Since the enactment of the California Consumer Privacy Act (CCPA), many advertisers have had to be more transparent about how they collect and use information about their consumers. Because the law limits the data that digital marketers can collect and use in their campaigns, advertisers are being driven to use legally collected data (e.g. first-party data) and alternative target marketing strategies.
The Basics of CCPA
CCPA is a data privacy law that mandates that businesses be transparent about how consumer information is used, especially if it is for for-profit purposes. It gives California consumers more control over how their personal information is collected, stored, shared or sold by providing:
- the right to know what personal information is collected, used, and shared;
- the right to delete personal information collected (with some exceptions);
- the right to opt-out of the sale of personal information; and
- the right to non-discrimination for exercising rights under CCPA.
CCPA was created to protect the personal information of consumers. The scope of the law is vague because it was designed to be broad enough to cover all types of information that businesses already collected or may collect in the future given the ever-evolving digital landscape.
Personal information includes any data that identifies, describes, links, or relates (directly or indirectly) to a consumer. Examples of personal information include names and aliases; addresses; financial information (credit card numbers, bank details, etc.), government information (social security numbers, etc.); geographic location; biometric data (fingerprints, medical data, etc.); and browsing data (search history, IP address, etc.).
How CCPA Affects Advertising
Advertising heavily relies on data collected from a business and/or a product’s target market. The digital landscape made it easy for advertisers to gather insights about consumers through the use of tracking technology such as cookies, plug-ins, and other devices. But CCPA makes consumer information obtained through these means less accessible, forcing advertisers to change their marketing strategies and practices.
To comply with CCPA, businesses must obtain data-sharing consent (particularly from parents or guardians of minors). They must also provide consumers a means to access and review their data as well as give consumers the option to opt-out of the sale of their personal information through a “Do Not Sell My Personal Information” link on their homepage. Under CCPA, businesses are also obligated to review and update their privacy policies with a description of the rights afforded by the law.
Going forward, advertisers will have to gain consumer insights through legally obtained first-party data. Advertisers must also adapt and approach audiences from different angles, such as through social channels, email lists, and de-identified web engagement.
Since advertisers will have to rely on first-party data and consumer research, digital marketing campaigns will shift from a targeted to a more contextual approach. The industry will put more value on securing contextually relevant information and behavioral data, with advertisers constructing strategies and campaigns using these.
Why everyone needs to comply with CCPA
Although CCPA is focused on California residents, it does have national—and even international—implications. California has the largest population and the highest gross domestic product of any state in the United States. Losing this market translates to significant losses for any business. For a more detailed answer to the question “who does the CCPA apply to?” you can follow the link.
The smarter approach is to comply with the law and set-up solid practices to obtain consumer data to create effective marketing campaigns, especially since other markets worldwide are leaning toward enacting similar data privacy regulations. If you’re looking at doing business in the EU, you may also be interested in learning more about the 7 GDPR principles, so you can have a better understanding of the rules and regulations around data privacy in Europe