
PebblePost will work with brand stakeholders across marketing, data, privacy, and legal to make sure CHD campaigns reflect:
- Clear, documented consent experiences
- Alignment on which data points are in scope
- Confidence that activation is compliant and ready for any audit
For brands that do not currently handle consumer health data, this is an early indication of where privacy is headed: greater specificity, increased transparency, and more power in the hands of the consumer.
Why We Think This is a Good Thing
Stronger privacy standards are not only about risk mitigation, although that is important. They are also about trust:
- Consumers are more willing to engage with brands that respect their choices
- Privacy-respecting data practices tend to be more durable as laws evolve
- Being ahead of the curve today reduces scrambling later
We’re here to unlock performance with data that is trusted, compliant, and future-ready, whether that is in Programmatic Direct Mail, CTV, or wherever the next wave of innovation takes us.
Reach out to learn more about how PebblePost stays at the forefront of privacy. If you’re already using PebblePost, email your Brand Partnerships Manager to explore how these CHD changes might apply to current or future programs.
