The fervor surrounding the European Union’s implementation of its General Data Protection Regulation (GDPR) legislation is feeding an increased expectation to respect the privacy rights of the individual. Other initiatives—right here in the United States—are taking hold. On June 28, California Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) of 2018, blazing the trail for heightened personal data control and protection in the U.S.
CCPA: A New Level of Mandate
One of the reasons GDPR created such an impact was due to its highly strict nature—specifically in terms of obtaining explicit consent. Language in the law such as “consent needs to be specific, per purpose” and “consent is an act; it needs to be given by a statement or by a clear act” were just a few of the conditions that raised the anxiety of marketing executives.
What should you know about the California Consumer Privacy Act?
As my colleagues have discussed in previous blogs, DMD has been built to the highest consent standards as put forth by various U.S. industry associations including the DAA, IAB, BBB, and the DMA. In lieu of an overarching U.S. privacy law, these industry guidelines have become the Gold Standard. They center around three essential principles which are embodied in the CCPA:
- Transparency: A clear understanding of what personal information is collected, why, and with whom it is being shared.
- Control: Individuals have full control over their data, including open access to it.
- Deletion: Ability for individuals to opt-out of data collection and be “forgotten” by having one’s data deleted from the database history.
We have always adhered to consent management
The law also raises the data collection age set forth by the Children's Online Privacy Protection Act (COPPA) from 13 to 16.
The CCPA also defines, for the first time, monetary fines and penalties for failure to provide personal data control and protection. Lack of compliance with CCPA could cost your company a huge sum of money when the law goes into effect.
This law provides the strongest regulatory considerations our nation has seen to date. Given the public reaction to high profile privacy violations of major database companies, the CCPA is likely the start of a trend in the U.S., not the culmination of one.
Despite Loopholes, User Control and Data Protection Remains a Priority
Some privacy advocates have expressed concerns over what they consider loopholes, such as technology companies being able to "share" data even if a consumer bars them from selling it, or what Emily Rusch, executive director of the nonprofit California Public Interest Research Group calls a troublesome “pay for privacy” option.
They may not be able to survive in the industry
Again, for us, those concerns are really a moot point. No matter the digital channel, DMD has always adhered to rigorous consent management—whether regulatory, legislative, guided by industry standards, or in line with our own core values.
Other email database vendors who have failed to build their databases according to the key privacy principles, will not be able to cope with this new initiative. Data vendors who scrape or manufacture email data are already teetering with the ethical issues of their product. Implementation of this California law outlaws the exact way of collecting information upon which these email database vendors have based their businesses. In light of the CCPA, it is very important that you ensure your email database vendor can prove 100 percent of their emails have been collected with the proper level of user consent. This needs to be a critical factor in choosing an email database because you can face significant fines for noncompliance.
Rest assured, DMD will not only survive change but thrive on it and continue to lead the industry in personal data control and protection.