There are a lot of questions swirling around the new CCPA (California Consumer Privacy Act) law California enacted on January 1, 2020. The good news is the law won’t be enforced until July of 2020, so we still have some time to comply. Essentially, this is California’s version of the EU’s GDPR (General Data Protection Regulation). However, there are some major differences.
While this new law legally only impacts California residents, it’s implementation will likely impact many websites in the US and possibly others overseas. If a company has clients in California than they need to comply with this law. It’s easier for companies to make one update on their websites to cover new laws like this rather than output a patchwork of IP-driven geo updates for every state or country that decides to produce a new online privacy law.
The CCPA states that any business that collects, shares or sells the consumer data of more than 50,000 people or produced revenue of more than $25 million in the previous year, must comply with the new law. This means that not every company needs to worry about this new law, for now.
What’s the difference between GDPR and CCPA?
At a high level, the biggest difference between these laws are that:
- GDPR is opt-in for consumer data protection
- CCPA is opt-out for consumer data protection
European consumers must agree and click on (generally) a popup to allow websites to cookie them or just generally track and record their behavior, interests and many other demographic attributes. Otherwise, they may not be able to access the website. Since it was enacted in 2018 95% of consumers have opted in. This means that only five percent of European Internet traffic isn’t being tracked under this law. The law goes further in that it allows European consumers to have their data wiped and handed over to said consumer when requested.
CCPA, on the other hand, is an opt-out law. Meaning – the same type of popup a consumer might see under a GDPR compliant website will instead ask if the consumer wants to opt-out of being tracked via cookies. In addition, under this law consumers are supposed to be given the option to deny companies the ability to sell their data as they see fit. It’s anticipated to be a “don’t sell my data” button in the footer of companies’ websites.
“Even when there’s the option to say no, maybe 10% of the people say no” to having their data sold to third parties, says Ben Barokas, CEO of SourcePoint. Based on the opt-in data from the GDPR, my guess would be the opt-out will likely be more similar to the numbers from Europe – five percent.
Why is Internet tracking of consumers so important to business?
To make a long story short, tracking consumers’ online behavior allows companies to deliver the right content to the correct person at the most optimal time. This is good for both the business and consumer. The business only wants to invest in advertising for true prospects at the right time and by doing this correctly it can have a big impact on ROI.
At the same time, according to eMarketer, seven out of 10 consumers want personalized ads. Four out of five consumers say they’re most likely to make a purchase when given a personalized ad by a brand. Lastly, 71% of consumers felt frustration because their online shopping experience was too impersonal.
The stats above make the estimates of a five to 10 percent opt-out rate under CCPA palatable for our purposes. Most want to NOT opt-out and many of the rest are likely too lazy or aren’t knowledgeable enough to opt-out.
Why are these new Internet laws are being enacted?
A couple years ago many, including myself, predicted the death of “cookies” for tracking folks online. While this hasn’t happened yet, it’s certainly around the corner.
“Proprietary HTTP cookies were (and remain) the core mechanism for distinguishing one consumer from another, and each cookie may only be read by the party that sets it. There is no standardized, centralized mechanism for consumers to convey their interests or privacy preferences, which can then travel with them and be reliably broadcast to the right parties as consumers surf the web or hop from app to app on their mobile devices.”
~Jordan Mitchell, IAB Tech Lab
The above describes the consumer privacy problem that led to Europe’s GDPR and the new CCPA out of California. The privacy controls of most browsers are making cookies less effective at tracking, too. We’re moving to a singular identifier across the entire web that’s opt in, rather than private cookies from every website and app used. This will demand our technology stacks to evolve and innovate on this new standard that’s just around the corner. Content marketers need to educate themselves this year on consumer privacy and tracking technology because they’ll need to adjust.
The end results?
Cookies are eventually going away and consumer privacy protection laws will grow globally. The replacement to the cookie will likely be a “global” one-click opt-in or opt-out for all websites and apps bound by these laws. This will impact real time bidding advertising online, but based on consumer input, it’s likely to have a five to 10 percent impact on targeting. Most consumers like personalization online and that’s not likely to change anytime soon.