Home Data-Driven Thinking New Utah And Connecticut Data Privacy Laws Are Coming. Are You Ready?
OPINION: Data-Driven Thinking

New Utah And Connecticut Data Privacy Laws Are Coming. Are You Ready?

By AdExchanger Guest Columnist

SHARE:
Emilie Kuijt, data protection officer at AppsFlyer
Emilie Kuijt Data Protection Officer

Another day. Another privacy law. *Cue emergency marketing meeting.*

Marketers might as well go ahead and add “tightrope walker” to their list of skills. The delicate balance between personalization and stringent privacy laws is just as precarious as a high-wire act. 

Research shows that 66% of consumers want personalized ads, but nearly half of them are uncomfortable sharing any data. And with Utah and Connecticut joining California, Virginia and Colorado to become the fourth and fifth states to enact data privacy laws, marketers can’t seem to catch a break. 

While experts believe these new laws are similar to those already in effect, any new regulations can potentially throw a wrench into your operations. Prepare for what’s to come with this breakdown of what these laws are and their effects on marketing strategy. 

Utah’s Privacy Act (UCPA): Narrow scope, broad exemptions for SMBs

Utah’s Privacy Act (UCPA) that goes into effect on December 31, 2023, bears a close resemblance to Virginia’s Consumer Data Protection Act. If you switched up your strategy to align with that law in 2021, you should be able to pivot quickly for UCPA. 

Like Virginia’s privacy act, UCPA gives consumers the right to access personal information that businesses collect on them. It also allows them to request deletion or to obtain a “portable copy” of the data. Additionally, consumers can also opt out of sharing their data for targeted advertising. 

Utah’s act is being hailed as more business-friendly than Virginia’s. Thanks to its narrower scope, it offers some exemptions to SMBs. 

Does this law apply to your business? 

The UCPA only applies if: 

  • You conduct business in Utah
  • Your annual revenue exceeds $25 million USD and
  • Your company deals with fewer than 100,000 consumers or
  • Less than 50% of your gross revenue comes from selling consumer data

In general, nonprofits are excluded from this law. Any data covered by another privacy law, such as HIPAA, or a public records law, such as tax rolls, would also be exempt. 

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Daily Roundup

Daily News Roundup

Which Ecom SaaS Will Survive?; How The AI Search Engines Perform

Connecticut’s Privacy Act (CTDPA): Similar but stringent?

Provisions in the Connecticut Data Privacy Act (CTDPA) that allow consumers to opt out of targeted advertising, profiling and data sales are stricter than in similar laws passed in California, Colorado, Virginia and Utah. The law also prevents “the right to cure,” meaning companies won’t be able to fix violations to avoid penalties. The law goes into effect on July 1, 2023.

Does the act apply to your brand?

The Connecticut law only applies if:

  • You conduct business in Connecticut
  • Your company handles the personal data of 100,000 consumers or more (not including data used to make payments) or
  • Your company handles the personal data of 25,000 consumers or more and made over 25% of its gross revenue from selling personal data.

Though the exemptions in this law are similar to Utah’s, there is no annual revenue threshold, so there’s no relief for small businesses. 

Importantly, both the Connecticut law and the Utah law require explicit consent to obtain children’s data.

How to prepare for these laws: Save this checklist

If you’re a data privacy champion and are GDPR compliant, you’re likely already in compliance with these new regulations. If not, here’s a checklist to get ahead of what’s to come: 

  • Provide a clear and easily accessible privacy policy that contains:
    • Categories of personal data you collect and reasons for collecting it (FYI: Consumers are more likely to share data if you’re transparent)
    • Categories of personal data you share with third parties (if applicable) and the categories of third parties you share data with
    • An active email address or online form consumers can use to contact you
  • Provide users with a clear and prominent way to opt out of the sale of their personal data to third parties, and an equally simple way to opt out of targeted advertising (the link or button must be clear and conspicuous on your site)
  • Collect only relevant and necessary data and ensure data is used only for intended purposes; don’t collect any sensitive data
  • Obtain explicit consent from all users, especially for consumers 16-19 years old
  • Don’t obtain consent through “dark patterns” and offer an easy way to revoke consent; stop processing data after consent is revoked
  • Work with data governance teams to:
    • Document all data collected 
    • Identify what falls under “personal data”
    • Design data architecture to minimize data collection

Sidestep the privacy-personalization paradox 

In addition to the five states that have already signed privacy bills into law, there are 21 considering privacy legislation. More are sure to follow. 

