It was only a matter of time before the U.S. passed its version of GDPR: The California Consumer Privacy Act, AKA CCPA (because the industry definitely needs another acronym), will go into effect January 2020. But how similar is California’s take on privacy and will current GDPR protections comply with CCPA?
Motivated by recent, large scale breaches of consumers’ information, including the March 2018 incident with data-mining firm Cambridge Analytica that exposed the misuse of tens of millions of people’s personal data, the CCPA’s purpose is to take greater safeguards to protect consumers’ privacy against misuse stemming from carelessness, shadiness, and outright theft and fraudulent activities. The bill grants California residents grants greater privacy and control over their data while demanding more transparency and communication from businesses.
What is it?
Essentially, businesses must now provide explicit information on how and to whom personal data is being used, as well as honor requests for more information by consumers. Businesses must also clearly state if they engage in selling their customer data. They might already have signed up for the services offered by companies such as Treasure Valley IT (https://tvit.net/computer-repair-support/), for instance. Therefore, in terms of security and cyber-attacks, they can rest easy and let their customers know of their business stats.
CCPA seem simple but the consumer data gathered from KYC can be sensitive if not handled with care. But technologies like blockchain can provide innovative approaches that put individuals in control of their personal data, and relieve businesses of some of the burdens associated with data management. If this capability to leverage blockchain advantages can be properly implemented then the long-standing compliance issues of KYC can be addressed better. This might further help companies accommodate CCPA.
Under CCPA, businesses are required to provide California residents with the right to:
- Know what personal data is being collected about them.
- Know whether their personal data is sold or disclosed and to whom.
- Say no to the sale of personal data.
- Access their personal data.
- Request a business to delete any personal information about a consumer collected from that consumer.
- Not be discriminated against for exercising their privacy rights.
As such, businesses are required to notify and request permission from customers before collecting data, state its purpose, use the data in a lawful manner, and comply with consumers’ requests for deletion. In case of a large-scale revamp of databases or server systems, a business would find it in its best interests to engage the services of a professional IT recycling firm to ensure that equipment is securely destroyed without the possibility of a data breach or leak.
As for the businesses that require to document their client data, they may have to ensure the data is secured and stored properly to reduce the chances of data theft. For instance, a law firm can save your personal and legal information on the cloud; however, they will have to keep your information safe and out of the wrong hands. For that, they can hire a company that provides services like law firm data security and management, documentation, and other managed IT support.
When does it go into effect?
January 1, 2020 (confusing as it is called “The California Consumer Privacy Act of 2018.”). It becomes enforceable on July 1, 2020.
Who does it apply to?
The CCPA applies to any for-profit businesses (not nonprofits or governmental entities) in the state of California that collect consumers’ personal data and meets at least one of the following criteria:
- Has annual gross revenues in excess of $25 million
- Handles data of more than 50,000 people or devices
- Earns more than 50% of its annual revenue from selling consumers’ personal information.
Is it really California only?
California is an important state to set a privacy precedent. Not only does it hold the largest population in the United States (39.56 million in 2018), but it’s home to the hot bed incubator of tech powerhouses and cutting edge startups. Notable digital companies headquartered in California include Alphabet/Google, Apple, Facebook, and Oracle.
While the law only applies to customers that live in California, most companies will have to shift privacy policies to accommodate it. Other states will likely follow suit and use the CCPA as an example to set their own state-level privacy laws.
CCPA vs. GDPR
The good news is that CCPA and the European General Data Protection Regulation (GDPR) have many similarities, so companies that have adopted practices that comply with GDPR will be pretty well-prepared for CCPA. Both the CCPA and the GDPR adopt an expansive definition of personally identifiable information (PII) and value the customer’s right to choose and understand how their data is being used. There are some differences – overall, CCPA is more specific in their requirements, while GDPR is a bit broader.
PWC offers a great table comparing the two on main points, from scope to enforcement:
What about child data: CCPA vs. GDPR vs. COPPA?
The protection of child data is not new in the US: the Children’s Online Privacy Protection Act (COPPA) came into effect in 1998. (In Europe, child data was treated like every other piece of personal data until the GDPR set specific and stronger rules.) Now, the CCPA goes even further than COPPA in children’s data protection: While all consumers can opt-out of the sharing of their information, consumers under the age of 16 must opt-in. And if they’re under 13, their parents or guardians must opt-in (EdSurge, 2018).
What do consumers think?
