When California Privacy Law enforcement begins, industries wonder what will come next


As California begins implementing its new data privacy law this week, some are still trying to understand what it means for consumers and businesses.

The California Consumer Privacy Act, which was passed in 2018 and went into effect on January 1, creates new rules for how companies can collect, share, and use consumers’ personal data. The law, known as CCPA, gives consumers new rights to opt out of having their data collected or shared, and allows them to require that data be removed from companies’ systems. It has also been a thorn in the side of the marketing industry at a time when companies are increasingly relying on data-driven advertising. Trade associations sought to delay execution beyond the July 1 deadline yesterday to have more time to comply while facing the Covid-19 crisis. However, the state rejected the request, leaving companies to question how the law will be enforced and what the full impact will be.

To assist with CCPA rulemaking, prepare for legal challenges, and enforce the new law, the California Department of Justice secured 23 new positions. Meanwhile, Attorney General Xavier Becerra has also urged consumers to alert the California Department of Justice if they believe they have encountered possible CCPA violations. In a Justice Department statement, Becerra said some companies have done a “pretty good job” in providing information to consumers, but others have “tried to hide the ball, so to speak.”

“This is my consumer request: make this a habit: when you access the home page of a particular website, you should know that there is a search bar and also a link that you can visit to determine not to sell or share your personal information, “said Becerra.” That ‘don’t sell’ my personal information link is something you should be ready before anything else, if you want. ”

In a series of tweets on Tuesday, Becerra outlined some of the new requirements.

“As families continue to move their lives more and more online, it is essential that Californians know about their privacy options,” Becerra wrote.

The beginning of CCPA is not the end of the debate on data privacy in California or elsewhere. In fact, an even stronger data privacy proposal is already gaining momentum in California from the same organizers who pushed state lawmakers to pass the CCPA in the first place. The California Privacy Rights Act, which received enough signatures last week to appear on the November 2020 state ballot, has now been signed by more than 900,000 Californians and would go even further than the current law. In addition to creating a new state agency to impose sanctions on businesses, CPRA would triple fines for violations related to children’s privacy and also protect data related to health, finances, race, and location. The proposal was also supported by groups like Common Sense Media, a nonprofit organization dedicated to promoting technology and safe media for children and their families.

Two Republican members of Congress are also calling for a federal response to data privacy. In a statement Wednesday, US Representatives Greg Walden, R-Oregon, and Cathy McMorris, R-Washington, said the Covid-19 crisis “has increased the need for Americans to trust their personal information is protected online. ” They added that consumer protections should be the same across the country and at the same time provide “our small businesses and innovators with the certainty they so badly need.”

“No foreign country, no state, no voting initiative should determine the protections that all Americans should have,” they wrote. “Our current system only benefits those entities and litigation attorneys who monetize compliance costs for small and medium businesses that are only trying to stay afloat. We can build on the California experiment and enact a strong national privacy standard that better protects our constituents without stifling the innovative services that keep us connected. ”

Business groups, including the Association of National Advertisers and others, continue to push for a federal law to override California’s. And although several have been proposed, so far none have gained traction. Dan Jaffe, the group’s executive vice president for government relations at ANA, said he hoped Congress would address federal legislation in this legislative session, but the pandemic slowed everything down and changed the focus of lawmakers.

“We always talk about flying the plane while we repair it,” he said. “Well, we’re doing that to the umpteenth power here.”

Brands, agencies and technology firms in the world of marketing still seek clarity in some components. A recurring question has been about how the rules define the sale of data and how sellers ensure that external partners also comply with the law.

“I have been in many conversations where a client will ask a provider if a data transfer is a data sale and the provider’s response is ‘I am not giving you legal advice,'” said Gary Kibel, privacy expert and Davis & Gilbert Law Firm attorney. “They will not draw conclusions for their clients to determine how to structure their compliance programs.”