These fragmented privacy laws mean marketers will have a harder time developing loyal relationships with customers. And as consumers become aware of the dangers of being constantly surveilled, they’ll adopt privacy measures like VPNs. Measuring your marketing efforts could become a tall order.

Opt out of the waiting game. Stop hoping new privacy laws won’t make both customer-facing campaigns and internal measurement harder. Future-proof your marketing by making privacy the focal point of your marketing efforts.

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Follow AppsFlyer and AdExchanger on LinkedIn.

Must Read

A comic depicting people in suits setting money on fire as a reference to incrementality: as in, don't set your money on fire!
Commerce Media

How Incrementality Tests Helped Newton Baby Ditch Branded Search

In the past year, Baby product and mattress brand Newton Baby has put all its media channels through a new testing regime for incrementality. It was a revelatory experience.

Colgate-Palmolive redesigned all of its consumer-facing sites and apps to serve as information hubs about its brands and make it easier to collect email addresses and other opted-in user data.
Marketers

Colgate-Palmolive’s First-Party Data Strategy Is A Study In Quality Over Quantity

Colgate-Palmolive redesigned all of its consumer-facing sites and apps to make it easier to collect opted-in first-party user data.

Online Advertising

Can E.L.F. Cosmetics Become A Consumer Destination, Not Just A Brand?

History can be a burden for a brand, if it means that company is too set in its ways to pivot and try new things. Just consider e.l.f. Cosmetics, the digitial-first, social-native brand that made good.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Digital-native brands need to figure out how to win in retail shelves. They're finding it difficult, to say the least.
Commerce Media

DTC Brands Are Learning The Hard Way That Winning In Retail Can Be A Losing Bet

Digital-native brands need to figure out how to win in retail shelves. They’re finding it difficult, to say the least.

Platforms

Browser Extension Developers Say Google And Apple Need CMA Oversight

A group of 20 web app developers sent a letter to the CMA claiming the regulator’s proposed remedies for increasing competition among mobile browsers do not address barriers to entry for mobile web extensions on iOS and Android.

A comic depicting people walking past digital billboard screens in a city
Mobile

TikTok Wants To Win All The Screens, Not Just Your Smartphone

“There are billions of additional screens outside of mobile phones,” says Dan Page, TikTok’s global head of partnerships and new screens. “We want to be in all of them.”

Popular

  1. Commerce

    Yahoo DSP Adds Planet Fitness And Rippl’s Audiences To Its Retail Media Network

    Yahoo DSP has new partnerships with the Planet Fitness media network and Rippl, a co-op of regional grocery and convenience store chains, including Wegmans.

  2. Colgate-Palmolive redesigned all of its consumer-facing sites and apps to serve as information hubs about its brands and make it easier to collect email addresses and other opted-in user data.
    Marketers

    Colgate-Palmolive’s First-Party Data Strategy Is A Study In Quality Over Quantity

    Colgate-Palmolive redesigned all of its consumer-facing sites and apps to make it easier to collect opted-in first-party user data.

  3. Ben Cicchetti, SVP, Marketing & Communications, InfoSum
    OPINION: Data-Driven Thinking

    Google Won't Kill Off Cookies, Consumers Will – And That’s How It Should Be

    The only way forward for the industry is to put consumer choice first. That means putting the cookie behind us and rebuilding our relationship with consumers.

  4. A comic depicting people in suits setting money on fire as a reference to incrementality: as in, don't set your money on fire!
    Commerce Media

    How Incrementality Tests Helped Newton Baby Ditch Branded Search

    In the past year, Baby product and mattress brand Newton Baby has put all its media channels through a new testing regime for incrementality. It was a revelatory experience.

  5. Publishers

    Diverse Publishers Are Using Virtual Product Placements To Woo Advertisers

    Mirriad is heading the Diverse Media Alliance to help create more ad opportunities and incremental revenue for diverse publishers. The initiative currently includes Canela Media, LatiNation, BOMESI, NTERTAIN’s NEON16 and The Shade Room as launch partners.