California Consumer Privacy Act (CCPA) was effective on January 1st, 2020. It outlines new standards for data collection and the penalty if businesses do not follow these standards. How does this affect marketers? Well, the way marketers use personal information has changed.
What is CCPA?
As stated by the Marketing Profs, “the law is meant to protect consumers’ personal information as well as increase the transparency of how the personal data of California residents is being used.”
What Marketers Need to Do
At the highest level
- Understand how personal data is being used to serve your customers
- Ensure your team has a clear understand on the law
- Make sure CCPA responsibilities are delegated within your organization
Within the marketing team
- If you’re providing discounts or incentives in a way that could be perceived as exchanged for personal information, calculate the monetary value of personal information exchanged for offers or discounts and communicate that information in your privacy policy
- Understand how marketing, CRM, CDP, ad platforms, other systems you are using to send messages will comply
- Connect with marketing technology (MarTech) vendors and services providers, and legal teams to ensure consistency
What Marketers Need to Know
- You will need to disclose what information you are collecting and how you will be using this personal information
- You will have to give your consumers the right to opt-out of having their information sold
- You also have to let consumers view and delete the information that was collected
How does CCPA relate to Cookies and Privacy Information?
- If information collected by website cookies that identifies or linked to a consumer, family, or device, it may be subject to the same disclosure notices (The National Law Review)
- The CCPA does not require businesses to have a separate cookie policy. This information can be included in the website’s privacy policy.
- The website does not need a separate cookie banner if the website discloses information relating to the collection and use of personal information
What is GDPR?
General Data Protection Regulation (GDPR) is Europe’s new data privacy and security law. It is said to be the toughest privacy and security law in the world. This law was passed in the European Union (EU), but it forces obligations onto organizations anywhere in the world that targets the people in the EU. The GDPR will fine those who violate its standards. To learn more about the history and the regulations, check it out here.
CCPA compared to GDPR
- CCPA fines are up to $7,500 per record, as GDPR fines can reach up to tens of millions in Euros.
- CCPA focuses on data related to both the California consumer and the household, as GDPR focuses on data related to the EU consumer.
- CCPA covers personal information, browsing history and records of a visitor’s interactions with a website or application, as well as personal information. GDPR protects just personal information and web data (location, IP address, cookie data and RFID tags.
- CCPA affects all companies that serve California residents and have at least $25 million in annual revenue, or companies of any size that have personal data on at least 50,000 people. GDPR affects all companies that European residents and have more than 250 employees or fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects.
This is just the beginning of CCPA. There will obviously be changes throughout the process, but what are your thoughts on this law?
Additional Resources on CCPA
How California’s New Privacy Law Affects You (The New York Times)
What California’s New Data Privacy Act Means for Marketers (HubSpot)
CCPA Is A Win For Consumers, But Businesses Must Now Step Up on CX (Forbes)