Every day, there are over 2.5 quintillion bytes of data created. Approximately 90% of the data in the world was generated in the last few years.
Data is a crucial component in the success of a business. Whereas companies relied on in-person data collection methods in the past, today, data collection is done digitally. This not only allows institutions to reach a much larger sample size quicker but also improves data readability and removes human bias or error.
Collecting consumer data helps you understand your market better, improve marketing strategies, and customize offers for clients. However, data collection comes with risks and responsibilities.
The data collected from consumers should be protected from unauthorized access or corruption, as it may contain sensitive personal or financial data. Failure to do so opens up your company to liability, and your brand’s reputation may be tarnished.
In light of recent data breach scandals, government and industry data regulations are continually being reviewed and improved. A great example is the General Data Protection Regulation (GDPR) passed by the European Parliament and Council in 2016.
On the same note, California has followed suit with the California Consumer Privacy Act, which will take effect in 2020.
What is the California Consumer Privacy Act?
The CCPA is a stringent data privacy law that gives Californians more control over how companies use their data. Once the regulation takes effect, consumers- California residents- will be able to view, limit use, and delete personal data collected by for-profit companies.
The act has already been approved by former Governor Jerry Brown and will be effective from Jan 1, 2020. However, it cannot be enforced until it has been published as law by the Attorney General of California.
The CCPA applies to organizations that operate in California that meet one or more of the following conditions:
- Over 50% of revenue is generated from data sales
- Annual gross income of $25 million
- Have shared, Sold, or bought personal data of at least 50,000 California residents, devices, or households
How does the CCPA differ from GDPR
Though the CCPA is inspired by the GDPR and both have similarities, the former is less stringent.
#1 – Data regulated and scope
The CCPA’s primary focus is on data collection and sales, and it generally applies to large institutions that meet specific criteria. On the other hand, GDPR also regulates the processing of personal data. Any business processing data in the EU must comply with GDPR regardless of size.
#2 – Right of access
When it comes to the level of access consumers have with their data, the CCPA requires you to do the following upon a request by data owners:
- Inform consumers about the data you have collected from them in the last 12 months
- Reveal who the data has been shared with
- Indicate the purpose for collecting the data
Consumers can make up to two requests every year, and you are required to relay the information within 45 days without charge.
With the GDPR, companies are required to:
- Give a copy of the data collected from consumers
- Let consumers know how long they intend to keep their data
- Reveal who the data has been shared with and why
- Inform data owners of their rights
Once an EU resident requests for information about their data, sets restrictions, or corrects the data, companies have only 30 days to comply.
#3 – Withdrawal and deletion
In the EU, consumers have the right to stop companies from processing their data. The California Consumer Protection Act allows data owners to restrict the sale of their personal information. You will also be required to have an opt-out link on your website.
With both regulations, consumers have the right to have their data deleted at any time. However, the CCPA has some limitations to this right. They include:
- Situations where you need the data to complete your obligations to the consumer
- If the data is necessary for security purposes
- Legal requirements that require you to store the data
- The data is useful for research
- The data is essential for the prosecution or defense against illegal or malicious activity
One significant difference between these two regulations is that the GDPR allows consumers to correct any mistakes they find in their data.
Why are Ad Tech companies seeking exemption?
Advertising technology companies rely on behavioral tracking techniques to know what is most likely to interest a consumer. Without this information, the marketing efforts of ad tech companies will be less effective, resulting in revenue slumps.
The CCPA requires you to honor opt-out requests for scenarios where you will share consumer data for monetary or other benefits. This means that you can still process and use data to some extent. Though there are concerns as to how some sections of the CCPA will be interpreted, it’s wise to comply before it takes effect.
Not sure how to prepare for CCPA as a publisher? Partner with MonetizeMore today and we’ll help you stay CCPA compliant!