Data privacy is important to consumers. Smart companies have made strides in recent years towards adopting methods of protecting their customers’ data. But with the occurrence of data breaches, many have realized self-regulation in a field ripe for potential losses needed better oversight. The state of California introduced the California Consumer Privacy Act of 2018 (CCPA) in an effort to help protect the private and identifiable information of consumers.
While it might seem that marketers are headed for compliance headaches, rest assured – this legislation can actually better your marketing efforts.
There hasn’t been such a shift in data collection practices since Europe’s General Data Protection Regulation (GDPR) in the spring of 2018. The CCPA went into full effect as of January 1, 2020. A six-month learning curve is part of the legislation – once the California Attorney General adopts specific regulations, enforcement will not begin until six months later.
Much the same as the GDPR has affected businesses outside of the European Union, the CCPA’s implications stand to extend far beyond the borders of California. Companies that heavily rely on approaches driven by data may have to overhaul the entire way they currently collect data and their overall marketing practices. This is especially true for companies who rely on personal data to create hyper-personalized experiences.
But the CCPA isn’t all about forcing marketing teams into legal compliance. Of course, as with any new legislation, there’s bound to be some growing pains, but in the long term, this legislation stands to benefit both marketing teams and the customers they do business with. All in all, organizations that embrace the changes can yield benefits far into the future.
Is Your Business Affected by the New CCPA?
In the future, the adoption of the new CCPA could influence more data regulations in respect to consumers, but as of today, the CCPA only applies to mid- to large-scale companies doing business in California. A company is subject to the CCPA’s terms if they:
- Have annual revenue in excess of $25 million
- Receive data from 50,000 different people, homes, or devices annually
- Earn 50% or more of annual revenue through the sale of personal data
Stated simply, if you’re retargeting a consumer in Fresno to make a small sale, your company won’t be affected by fines. But according to IAPP, the International Association of Privacy Professionals, over a half million businesses in the United States will feel the effects of the law in some way, in addition to companies abroad who also meet the above criteria.
Does This Toss Targeted Marketing Out the Window?
It still remains to be seen what the full effects of the legislation will be, but it is possible that it won’t be quite as bad as you may fear. In fact, part of the new legislation is the ability of consumers to opt-out of the resale of their data, requesting their personal data be deleted from company databases. While you would see some type of fine for either intentionally or unintentionally reselling this restricted data, if a consumer does not opt-out, you do not have to remove their data and are not restricted from third-party sales. The real question here is how many consumers will choose to opt-out of data collection practices.
On the other hand, some experts believe this reduced access could hurt targeted and retargeted ads or other channels through which this information was once easily accessible. It could create a post-CCPA apocalypse in which third-party vendors struggle to remain relevant as more regulations are introduced and less data is available.
Marketers are humans, too, and it’s only human nature to fear the unknown. However, according to the Harvard Business Review, dwindling access to third-party data won’t necessarily be a bad thing for business. Thought of as ill-gotten data even prior to the CCPA, it’s often been difficult to ascertain exactly how or where the data was obtained to begin with or how old it is. Just like milk, data has a very short shelf life. Does it do a business any good to target consumers for baby products if their children are already of school age?
At the very least, this legislation forces brands to look at how and where they’ve been obtaining their data and to seek out better acquisition channels. By obtaining reputable data on their own, companies can highlight their practices and produce better experiences for the consumer.
Playing Up the Value of the Data-Driven Experience
In some aspects, the CCPA is a mere extension of a dynamic that’s already been around for some time. Brands have already grown use to user-granted access to such metrics as location, and for the most part, consumers are willing to grant this access – even if the consumer is unsure how the information is used.
Consumers are actually willing to make this so-called trade-off because of the experiences it allows them to have. The enactment of the CCPA merely formalizes the pre-existing demand for a value-driven experience for the data exchange. The CCPA provides expanded legal protections and grants more rights to consumers than they’ve seen in the past and better positions them for obtaining the experience they deem equitable. The best way a company can deliver without having to abandon business strategies that rely on data is to explain exactly why a consumer should be willing to share their data.
Companies that demonstrate how the exchange provides better-personalized services won’t just survive this data crunch, but they may even thrive as they see increased access to firsthand data.
It’s Likely That Regulations Won’t End Here
Data privacy legislation through the CCPA is likely not the end. The overall premise is that of creating better privacy protections, and while the CCPA is a great start, new laws could follow that could hamper the spirit of business.
For instance, the CCPA only provides protection to consumers in the state of California – but other states have gauged the legislation are might not be far behind in protecting their own citizens. Each state may come up with its own set of regulations that could be the same, similar to, or drastically different than those of the CCPA. It could create a labyrinth of legislation that could be almost impossible for companies to carry out.
This currently is only enacted on a state-by-state basis, though, it’s possible that the federal government could enact blanketing privacy protections. Federal engagement might help create the standard to which states attempt to reach, providing a consistency that could be easier for businesses to follow. Now, federal involvement isn’t imminent – but continued requests for data regulation could mean that California’s CCPA is just the beginning for US data management reform.
So, what does this mean for your company? For starters, don’t settle for just barely meeting CCPA requirements. A transparent approach to data privacy could benefit your company tremendously going forward.
While this legislation might appear to challenge marketers, it’s not a doomsday situation. When you discard your old data, you just might find you’re left with much more reliable data. That data can help you craft smarter marketing campaigns.