Blog

Why marketers should take note of the California Consumer Privacy Act (CCPA)

You may have heard of the new consumer protection law called the California Consumer Privacy Act (CCPA) that is going to take effect on January 1, 2020.

For those who haven’t, you should know that this isn’t just some other ‘California law’ that you can simply ignore. The CCPA aims to allow consumers in California greater protections on how their personal information can be used by businesses.

In a nutshell, the law’s provisions mandate that companies (regardless of their physical location) that host data on any CA citizen and meet one of the following criteria must comply with the CCPA:

1. Have annual gross revenue of at least $25M.
2. Annually buy or receive data on 50,000 households, individuals or devices.
3. Earn 50% or more of their annual revenue from consumer personal data.

If any of the above criteria are met, companies will need to take the following steps (among other things):

1. Inform consumers about the types of information that they are collecting.
2. Indicate how the information will be used.
3. Provide consumers with the ability to opt-out upon request.
4. Delete all information gathered on a consumer upon request.
5. Continue to provide equal service if a consumer invokes these rights.

At face value, this all sounds great, right?

Protecting consumer data is necessary. But at what cost to business?

CCPA is not without controversy. The fundamental concept of protecting consumer data is necessary, especially considering news headlines such as the misappropriation of data of at least 87 million people by Cambridge Analytica via Facebook last year. Clearly, access to personal data will continue to be a polarizing issue.

At its core, however, the current wording of the law conflicts with how behavioral targeting-based models are commonly used throughout the internet. Every search you make, every site you visit, every purchase you make – this data is saved, aggregated or sold. Your data is the currency.

This model has benefited countless consumers by providing free content and targeted services usually in the form of digital ads or other targeted recommendations (e.g., Netflix movies, Spotify music playlists, Amazon product recommendations). If targeted ads are removed, free products and services will likely be eliminated in favor of ongoing subscriptions and/or licensing fees.

The bottom line: the very consumers that lawmakers are attempting to protect will lose out.

Even if you don’t do business in California, this law will very likely affect your organization due to the stated criteria. If CA were a country, its economy would be the 5th largest in the world. Simply put, the state is too big to ignore.

Eleven states (AZ, HI, MA, MD, MS, NJ, NM, NV, RI, VA, and WA) have taken note of CCPA and have proposed similar state bills. But for many organizations it’s going to be easier to adopt the more stringent requirements of CCPA as opposed to having separate requirements at an individual state level.

“A patchwork of inconsistent state laws seeking to regulate a global marketplace.”

– Association of National Advertisers

The challenge with individual state laws in this case is that typically state governments tend to build upon the successes (and failures) of existing legislation and the result is what the Association of National Advertisers (ANA) probably sums up best as, “a patchwork of inconsistent state laws seeking to regulate a global marketplace.” It will be nearly impossible for technology and media companies, as well as agencies, to enact rules for targeting at a state level.

So troubling are the terms of the law that in late February, Chris Oswald, ANA’s SVP of Government Relations, spoke at a hearing for the California General Assembly. In addition to speaking on behalf of the ANA, he delivered a letter signed jointly by the AAF, the 4A’s, the IAB and the NAI sharing their combined concerns.

Association of National Advertisers letter outlines several major problems with the CCPA:

1. It defines the law too broadly.
2. It can force businesses to turn otherwise unidentifiable and anonymous data into identifiable information.
3. It creates the opportunity for any person in a household to potentially access unauthorized personal information about fellow members of that household.
4. It fails to provide a means to offer “explicit notice” to consumers for the sale of data to a third party.
5. It fails to give consumers options for deletion and opt-out choices involving their data.

It’s important to note that there are already responsible consortiums in place to protect U.S. consumers. The Digital Advertising Alliance (DAA) has a program called “YourAdChoices,” which has long been adopted by the ANA, the BBB, the AAF, the 4A’s, the IAB and the NAI. It also already has the support of nearly every major U.S. digital publisher network, not to mention thousands of U.S. brands. Hopefully these groups will be successful at lobbying the State of California to further amend the CCPA before it is fully rolled out in January 2020.

So, what can your business do to prepare for CCPA?
DMW is not a law firm and, therefore, cannot give any legal advice. Accordingly, you should obtain guidance from an attorney ASAP, before the law goes into effect. While DMW cannot offer legal advice, we do make every effort to follow ethical guidelines within our own targeted digital marketing efforts.

9 practical steps your organization can take to prepare for this law (even if you don’t do business in California):

1. Don’t sell information about your customers or users.
2. Reconsider whether you want to use third-party data.
3. Reevaluate the data fields on your forms and profiles.
4. Limit the data that you collect and save, particularly when it comes to personally identifiable information (PII).
5. Make sure that IT is properly funded and integrated into your marketing initiatives.
6. Create tools or features that can delete a consumer’s information when requested.
7. Update your privacy policy to reflect these changes.
8. Make sure that the businesses your organization works with all follow similar guidelines.
9. If you are not a member of the ANA, join today.

Concerned about privacy and your digital marketing? Request a DMW consultation.

If you’d like to talk more about privacy regulations and how they may affect your digital marketing, call or email us today. DMW can help you strategize, plan, and execute your next campaign.