This post was updated on 08/12/2020 to reflect the most recent data protection changes.
Tracking users’ online behavior and history is common practice in the digital marketing world. It still sounds a bit Big Brother but as users, we’ve come to expect it and, when implemented responsibly, we agree on the benefits it provides.
In simple terms, it’s about gaining permission to collect user data and share that data across platforms to provide a better user experience.
On January 1, 2020, California enacted the California Consumer Privacy Act (CCPA). This is essentially California’s version of the EU’s General Data Protection Regulation (GDPR) and Brazil’s upcoming Lei Geral de Proteção de Dados (LGPD), which is set to activate on August 16, 2020.
Many remember, back in 2018, a significant number of European websites placing notices on their homepages notifying visitors that the site collects and shares their data. That was one of the effects of GDPR.
So, what does all this mean to Digital Marketing Teams?
Do I need to drop everything?
No, while the law came into effect on January 1st 2020, however, it will not be enforced until July 2020.
Does it apply to every business?
No, the law applies to for-profit companies that do business in California that shares consumer data of more than 50,000 people, or produced revenue of more than $25 million in the previous year.
Do I need to alter our website(s) and app(s) for just California?
CCPA applies to anyone that collects data of California residents (even if they are out of state).
What do I need to do to be compliant with CCPA?
CCPA mandates that websites / apps provide a mechanism to opt-out of data collection as well as enhance their privacy policy. Our general recommendation is to roll out updates to your site for all USA users.
What’s the penalty for non-compliance with CCPA?
There’re of course fines and the real chance that they are significant fines. If a case is brought against your company and you continue to remain non-compliant after 30 days upon being notified, it’s expected that a fine of $7,500 per violation will be administered.
While that sounds like a relatively small number, imagine you have 100,000 visitors to your website per month, $7500 X 100,000 would be a staggering amount.
We’re GDPA compliant. Are we OK?
No, it’s not safe to make this assumption. It does, however mean that you’ve likely implemented some of the key features of GDPR, you’re on your way to meeting the requirements of CCPA, and the updates required to get your website compliant are more straightforward.
Are my digital marketing efforts going to be impacted?
No, absolutely not. Sure, there will be some users that opt out of our data collection, but it’s worth noting that over 95% of consumers in Europe have not opted out of data collection.
CCPA doesn’t restrict anyone from selling any data collected either; it just means that users legally have the right to opt out of the collection and selling of their data.
What’s my next step?
We’re already executing minor web enhancements for both our US and global customers to implement small measures to incorporate changes for CCPA. Contact us and we’ll happily review with your teams whether your business falls under CCPA and provide an estimate to get your website updated and compliant.
