What Marketers Should Know About the
California Consumer Privacy Act
By Wes MacLaggan | 10.29.18
Consumers may be keen to share their data in exchange for something they deem valuable, but many are questioning what companies are doing to protect that personal data. Public support for better data protection continues to rise—made evident in a recent study by Harris Poll and IBM, which found that 78 percent of U.S. respondents say a company's ability to keep their data private is "extremely important."
So, riding on the coattails of General Data Protection Regulation (GDPR), California has stepped up its demand for companies operating within its limits to be mindful of and responsible with their customer data collection. The California Consumer Privacy Act (CCPA) of 2018 passed through the California legislature on June 28, 2018, without opposition. Set to take effect on January 1, 2020, this policy demands that businesses respect consumers’ privacy and provide high-level transparency to their business practices.
Though the bill passed, the current version will likely have several changes as it goes through rounds of amendments with prominent tech companies set to weigh in and provide feedback. For example, Will Castleberry, Facebook’s VP of state and local public policy, stated, "While not perfect, we support (the law) and look forward to working with policymakers on an approach that protects consumers and promotes responsible innovation.”
Why did the CCPA come about? Put simply, many of California’s earlier privacy measures have become outdated. Back in 1972, the California Constitution was amended to state that, among the “inalienable” rights of all people, its constituents had the right to privacy. That amendment afforded every Californian a legal and enforceable right to privacy, giving them the ability to control the use, including the sale, of their personal information. But, about 50 years later, with apps, social media, and IoT, the amount of personal information available about each person has increased exponentially—as have the ways companies can use it.
To address this reality, the CCPA grants consumers the right to request that a business disclose the categories and specific pieces of personal information it collects, how they collect it, and what third parties they share it with. The bill would also give consumers the right to request deletion of their data and opt out of the sale of their data. These rules apply to any company that does business with California residents, even if that company is based outside the state.
The US-based companies that tried to skirt GDPR are now facing the reality that consumer data safety is a growing trend—one that cannot be avoided by stopping business in certain areas of the world. Some companies already refined their processes due to GDPR, but even more will need to put in the mechanisms that will enable marketers to fulfill requests for data access, deletion, and retrieval as the CCPA details.
But what does all this regulation mean for marketers that rely heavily on customer data for audience segmentation and targeting, to run effective ad campaigns? The CCPA has left many companies concerned about next steps and the future of customer experience and personalized advertising, but brands shouldn’t be overly concerned about the long-term effect.
● GDPR is here and the digital marketing industry is successfully adapting. There may be legal hiccups, but we don’t expect them to have a lasting impact on a robust and thriving market.
● From making data policies more transparent to changing third-party data access, the industry has proven to be highly adaptive and innovative, quickly implementing changes that new laws dictate.
● Both GDPR and CCPA can be seen as positive steps for protecting consumer privacy, while still allowing brands to connect with their customers and prospects with relevant messages.
This move from California is surely not the end of privacy regulations, so marketers must adapt and embrace the new reality. Brands should be prepared for more states, and likely even the federal government, to follow in California’s footsteps. For example, Georgia is already introducingits own legislation, and many tech giants—including AT&T, Apple, Amazon, Google, and Twitter—met with the Senate Commerce Committeethis past September to discuss consumer privacy. These tech and telco companies were asked to discuss how they approach safeguards to consumer privacy and how they plan to address new requirements such as CCPA. They responded by expressing support for a single federal privacy framework and legislation that protects consumer privacy without stifling innovation. They’re hoping that this federal legislation will go into effect before state privacy laws like the CCPA, creating one uniform rule all states can follow. As one panelist said, “Federal legislation will be of very little help if it becomes the 51st layering on top of the 50 state rules.”
As these industry leaders and government officials continue to take strides towards privacy requirements, marketers need to do their own work to understand their data infrastructure and prepare for when these new regulations go into effect and shake up their current strategies.
While these changes may seem daunting now, it’s important to remember that it’s still possible to reach consumers in a courteous way, respecting those who choose to not have their data shared and honoring those who do share their data but still want it protected by the company. This mutual understanding and promise of transparency will keep companies in good light and should not deter them from continuing to create meaningful, engaging, and relevant advertising and marketing experiences for customers and prospects.
About the Author
Wesley MacLaggan has been working with Marin Software since 2008 and is currently SVP of Marketing. Previously, he led the product team, where he was responsible for driving Marin’s roadmap and working closely with engineering to deliver innovative advertising solutions to the market. He has over a decade’s experience developing and delivering analytical enterprise SaaS applications, including four years with Applied Predictive Technologies working on their platform to help retailers maximize the return on their promotional spending. Wesley began his career providing strategic guidance to companies in a range of industries with Mercer Management Consulting.