CCPA Insights Series Part 2: A New Era in Internet Data Monitoring Begins in the US
Matt Dumiak, Director of Privacy Services, Customer Engagement Compliance at CompliancePoint, a subsidiary of PossibleNOW.
To give consumers the most control, organizations should consider offering a granular opt-down and opt-out option. This can be accomplished through the preference center. Once a consumer does choose to opt-out or opt-down, the organization must honor the request for a minimum of 12 months before seeking additional permissions from the consumer to sell their personal data. The opt-down approach is something that professional associations are seeking clarification on and the California AG will hopefully provide thoughts about this practice and whether it will be allowed under the CCPA.
Data inventory and data mapping exercises allow for organizations to easily identify all systems that process the consumers’ personal data, to ensure that their rights are fully honored.
In a time where the internet is heavily integrated into society and personal information is easily accessible, the CCPA law is a start to controlling uncharted territory; setting guidelines for both companies and consumers that were once nonexistent before.
A Lag in Understanding Could Result in Serious Financial and Reputational Penalties
Richard Foster, CRO, InfoSum
“The CCPA is the next chapter in the data privacy story, as tougher regulations continue their steady progress across Europe, the US, and other parts of the globe. But much like GDPR in Europe, enforcement may not take immediate effect in January 2020 itself, when the CCPA became the law.
“Marketers would be unwise to interpret this lag to mean that compliance is straightforward or that enforcement will be toothless. If it takes as long to understand and comply with CCPA as it did for GDPR, this could result in serious financial and reputational penalties.
“The CCPA has its own unique requirements. Unlike under GDPR, where consumers must ‘opt-in’, and explicitly consent to businesses storing and using their data, the CCPA requires them to ‘opt-out’. And the federal legal system in the US creates a further challenge; the way legislation is interpreted and enforced may vary from state to state. For multinational marketers, this will add an additional layer of complexity for global data privacy.
“The ongoing passage of privacy laws has seen a shift in focus away from third-party data, which will be an increasingly risky currency in the coming age of compliance.
The arrival of the CCPA can kick-start the move to a new way of dealing with first-party data. Brands and agencies should adopt more direct partnerships with publishers, and harness technologies that enable them to work in an agile and flexible manner. These partnerships would mean marketers could unlock audience insights from a bank of first-party data or connect multiple datasets, without relying on the transfer of the data itself. This will reduce the risks of non-compliance in the new global regulatory landscape.”
CCPA Will Minimize Friction Within the User Experience
Ben Barokas, Co-founder and CEO, Sourcepoint
‘Authenticated consent’ links individual privacy preferences to a user profile allowing publishers to collect consent signals based on identity rather than cookies. Amid significant changes in the browser ecosystem – including Apple’s ITP and Google’s privacy updates – along with increasing privacy regulations such as the GDPR and CCPA, publishers can utilize identity-based consent to ensure compliance and minimize friction within the user experience.
Authenticated consent’ is at the core of Sourcepoint’s mission to manage the complexity of compliance while also clarifying consent options between publishers and consumers. Privacy continues to be a key concern for consumers and will continue to grow as additional US states consider privacy bills along with a rumored federal approach.
Barokas continues, “For consumers, it is essential they have control over their privacy preferences with minimal friction – a challenge alongside recent browser privacy updates that limit the power of cookies. Being able to log-in to a publisher site, with privacy preferences saved will allow publishers to maximize engagement and monetization potential.”
We Can Now Predict the Future of Email Cyber Laws Beyond the GDPR and California Law
Len Shneyder, VP of Industry Relations at Twilio SendGrid
The future of Email Cyber laws beyond the GDPR and California Law is a tricky course.
That’s tricky because you have to take into consideration the vastly different privacy and digital frameworks around the world. In the case of GDPR, we are starting to see enforcement actions come out. These actions will naturally set precedent in places where the law might’ve been less clear. Insofar as the United States of America is concerned, the California Consumer Protection Act (CCPA) is less focused on regulating email and more oriented to regulating the sale of consumer information while providing the ability for CA residents to opt-out of such sales. If you look around the world you see countries like Brazil and India adopting frameworks based on GDPR. This is a step in the right direction.
However, enforcement requires resources so we have to wait and see how these laws will be enforced and what, if any, material effect they will have on those countries. More specifically, here in the United States, we’ve always treated privacy on a sector-by-sector basis. We’ve never had a single umbrella privacy law like in Canada or the EU.
The landscape is even more fragmented when you consider the myriad of state laws emerging. It stands to reason that at some point we may have to consider a similar federal law that deals with email and privacy on a national scale given the fact that technology doesn’t exist within state borders. However, its anyone’s guess as to when or how such a law would be written and enacted.
Publishers Are Grappling With How to Appropriately Collect and Activate Their Data to Fuel Content Creation, Sell Inventory and Deliver Effective Ads
Adam Solomon, CMO of Lotame
From privacy regulations like GDPR and the CCPA to browser changes from companies like Mozilla and Apple, publishers are grappling with how to appropriately collect and activate their data to fuel content creation, sell inventory and deliver effective ads.
Unfortunately, in response to those changes, some data tools are taking advantage using the ‘Slick marketing’ tactics, promising publishers a one-note solution to GDPR and CCPA that focuses solely on creating more first-party data opportunities. But that’s not where the industry is. The business has evolved beyond that, where information has to be passed outside of the browser. Publishers need data solutions that serve as “pipes” –that help them share audience data across environments and partners.
Those that don’t have that are losing out on revenue opportunities.
On the advertiser side, first-party data has become increasingly valuable as things like cookie-blockers, ITP, and GDPR limit access to data.
We expect that trend to continue to grow over the next several years, especially as more privacy legislation comes into play. Additionally, we at Lotame saw a 1,200% year-over-year growth in second-party data adoption in April. This explosive growth of second-party data demonstrates the impact privacy regulation and transparency needs have had on data strategies. In the post-GDPR era, data buyers require assurances as to the quality and precision of the data they purchase for campaigns and activations.
Second-party data gives buyers that knowledge and comfort so we anticipate that we’ll continue to see the usage increase. There is also zero-party data, which is data that customers willingly share with marketers. Hailed as the avenue to rebuild trust and create meaningful connections with consumers, we’ll see the use of zero-party growth, especially with continued regulation over the collection and use of audience data.
SAP + BigID Partnership: Best Time to Invest in Identity-Aware Data Discovery and Intelligence Technology
Deepak Krishnamurthy, EVP, and Chief Strategy Officer, SAP
SAP is excited to expand our relationship with BigID, a leader in data privacy and personal data protection. This reseller partnership recognizes the importance of privacy considerations to SAP and our customers and demonstrates SAP’s commitment to scaling startups with SAP.iO, our strategic business unit supporting early-stage innovation. The new SAP solution extensions based on the BigID platform will help our customers manage risk around data privacy and help them serve their end customers better.”
BigID’s technology complements and integrates with core SAP technology, including SAP ERP, SAP S/4HANA®, SAP HANA®, SAP governance, risk, and compliance solutions and SAP Data Hub.
Dimitri Sirota, CEO, BigID
“BigID’s mission is to help enterprises provide their customers with greater data accountability through smarter data accounting. With privacy regulations like the California Consumer Privacy Act and GDPR requiring companies to know what personal data they collect and process, BigID’s identity-aware data discovery and intelligence technology has seen rapid adoption and recognition. SAP’s agreement to resell BigID is both an incredible recognition and opportunity to reach more enterprises globally.”