67% of US online adults and 57% of European (EU-5) online adults are not comfortable with companies sharing and selling their data and online activities, according to Forrester research. And 51% of US online adults and 48% of EU-5 online adults report taking active measures to limit the collection of their data by apps and websites (“Tackle The California Consumer Privacy Act Now” Forrester Research, Inc., February 8, 2019).
55% of US privacy professionals plan to be CCPA-compliant prior to January 1, 2020. 25% plan to be ready for July 1, 2020, when the law becomes enforceable (International Association of Privacy Professionals (IAPP) and OneTrust via eMarketer).
It’s been eight months since European Union’s General Data Protection Regulation (GDPR) went into effect, strictly controlling what data a company can collect and what they can do with it. GDPR is now holding businesses to a higher data standard – from usage to storage – and ultimately returning personal-data-deciding-power to the consumer. Now more than ever is the time for businesses to take charge of their data and this can be done so with the best advice and solutions for all your IT related needs from an IT support company. Still, many companies are worried on how data protection will affect their ability to create and deliver content.
Understanding consumers’ wants, interests, and environment may be keys to helping deliver relevant content, but it does not have to be hindered by data protection law compliance. Advances in technology – like Contextual Targeting, contextual Forecasting, Dynamic Creative Optimization (DCO), and AI – make, arguably, stronger high-quality placements, but the increasing data standards serve as a reminder that nothing makes up for high quality content.
If you haven’t caught on to optimizing by contextual placement, you’re behind. Not only are data protection standards changing, so are clients’ unique goals. If you have an ecommerce store on Shopify, you might want to look at an SEO checklist for new Shopify stores to gather information about how you can improve on your target placement and context of the content on the site. From the same checklist, you may be able to garner other relevant information regarding your Shopify store, such as maintaining the website which can actually help improve on-site SEO metrics. Bring in an expert technical team such as one from WebCitz, that can help you out with regular updates to the website as well as maintenance. The more up-to-date and easy-to-use your website becomes, the more potential customers will enjoy shopping on your store. That’s where your ad targeting investments can start to show results. The term contextual targeting – that is, targeting based on the information available of the site of the ad space, rather than user data – covers both. It’s possible to determine a unique ad space’s location, the time of day, day of the week, the size and location of the ad on the page, the site it’s on, the page of the site it’s on, and even specifics about what content is on that page. The look and feel of every single ad placement is unique, and can be correlated even more closely with user behavior.
Bidtellect’s Forecasting 2.0 – the most advanced in the biz – enables us to go a step further: forecast contextual preferences – revolutionary and necessary in a post-GDPR landscape. Forecasting for Context is the “new” match rate for data.
Read more about Contextual Targeting and why Forecasting is the future.
Take Advantage of AI
Advanced AI-based technologies not only make deep, contextual placement-level targeting possible, but allows real-time optimization, including to best-performing creative per individual placement. That’s right: AI-based technology means the most advanced real-time adjustment and learning => personalized customization in real time! At this point, you may be worried that loads of confidential customer info would need to be accessed to make use of such targeted, personalized advertising. Worry not! Advanced software such as Private AI can help detect and redact any Personally Identifiable Information (PII) from the data, and keep only what’s necessary to create customized ads based on consumer interests. AI creates a more seamless consumer experience and maximizes every dollar (hello maximizing budget! hello ROI!) by making decisions based on data from the decision before. And AI can help optimize media in new ways – like to best-performing creative or Dynamic Creative Optimization (DCO).
Read more about the Promise of AI.
Creative that Counts
Story-led copy. High-performing images. A data-backed approach that bridges the gap between arts and science is the winning formula. If the creative doesn’t woo a user, it doesn’t matter how good the content or landing page or the technology that placed it is – they won’t visit it. Take advantage of experts that know the difference: a data-backed, trained approach to creating high-performing headlines, descriptions, and images (like Bidtellect’s [b]+studio) makes all the difference.
Check out our Tips for Top-Performing Creative.
We’ve said it once, we’ll say it again. Relevant, high-quality content is what inspires users and ultimately creates customer loyalty. The stats prove it: content makes consumers 131% more likely to buy (Nudge, “The State of Content,” ), while content can help double website conversion rates from 6% to 12% (Hubspot via Shopify, “State of Inbound 2018,”). According to the same study, marketers who prioritize blogging are 13x more likely to generate a positive ROI.
Check out this infographic for more stats.
Remember, “less data” isn’t a scary thing. A combination of high-quality creative assets, cutting-edge technology, and content that delivers will put you ahead of the game even while the rules are changing.
Read about more Predictions for Native in 2019.
Want more from the Bidtellectual? We have a monthly newsletter!