California governor Jerry Brown sent shockwaves through California when he signed a bill cementing the nation’s toughest data privacy law. Experts are saying that the bill is the country’s most overarching attempt to give consumers more control over their data.
Brown signed the bill just hours after lawmakers from the State Assembly and Senate approved it with no dissenting votes. Lawmakers worked to pass the bill quickly. Brown managed to convince San Francisco real estate developer Alastair Mactaggart to remove a similar measure from the November ballot.
The bill, authored by Assemblyman Ed Chau, an Arcadia Democrat, and co-authored by Sen. Bob Hertzberg, a Van Nuys Democrat, was first drafted on June 21st and received approval from numerous privacy advocates including Common Sense Media.
On this passing of this bill, James P. Steyer, CEO and Founder of Common Sense states,
"Today was a huge win and gives consumer privacy advocates a blueprint for success. We look forward to working together with lawmakers across the nation to ensure robust data privacy protections for all Americans."
The new law will require all companies to tell consumers upon request what personal data they’ve collected and why. Consumers can also request what types of third party organizations or networks received their information and companies must comply.
As part of this new law, the public can even ask companies to delete or stop selling their data entirely. Children under 16 must also opt-in to have their data used by companies for any purpose.
Businesses will not be able to discriminate against a consumer who refuses to have their information through methods including, but not limited to; denying them products or services, charging different rates for goods or services, or providing lower quality goods or services.
According to Time, “The new law will take effect Jan. 1, 2020, and lawmakers say they will likely make alterations to improve the policy before then.”
Justin Brookman, the Director of Consumer Privacy and Technology Policy for Consumers Union (advocacy division of Consumer Reports), states,
“We appreciate that this law advances consumer protections in several ways. It gives people access to the information that companies have about them. It extends the right to control the sale of your data, and it provides new security protections in the wake of the Equifax breach.”
It’s worth noting however that Brookman has taken issue with a part of the new law. The law allows companies to avoid responsibility for breaking any part of the law - so long as the company stops within 30 days.
He states, “the legislation’s weak enforcement provisions need to be improved before it goes into effect in 2020.”
The general consensus regarding this law seems to be that although it’s a historic move forward for privacy protections, it is still a work in progress that needs to be amended further in order to accommodate non-tech industries like newspapers and media outlets.
This new policy resembles the European Union’s new GDPR guidelines in that consumers will have broad power over their data and privacy. Unlike GDPR, this law only applies to Canada. Because of this, many brands will have to put in extra work to create California-specific marketing strategies and privacy protections.
Marketers operating in California or that offer goods and services to persons in California will also need to be hyper vigilant and responsive to consumer requests for data information. If a request goes unchecked, the person could sue and a brand could be held accountable for it under the law.
Most brands won’t need to worry about this but the bill does require that all companies,
“Make available to consumers two or more designated methods for submitting requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115, including, at a minimum, a toll-free telephone number, and if the business maintains an Internet Web site, a Web site address.”
There’s still plenty of time to take in all the aspects of this new law and adjust marketing plans accordingly but it’s better to read the law carefully now and start strategizing early to avoid any mishaps when 2020 rolls around.
Some small things brands can do now is provide consumers with access to private information (if applicable), be more transparent, and take note of the various criteria, especially ages, they select for audience targeting in California on social media ad platforms.
Persons 16 and under will need consent to have their data used. Identifying a plan for this measure is also a good idea.
Despite some of its marketing impracticalities, this data privacy law is still a big win for consumers who, after the Cambridge Analytica debacle, have been fervently fighting for control over their data.
Between now and 2020, other states could use California’s data privacy law as a template for their own privacy protections. Which would allow them to avoid the need for two privacy standards. The law will also continue to evolve and adapt. It’s likely it will be amended multiple times before it takes affect.
What are your initial thoughts on the CCPA? Should marketers start re-adjusting their strategies now or put it on the back burner? Let us know the comments!