While navigating through a mammoth boycott of ads and potential federal anti-trust charges, the chief financial officer of Facebook Inc. most worry about California’s strict new privacy law.
The California Consumer Protection Act, or CCPA, is considered to be the first true law of data privacy and under the strongest focus on the digital economy. Advocates of consumers say it could enact more state laws that the likes of Facebook Inc. Keep FB,
and GOOGL by Alphabet Inc.,
GOOG,
Google is more responsible for how it handles the data of billions of people worldwide.
The CCPA became official in California law on January 1, and was completed on July 1 by California Attorney General Xavier Becerra after a six-month grace period. When asked last month about the question at the end of the company’s corporate election call, Chief Financial Officer David Wehner launched in a lengthy discussion about his influence on advertising, the lifeblood of Facebook.
“You know, in the long run, it’s really about implementing CCPA. And in the long run, it’s more potential for further similar regulation around the world, “Wehner said.” We’re seeing an impact on the company from CCPA today. We do not know what the impact will be. How things play out will depend on the advertiser’s implementation, adoption rates in terms of tracking off. So there’s a lot of uncertainty about how it plays out. “
Wehner has not provided any specifications, but Facebook has taken several steps over the years to comply with CCPA. Indeed, the depth and tone of his response showed a greater concern than the July advertising boycott of more than 1,100 companies over objectionable content on the social network. The boycott, which Coca-Cola Co. KO include,
and Ford Motor Co. F,
, is expected to have minimal drag on Facebook sales.
For more: The Facebook boycott could pay businesses more than advertise on Facebook
The ominous legal cloud of CCPA, which calls one expertise in data security the most far-reaching law affecting California businesses, goes far beyond Facebook. Some 500,000 companies nationwide that process data in the Golden State are affected by the broad rules of the law, according to Kimball Parker, CEO of SixFifty, the technology subsidiary of leading Silicon Valley law firm Wilson Sonsini Goodrich & Rosati.
CCPA gives Internet users the ability to see what information is being collected about them and stop data being sold. It enables California Attorney General to punish the worst offenders, with fines ranging from $ 2,500 to $ 7,500 for each offense. The law applies broadly to companies that meet one of these three criteria: annual turnover of $ 25 million; more than half of their turnover is through the sale of personal information by consumers; or the processing of personal information of more than 50,000 California residents.
“For businesses, it’s a nightmare,” Parker told MarketWatch.
See also: What Google and Amazon are doing to comply with California’s new privacy law
In addition to a legal process that costs only $ 150,000, companies need to invest in technological tools to follow new rules. “Those who are really shaking this up are smaller companies, like a Sacramento co-op supermarket (Sacramento Natural Food Co-op) that is a customer of ours,” Parker said.
Of course, Facebook and Alphabet account for the most total exposure, as they reach billions of people and each violation of the law comes with a fine of $ 2,500 to $ 7,500. “The fines add up,” Parker said.
The law has already taken a steep financial toll on Facebook. The social networking giant says it has spent billions of dollars on its privacy and security features to comply with laws such as CCPA in the US and General Data Protection Regulation, or GDPR, in the EU.
At the same time, Google and Amazon.com Inc. AMZN,
– which, along with Facebook, controls more than 60% of the US digital advertising market – has taken important steps to tackle the new law.
Facebook disputes its data policies, with CCPA-related updates, includes information on various types of data it collects, how the company’s products work, and an update on what customers in California need to do to exercise their CCPA rights practice. In June, the company released a feature, Limited Data Use, that limits how Facebook uses partner data by targeting Facebook to act as a service provider when processing information coming from California residents.
“We have created dozens of teams, both technical and non-technical, that focus solely on privacy, and we currently have thousands of people working on privacy-related projects and we are a lot more involved,” he said. a Facebook spokesperson for MarketWatch. “For example, we have built self-serve tools that allow people to access, download and delete the information they share on our service. We make these tools available to everyone on Facebook, no matter where they are. ”
The impact of the law is spreading through Facebook’s 10-Q form for its recently completed second quarter. CCPA is mentioned seven times, compared to 40 mentions of COVID-19 and nothing on the boycott.
“These laws and regulations [in particular, CCPA and GDPR] are evolving and subject to interpretation, and consequent restrictions on our advertising services, such as the reduction of advertisements by marketers, have to some extent adversely affected, and will continue to affect our advertising business, ”according to the 10-Q report. “Each of these events can have a substantial negative effect on our business, reputation and financial results.”
There is not much debate about the most important impact the law will have on the digital advertising ecosystem, warns Julian Baring, general manager of America at Adform.
“CCPA is the latest example of slow march of regulatory breach on its business models,” Baring told MarketWatch.
More about CCPA: What it does, what has changed and what it means for investors
The parade of data privacy laws was largely fueled by Facebook’s Cambridge Analytica scandal, when the London – based political consulting firm purchased and used the personal data of up to 87 million Facebook users without their permission.
“It was a watershed moment for consumers and privacy,” said Pam Dixon, founder of the World Privacy Forum, a nonprofit public interest research group. “We have [the European Union’s GDPR], CCPA, and a sequel to CCPA. The costs for the business side are deep [financially], and time-consuming for individuals to choose from. ”
Formed by irreplaceable millionaire Alastair Mactaggart, CCPA is widely applied to every business with one annual turnover of $ 25 million; helps more than half of its revenue through the sale of consumer personal information; or processes personal information of more than 50,000 California residents.
See also: The millionaire behind California’s privacy constitution in California wants to get even tougher on Big Tech
If that does not complicate the operations of Facebook and others, then its successor to the November vote, the California Privacy Rights Act of 2020, as CPRA, could make matters tougher. It would give consumers more control over what they call “sensitive personal information”, such as race, health, social security number and recent locations using GPS technology. If enacted into law, consumers would have the right to prevent such data from being sold or used for advertising purposes.
More importantly, CPRA includes the establishment of a state member agency for privacy protection, instead of the state attorney general under CCPA.
“Below [CPRA], a consumer may restrict the use of their sensitive information to stop Uber UBER,
from profiling them based on race, stop Spotify SPOT,
using their exact geolocation and preventing Facebook from using their sexual orientation, health status or religion in their algorithms, ”said Carmen Balber, executive director of the nonprofit Consumer Watchdog, in a statement.
“CPRA is coming in another year, and it’s another hurdle that is completely costly to most companies,” Parker says.
Businesses should expect privacy to be a healthcare front and center for many years, data experts warn.
“Facebook and Google are under so much regulatory pressure, they have the resources, the money and lawyers, are on top of things,” says Richy Glassberg, CEO of Safeguard Privacy, which helps hundreds of companies comply with CCPA guidelines. ‘Everyone else is shocked. It is a continuum to stay ahead on privacy arrangements. In a year, Mactaggart’s new law will be more than GDPR. We’ll be talking about this in a year, if it continues. ”
See also: This California legislature incorporates SmileDirectClub
For now, in a new world order from CCPA, most companies are content to comply as much as legally required without renewing their business operations at great cost and possibly weakening product lines, security experts say.
“They rock like standing on the line while still running the same old business model,” said Gusto Chief Security Officer Fredrick “Flee” Lee, who wrote extensively about CCPA, recently for Harvard Business Review.
“There’s an inverse monotonous relationship between privacy and value,” Vasant Dhar, a professor at the NYU Stern School of Business, where he is director of the Center for Data Science, MarketWatch, said in an email. The more someone knows about you (less privacy), the more value to them. CCPA introduces friction (you now have to SHARE with ACCESSIBLE etc. compared to the Wild West days, so that’s a cost), and it makes it harder to link data where a lot of value lies. “
.