Despite the uncertainty surrounding data privacy, spending on marketing technology is expected to continue to rise. According to a new survey of 432 chief marketing officers conducted by Gartner, investments in marketing technology represent 26% of marketing budgets this year. Gartner also found that 68% of CMOs surveyed plan to increase investments in marketing technology in the next 12 months.

Along with regulatory changes, tech giants like Google and Apple are also making changes to their own data practices. What all this means for marketers might not realize until iOS 14, the app, and the changes to Google Chrome are fully effective, said Mark Wagman, managing director of MediaLink and leader of the data and technology solutions practice. of the company.

“This market is a flyer,” he said. “And if you change one thing along the way, it’s like going back to the future, when you make a little change to something in history, those changes get complicated.”

Wagman added: “The flywheels work when each gear on the wheel works perfectly … But when you start pulling out parts it gets a little rickety.”

For a broader view of how various groups have been thinking about CCPA, IV.AI, a company that provides artificial intelligence services to make sense of complex data for large companies, examined the issues in public comments sent to the prosecutor’s office. California general, while regulations were being drafted According to the analysis of thousands of pages submitted during a 45-day comment period that ended on December 6, 2019, only 5% came from the advertising, media and marketing industries . Technology represented 19%, 12% came from the legal industry, 7% came from the financial sector and 8% came from companies in general. Artificial intelligence software was able to analyze the general sentiments of each industry. For example, the technology industry wanted clarification on regulations that argued that they were poorly written and poorly conceived. Meanwhile, the financial industry was having trouble surrounding the collection of non-electronic data and wanted some exemptions for regulations that conflicted with financial laws.

IV.AI’s analysis also identified four topics that received the most frequent comments. At the top of the list was concern about the definition of terms that many described as “ambiguous”. Other major requests included exemptions, a delayed start date, and clarifications for specific industries. The results also revealed important concerns such as costs, whether there was time to prepare before enforcement began, whether parts of the law were redundant or conflicted with other regulations, and whether consumers might become fatigued with consent requests to collect your data.

According to Vince Lynch, Global CEO of IV.AI, using natural language processing to view commentary presented at the macro and micro level helps show what concerns companies, consumers and legislators should not be considered to be thinking might be thinking beyond your scope of concerns.

“Their point of view speaks volumes about how they think about the impact of these privacy laws,” he said. “So by looking at how they explain their feelings about it, you get a very good understanding of all the different stakeholders that are being impacted by privacy.”

The public’s recommendations were different from those presented with commercial interests. For example, the IA noted that some were unclear whether CCPA would adequately target or penalize tech giants like Google and Facebook or if there was a gap between the law’s impact on business and its consumer protection. Others were concerned that larger companies might find creative implementations to comply with CCPA.

But how is privacy discussed outside of regulatory circles? To better understand how people talk about privacy online, IV.AI also examined Twitter’s conversation in the week leading up to the CCPA application date. According to an analysis of 50,000 tweets between June 23 and 28 related to the word “privacy,” only a small fraction mentioned “CCPA.” That leads to other questions: Are consumers paying attention to the law and its implications? Do people understand the rights they have under the new law or is there work to be done in terms of raising awareness?

The way that tweets are grouped based on what a machine thinks are related topics also shows a picture of how people talk about online privacy in general. Privacy issues range from bar records to distance learning, research and human rights. IV.AI also analyzed 50,000 tweets between March 12 and June 25 that mentioned the CCPA itself, which ranged from litigation related to the law to issues related to racial discrimination and the Internet of Things.

“This is something that cuts across all aspects of our lives now,” said Lynch. “It is something that we have to lose and others have to win. When you think about how it impacts how you spend your time, what you do on the Internet, what you eat, what you see, everything is a privacy problem because everything can be monitored. That’s why looking at this this way is important because of all the access we are willing to give, what things are people most interested in?

Update: This story has been updated with comments from the California Department of Justice that was received after publication.