As technology advances, the advertising world is keeping pace. Companies can now advertise more easily and effectively across the Internet. However, the risks associated with that convenience are becoming more and more apparent.

Many companies employ third-party advertising services that use online consumer data and automated software to place advertisements across millions of websites, thousands of apps, and different user-generated video services. Unfortunately, because of this wide-reaching marketing tool, organizations employing targeted ads risk having their advertisement and brand displayed alongside offensive content. (Some types and uses of targeted ads have even faced legal challenges.)

Technology has changed the way businesses market themselves to consumers. Businesses now have the ability to identify shifting consumer preferences, launch highly targeted advertising campaigns, and communicate instantly with potential customers. One thing this new marketing has in common? Consumer data. As marketing technologies evolve, companies should be aware that the myriad of data security regulations don’t just apply to how companies conduct their business, but how they market it as well.

Antiquated privacy laws are haunting businesses that base their privacy policies on current statutory language. Most laws intended to protect individuals’ privacy rights were designed with decades-old technology in mind. While this problem has been gaining attention for its impact on individuals’ privacy rights, businesses have also felt the effect of archaic privacy laws. Due to the public’s overwhelmingly favorable views toward privacy rights, businesses are becoming increasingly vulnerable to distorted interpretations of outdated laws.

Marvel fans know that Captain America’s shield is extraordinary, but exactly what it’s made of remains unknown – Vibranium? Adamantium? Unobtanium (oops, wrong movie)? For the time being, similar mystery shrouds the specifics of the new EU-U.S. Privacy Shield. Four months ago we posted on the European Court of Justice’s ruling that the U.S.-EU Safe Harbor was invalid. This Tuesday the European Commissioner announced negotiations with the U.S. had successfully yielded a new vehicle for compliant cross-border transfers of EU residents’ personal data, dubbed the EU-U.S. Privacy Shield. But until details of the new vehicle are disclosed, the specific features of the Privacy Shield remain murky.

You’ve no doubt heard that on Tuesday the European Court of Justice declared the U.S.- EU Safe Harbor invalid. Under European law, the transfer of EU citizens’ personal data to a third country may only occur if the third country ensures adequate protection of that data. A European Commission decision in 2000 declared the United States’ laws and policies provided such adequate protection, through the vehicle of the U.S.- EU Safe Harbor FrameworkNearly 4,500 U.S. companies partake of Safe Harbor protected status – at least until this week’s European Court of Justice’s ruling pulled the plug.

As a result of this ruling, each of the European Union’s 28 national data protection authorities (“DPAs”) now has the power to establish its own rules and regulations for data transfers. Although the U.S. and the European Commission are engaged in continuing negotiations for “Safe Harbor 2.0,” there is no certainty about when the new framework will be established, or even what the framework will be. In the meantime, the question looms – what will the national DPAs do?