The new Consumer Privacy Act in California is no longer a novelty considering that it was enacted at the beginning of 2020. Even so, many still struggle with accepting and adjusting to the changes. Brands have had a short period to ensure compliance with the new regulations, but we are way past this today.
What is the CCPA?
CCPA is the California version of the GDPR at the European Union. Both refer to general data protection regulations but have big differences in terms of implementation.
While the latest data privacy law rules and regulations impact the residents of California, the impact is more widespread only a year after. For example, companies with clients in California have to comply with the regulations even if they are not based in this state.
Because of this, many have decided to update their sites and terms to cover such laws and protect the privacy of people who this law governs. Still, this doesn’t concern companies except for the ones listed in the fact sheet of the law.
According to the CCPA, any businesses that share, collect, or sell consumer data of over 50,000 people must comply with this new law. This also applies to companies that have produced revenue of over $25 million in the past year.
The importance of Internet tracking for businesses
Tracking the searches and behaviors of consumers has proven to be an amazing strategy for business growth and customer satisfaction. More and more consumers seem to accept this idea and consider it beneficial. According to Adlucent, seven out of ten consumers prefer to get personalized ads. This allows search engines and companies to deliver the right products and content to the target audience in a much faster time.
GDPR vs. CCPA: What’s the difference between the two?
There are many small differences between the two. The biggest one is that CCPA is an opt-out for data protection of customers and GDPR is opt-in for the same thing. What does this mean?
Since GDPR was enacted back in 2018, findings show that 95% of consumers have opted for data tracking via notifications. It means that European consumers must agree to data tracking when they visit websites. They usually do this via a pop-up notification on sites. Such numbers indicate that only 5% of the Internet traffic in Europe isn’t tracked under the law. In addition to tracking such information, European consumers can also have their data provided on request or wiped. This is what makes it an opt-out law.
CCPA is an opt-in law. This means that popups will still show, but the customers will be asked if they want to opt-out of cookie-tracking. To be more, consumers who are subjected to CCPA are given the option to deny companies from selling their data. Even though this is not as widespread just now, we’ll probably see more ‘’don’t sell my data as you see fit’’ buttons and options on business websites in the near future.
Why are these laws enacted?
For the past couple of years, businesses used HTTP cookies as a way to distinguish between consumers and collect data. However, these cookies could only be read by the parties that set them. Such a system lacked a more centralized and standardized mechanism that allowed consumers to convey their privacy preferences, as well as interests. Inevitably, this brought on an issue that had to be resolved as soon as possible.
Right now, cookies are still out there, but they seem to be diminishing with every passing day. The consumer privacy problems led to the CCPA and GDPR laws, which essentially made cookies less effective in their aim to track data.
In the place of cookies, we are moving toward a generalized identifier spread across the Web, which has to go gradually – for obvious reasons. Such a transformation demands an evolution in technology and setting a new standard. These two laws are a great starting point in this direction.
5 things that all marketers need to know about consumer privacy today
Online businesses or companies who have spread their reach on the Internet are facing a new reality – consumer privacy. Modern digital marketers certainly need to grasp the opportunity to build more trust with the target audience. To do so, they need to make consumers safe from the moment they step onto their websites, demonstrating that their personal data will not be used for wrong purposes.
Numbers point in this direction. A recent Tealium survey discovered that 97% of the respondents are concerned about their personal data and how businesses protect it. At a point where cybercrime is more advanced than ever, customers naturally want more precautions to be taken to guarantee their safety.
Today, the CCPA and GDPR are joined by similar or same data protection regulations to boost the privacy of consumers and make marketers’ offers safer. But, even though one of these laws dates back to 2018 and the other one is enacted for an entire year now, many companies still struggle with meeting the new requirements.
Just two months after the law was implemented, eSeller reported that 56% of businesses in California are not prepared for the new regulations. This number is significantly lower than 88% in November of 2019, but it’s still considerably high today.
Some companies are not compliant because they are confused or do not understand the law, while others have funding issues or cannot decide on their next steps. That being said, here are five things that all digital marketers should know to improve their customer satisfaction.
1. The laws impact companies even if they aren’t California-based
Unless you want to lose your California clients, you need to take a closer look at CCPA. Not being physically located there does not mean that you shouldn’t comply with the new laws, not if you meet the qualifications as set by the regulations.
For companies that have even one California resident, annual gross revenue of over $25 million, or companies that sell over 50,000 individuals’ data – this is a must. The sooner you adjust to it, the better for your business.
2. Don’t think that you can escape penalties
In the first couple of months since the law was enacted, many companies decided to sit and wait. Some did this because they were unfamiliar with the changes, but others did this hoping and thinking that they won’t be penalized. This was especially the case for companies who aren’t based in California but have consumers in the area.
The regulations are becoming more stringent every day, so don’t think that you can escape penalties forever. The CCPA states that a company can be penalized $2,500 for each record of violation that is unintentional. If they prove that it was intentional, they’ll penalize $7,500 for each record.
So, do the math and try not to take action that could potentially be very regrettable. Enforcing such laws can take some time, but the more time passes, the higher your chances of being caught in the act.
3. Make this a marketing opportunity
Don’t see this as a bad thing. The laws are made to improve customer experience and make them safer, but they can be excellent for your business, also. This is not doom for you, but potentially better marketing. In reality, customers are more likely to buy from businesses they can trust. Being one of the companies that are compliant with such laws will give you a better reputation and help you build more trust with consumers.
4. Being compliant with GDPR does not mean that your business is compliant with CCPA
If your business operates on a broader market, which is a very common thing with online companies, chances are you’ll be required to comply with both GDPR and CCPA regulations. These two are very similar, but they do have some differences that can still get you penalized. Focus on both individually to make sure that you don’t miss something important.
5. Take a more savvy approach toward CCPA compliance implementation
The CCPA goes beyond GDPR’s scope in that it gives consumers opt-out rights, includes information in terms of what’s covered, demands strict privacy notices, and most importantly – it’s more directly focused on digital advertising and marketing businesses. Generally speaking, the CCPA is mainly focused on businesses for profit, which puts it as a priority for most marketers today.
Ideally, data protection should be implemented in every product or service you are offering from its development to its distribution.
Final thoughts
Slowly but surely, cookies are vanishing from the online world. We are experiencing a gradual, yet widely noticeable growth of consumer privacy protection on the Web. The replacement of the old-fashioned, long-standing cookie will soon be a standardized and globalized solution available on all websites and apps and bound by specific laws. These laws include the global opt-in and opt-out laws CCPA and GDPR. Knowing this, you must grasp this opportunity to get and maintain consumer trust, as well as avoid penalties.