Advertisers tend to carry the weight of the “untrustworthy salesperson” reputation, and the fact that 83% of global consumers are concerned about their online privacy only fuels this fire. However, one of the most buzzworthy — and critical — acronyms today will shake-up the current state of advertising: the CCPA. Despite the industry buzz behind the California Consumer Privacy Act, these regulations provide a unique opportunity for advertisers to ethically shine in the digital space while maintaining ad targeting capabilities. Here’s what to expect this year:
Breaking Down the California Consumer Privacy Act
Commonly referred to as the CCPA for short, the California Consumer Privacy Act is designed as a way to guarantee a Californian's right to privacy by giving consumers an effective way to control their personal information as it exists in the digital world. Several of the relevant provisions include:
● The right of someone to know exactly what personal information is being collected about them
● The right of someone to know whether their personal information is being sold or disclosed to a third party
● The right of those individuals to say "no" to the sale of that personal data
● The right of someone to access personal data
● The right of all Californians to have equal service and price, even if they exercise any or even all of the privacy rights listed above
Even if you don't physically operate your business in California, the CCPA still applies to you. If you have customers or prospects in the state, then your digital tactics will need to comply. Likewise, you'll have to follow the CCPA if you:
● Have an annual gross revenue of more than $25 million
● Receive, share or sell personal information of more than 50,000 different people
● You earn 50% or more of your yearly revenue from selling personal data
The CCPA has been implemented since January 1, 2020 and full enforcement will begin a few months later on July 1, 2020. Note that under the current version of the law, "personal information" is broadly defined as nearly any type of information that can be used to potentially identify someone. This includes all personal information such as names, mailing addresses, SSN, as well as anything relating to race, ethnicity, gender or profession. In addition to the basic demographic information, the CCPA includes privacy protections for consumers’ web browsing and search histories, which has long been a key intent indicator for ad targeting.
The Impact on Digital Advertisers
If you solely collect first-party data for your own remarketing digital tactics, then your business is in the clear. The CCPA does NOT have any appreciable impact on first-party targeting specifically because the consumer information in question is not shared with third parties during the sale and distribution of that ad.
Third-party advertising, on the other hand, is a completely different story. If a business receives a "do not sell" CCPA request from a consumer, they become obligated not to share any of that consumer's personal data or make it available to others for advertising purposes. This is not the end of third-party targeted advertising, but it certainly proves that this approach will need major modifications in order to comply with the upcoming privacy changes.
During programmatic advertising, including both DSP and SSP transactions between advertisers and vendors, user data is conveniently exchanged down the chain of communications on these ad platforms. However, this exchange of information is only allowed when a user opts-in to the collection of their data.
Marketing processes of all types — not solely targeted advertising — will need to be examined in order to comply with your audience’s privacy rights. Be prepared to explain what data is being created, how it's stored and what it's used for. Be willing to disclose everything, from the basics of how you personalize your website for visitors to the ways your business may re-target consumers.
See sample scenarios below from Adzerk to see if the CCPA applies to how you plan to use data:
*PII: Personally identifiable information
Note that it is less expensive to comply with the CCPA than to avoid the necessary precautions. The FTC can seek penalties of up to $2,500 per breach for negligent, or accidental violations. For those violations that are deemed to be reckless, or even willful, violations quickly climb to $7,500 per breach.
Key Tips & Takeaways
- Review your data collection tactics & audit for attribution
- Include clear indicators for users to opt-out
- Create an allocated budget to address the new CCPA requirements
- Confirm that your compliance and legal departments understand the impending policies
If you’re looking to partner with leading experts in the digital space, then look no further! Connect with an MBI Media Strategist to align your advertising goals with an amplified digital media strategy.