2019 is in the books. Let’s take a look back at what we did, made, and moved with some of our truly awesome D2C partners.
We survived the shake-up of 2018 with GDPR.
We cruised through the first half of 2019.
And then in June, the CCPA popped up, passed, and dropped a January 2020 deadline on the world of online business.
In case you missed the hoopla, CCPA is the California Consumer Privacy Act, and if you collect customer information, it applies to you.
Brief history: online consumer privacy laws date back to 2003 (CAN-SPAM), so this is really only the third iteration of mandated privacy – with much more to come as in-home devices, smart wearable technology, and the IoT infiltrate every corner, twitch, and transaction of our daily lives. So it’s a good time to get on board.
The CCPA, or AB 375, is ultimately about protecting consumer privacy and allows consumers to request any information a company (or third parties they share with) has saved on them. If they find that the company violates any privacy guidelines, the consumer is allowed to request that information is deleted, or even to sue that company. Shaking in your boots? Don’t be. Here’s our quick take to help you navigate what CCPA means for your business.
CCPA affects you if…
- your company (no matter where in the world you are) has consumers in California
- AND you have at least $25MM in gross annual revenue
- OR you have personal data on at least 50,000 residents of California – including cookies from site visitors with a California IP address
- OR you make 50% of your revenue by selling personal data
The new California consumer rights:
- Consumers can opt out of having data sold to third parties.
- Consumers can request to see any data that’s been collected on them in the past year.
- Consumers can request that any of that data be deleted.
- Consumers have the right to equal service and pricing whether or not they’ve chosen to share their information.
This may be just for California right now, but expect to see CCPA-like bills coming soon to a state near you.
How to comply with CCPA:
- Your website footer should prominently give people the option to opt out of data sharing with a button that takes people to an opt-out page.
- Special opt-ins for minors.
- Double-check that you’re compliant with GDPR.
- Make sure you’re able to tell your customers what information you’ve collected on them (and how you’ve collected it).
- If a consumer wants you to delete their data or to withhold sharing with third parties, you have to comply.
There’s a little more nitty-gritty to the whole thing than these bullet points, but that’s the gist.
What does this mean for future commerce?
- If a customer opts out of sharing their data, a business won’t be able to refuse services or charge higher prices.
- HOWEVER, they can incentivize customers to agree to sell their data. How will consumers get paid or compensated for sharing their data? What business models might emerge?
- Might companies offer paid tiers for customers in exchange for an ad-free experience?
Examples of data you might collect from a consumer: biometrics, internet browsing information, products purchased or considered for purchase, geolocation data, academic and employment information, and inferences drawn to create a profile about the individual.
All of this may sound overwhelming, but there’s good news under the covers. The majority of consumers are already opting to share their data in exchange for a more personalized experience. Why? Because they expect more value in return. Herein lies the opportunity: Because companies are now required to be able to share the data they collect, they’ll collect and share cleaner, smarter, more reliable data – which means that brands online will be able to deliver a more personalized, value-filled experience. Just imagine the possibilities!
And for more good news: If you’ve complied with GDPR, you’re close to compliance with CCPA.
One thing’s for sure: privacy laws are here to stay. And it’s worth it to be ready.
Design. Development. Integrations.