Home Data-Driven Thinking What Marketers Can Learn From GDPR As They Get Ready For CCPA

What Marketers Can Learn From GDPR As They Get Ready For CCPA

SHARE:

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Guy-Thomas Barbier, country manager, North America, at zeotap.

The General Data Protection Regulation (GDPR) should be viewed as a positive change for the industry because it puts customers back at the center of marketing where they belong. But how is it working so far and what can the United States learn from the experience as CCPA looms on the horizon?

Although European authorities haven’t officially disclosed the number of fines levied under GDPR, it’s estimated that approximately 100 organizations have been fined, according to TechRepublic. In January, French authorities famously fined Google 50 million euros for collecting personal data without providing transparency on how it would be used to personalize ads on its platform. In July, the United Kingdom levied major fines against British Airways and Marriott International for data violations.

Giant companies aren’t the only ones at risk. A Swedish school board was fined 200,000 Krona – about $20,000 USD – for using facial recognition to track student attendance. In Spain, LaLiga was fined 250,000 euros after users discovered the football match app used smartphones’ microphones and GPS to identify pubs that were unofficially streaming games without paying for broadcasting rights. Truly, no organization is exempt.

What many companies still get wrong

A common GDPR breach is the cookie pop-up banner on a corporate website that doesn’t allow users to access content unless they accept the cookie policy. Other companies still make it difficult for users to opt out, delete or transfer their data because these options are presented in legal language that’s challenging to decipher.

Using plain language is required by GDPR. There’s no doubt many are still leaving themselves open to fines.

There also needs to be better customer support and more avenues for customers to opt out of data collection. Every organization must have the proper mechanisms in place so whenever users reach out via their social media accounts or website, someone – who is versed in GDPR – can help them get their consent revoked.

There also needs to be more education to help consumers better understand data as a whole and what part of the data is PII or GDPR-sensitive. It’s a lightning-rod topic with a lot of negative press around it, and consumers are starting to demand clarity.

When Facebook became more transparent about its lists that contain user information, people started to check out the “Your Ad Preferences” on the platform to see which companies use their data to advertise directly to them. This can be very enlightening to consumers, many of whom will ask for their data to be deleted.

While potentially disadvantageous to the platform, it’s necessary to stay compliant in an ever-tightening regulatory environment. However, once customers understand that no PII data is being used, sometimes they are less inclined to opt out. Transparency and education are key.

Enter CCPA

Absent a comprehensive federal privacy law, the California Consumer Protection Act (CCPA) is the most significant state legislative privacy development in the United States and will take effect on Jan. 1, 2020.

CCPA operates on the basis of “informing the user” vs. GDPR’s “asking for consent.” CCPA requires opt-out mechanisms for consumers to suspend data collection and usage, while GDPR requires users to opt in. And like GDPR, the CCPA’s impact is expected to be global, given California’s status as the fifth largest global economy.

While CCPA is not expected to be as strict as GDPR, it still represents significant progress in protecting consumers and their privacy. Of course, it will pose a challenge to American companies. Most significantly, although it only applies to California residents, it’s difficult for enterprises to segregate users and apply different data privacy procedures. Most likely, for simplicity, businesses will apply CCPA homogeneously across users regardless of their location.

Getting ready

When GDPR went live in 2018, many organizations opted to get GDPR certifications as a way to demonstrate strict adherence to the regulations. American businesses should determine what kind of external facing certifications or materials will satisfy stakeholders and ensure they’re implementing the right modifications to adhere to CCPA.

Companies must educate their employees on the new regulations as soon as possible if they haven’t already done so. There are many outside advisers that can offer training, such as IAPP, Future of Privacy Forum, TrustArc or OneTrust.

Stepping up customer support for consumer opt-out will also matter here. The teams or individuals that handle the CCPA transition must also inform their peers about the new or modified processes and how it will affect their day-to-day jobs.

There will be companies that will still make it hard for users to opt out or delete/transfer their data. As seen in Europe, some companies either hide this option or write in arcane legal language. Don’t make the same mistake, as it alienates users.

At the end of the day, it’s about regaining the trust of consumers. The more ethical – and now legal – way to gather data is by being transparent and straightforward with customers. Privacy regulations are proliferating, not going away.

Follow zeotap (@zeotap) and AdExchanger (@adexchanger) on Twitter.

Tagged in:

Must Read

Why Media Mergers And Spin-Offs Don’t Always Keep Their Promises

With media megamergers, acquisitions and spin-offs left and right, the media landscape is changing at a pace that is difficult to keep up with.

TransUnion is partnering with Blockgraph so that advertisers can use its identity data to target, reach and measure TV households across channels.

How This Disaster Relief Nonprofit Tapped First-Party Data To Reach Donors Year-Round

Staying top of mind for potential donors is an ongoing challenge for Direct Relief. Nexxen’s audience curation helped it spread and sustain awareness.

Why Major UK Publishers Are Finally Joining Forces To Curate Ad Inventory

Atria’s collective approach is a response to growing monetization challenges and the need to protect the value of human journalism in the AI era.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Toronto Canada pride parade includes a crowd waving pride flags

Ad Performance And Politics Steered Brand Dollars Away From LGBTQ+ Communities – But The Pendulum Will Swing Back

The current administration has discouraged many marketers and organizations from showing support for the LGBTQ+ community, including during Pride month.

How AI Can Enhance Content Without Generating It

As much as consumers complain about AI-generated content, advertising experts say AI still has an important place in video creation and production, including for ads. But using AI in content without turning off consumers is a tricky dance.

How Tovala Banks On Subscriptions And Incrementality – But Not Ads – To Profit From Its Oven

Smart TVs, refrigerators and other home appliances may pester you with marketing, but at least the hardware is cheap. Another startup taking a different approach to the same theory is Tovala, which was founded in 2015 and combines a standalone countertop oven with a weekly meal kit subscription.