Consumer privacy is a complex topic and getting more complicated. The traditional US “harms-based” approach is being challenged by the EU and GDPR, as well as efforts in other countries. At home, the California Consumer Privacy Act of 2018 (“CCPA”) and Congressional proposals are getting a great deal of press.
Congress is divided and is passing little legislation, but there will be a number of hearings about privacy. This is a function of the change in House control and the interest in what social media and others have been doing with personal data. Most experts discount the prospect of a new substantive federal privacy law. However, the CCPA is being watched very closely by advertising and data businesses—including by Commerce Signals—to see how proposed regulations affect the monetization of data business models, advertising businesses, and data use generally.
Hearings are underway on the CCPA regulations that will be proposed later this year. The CA Attorney General cannot enforce the CCPA until six months after the implementing regulations are published or July 1, 2020 (whichever comes first). The regulations will address a number of difficult and contentious issues that were avoided in the haste to adopt the CCPA, including:
- what is personal information and what are unique identifiers;
- opt-out rules for (1) consumer requests regarding the sale of personal information; (2) business verification and compliance with these requests; and (3) a uniform logo or button for businesses; and
- rules on notice wording to help them be understood by average consumers
The scope of these regulations and implementation challenges are unclear—but business cannot stop for a year.
Other states are watching what is happening in California and in the press to see if they should enact similar state privacy laws. For example, Massachusetts bill SD 341 has many similarities to CCPA, but also adds a private right of action for violations without proof of actual damages. Unless there is a federal law with strong preemption of state laws, privacy laws may follow the path of data security notice laws of the past few years—each state enacts different and successively more restrictive laws that are difficult and expensive for businesses to follow and implement.
In the meantime, businesses can best position themselves for the future by looking at these basic principles when considering any new data partner:
- Integrity of Partners
- Rights to have the data
- Rights to use the data
- Rights to share the data
Commerce Signals was created using these principles when dealing with leading brands in the financial, merchant, and advertising businesses. Within advertising measurement, we focus on aggregated insights from anonymized consumers. Data is permissioned and used within the context of detailed work orders. The Commerce Signals patented platform forces every data exchange to operate within clear, scalable legal agreements.