Posted
It seems like the CCPA has been a work in progress for millennia at this point, doesn’t it? Since Iof the California Consumer Privacy Act back in January 2020 – which might as well be millennia ago considering what’s happening since then – not a whole lot has changed about the legislation. Until recently, that is.
Thanks to a recently-passed ballot initiative in the Golden State, we’re finally getting some clarification of the CCPA, albeit under the guise of a spiffy new title – the California Privacy Rights and Enforcement Act (CPRA) of 2020. Therefore, I wanted to take this opportunity to look at where the legislation’s been and, most importantly, what the recent initiative means for the digital advertising industry.
Spoiler alert – it behooves a company operating in the digital ad space to understand CPRA and find effective solutions to comply, because the consequences of non-compliance can be dire.
I won’t spend a lot of time looking at the legislation’s history since, as I said, it’s a topic I’ve covered previously. However, in the interest of building a full narrative, a quick overview of the original CCPA and who it impacts – for-profit entities exclusively – is as follows:
Also, when compared to it’s EU equivalent, the GDPR it’s obvious that California lawmakers wanted to lean toward the “do not sell” side of the regulatory fence rather than the GDPR’s “do not track” approach. However, like its EU counterpart, CCPA can carry a very heavy stick, depending on the circumstances. Each unintentional violation – including pre-existing ones – triggers up to a $2,500 penalty, with intentional violations upping the ante to a maximum of $7,500 per incident.
Needless to say, those penalties can add up to staggering amounts quickly. Companies should also note that, although the CCPA was stuck in a bit of a legislative quagmire for a good amount of time, it was finally approved on August 14, 2020. Just in time for it to change again thanks to the November ballot initiative, right? So let’s take a look at what the CCPA v2 – the CPRA – entails for companies.
Given the 53-page heft of the CPRA initiative, I’ll leave it to you to take a deep dive into its nuances if you so choose. But from a high-level, the most impactful difference between the new CPRA and the CCPA it stems from is the clarification and expansion it provides on the “do not sell” language.
One of the most confusing aspects of the CCPA is its vague definition of what constitutes “selling” personal data, specifically when it comes to retargeting. As many in the industry argued, retargeting relies on sharing data, not so much selling. Therefore, retargeting shouldn’t fall under the statute’s reach.
However, lawmakers obviously recognized their vague verbiage when writing the CPRA, now adopting a “do not sell or share” approach, which, as you guessed, places retargeting directly in the crosshairs of the initiative. In fact, the CPRA directly addresses cross-contextual behavioral advertising – aka retargeting – by defining it as:
Also, the CPRA specifically excludes such retargeting from its definition of “advertising and marketing services” that would otherwise be considered a “business purpose” and, therefore, effectively side-step the new statute.
And as if that clarification wasn’t obvious enough, the CPRA considers data sharing “a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.”
Long story short, the digital ad industry must soon adhere to a far higher regulatory standard when it comes to retargeting. And that begins with a mandatory opt-out election, “Do Not Sell/Do Not Share My Personal Information for Cross-Context Behavioral Advertising,” that website owners must include in their sites, as discussed in Sec 21 (19) (A) (vi. c) of the CPRA.
So what’s the industry to do? Retargeting is now so pervasive, it’s become a norm across the ecosystem. Well, the first bit of good news is that the CPRA doesn’t take effect until January 1, 2023. And once it does take hold, it will only apply to personal data collected on or after January 1, 2022. In other words, you have some time to come up with a game plan.
The second bit of good news is this – Ad Lightning is currently developing a solution that will soon tell you if you’re violating the retargeting language within the new statute. Imagine being able to quickly audit your site, identify areas of non-compliance, and promptly implement needed changes to avoid the regulatory wrath. Sounds pretty incredible, right? But those are the types of tools that make Ad Lightning the best-in-industry ad-quality partner on the market. Bar none.
Just as importantly, we’ll continue to monitor the road ahead, developing powerful tools to protect our partners with the most effective solutions in the industry. Suffice it to say, this is a dynamic landscape on both the ad quality and regulatory fronts. And it pays – both literally and figuratively – to have the right solutions and expertise at your side.
Boltive Launches New Product Ad Monitor: Revolutionizing Ad Insights with AI-Powered Discovery Engine
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 2: What Regulators Want Us To Do – The Value of Proactivity
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 1: What Regulators Want Us To Know – Busting Common Myths
Go to Post
Text LinkPrioritizing Children's Privacy: Strategies for Ethical Advertising and the Use of AI
Go to Post
Text LinkBusiness Ninjas Podcast - Secure Protection for Advertisers Against Invasive Media
Go to Post
Text LinkBoltive and Slalom Consulting Join Forces to Bolster Data Privacy: A Powerful Alliance Against Emerging Risks
Go to Post
Text LinkAutomating Threat Detection: How Boltive is Harnessing Artificial Intelligence to Reshape Ad Security
Go to Post
Text LinkForbes Article - The Privacy Prescription: Rules Restricting Health Data Use And How To Employ More Holistic Security Measures
Go to Post
Text LinkOur CEO, Dan Frechtling, featured on Leadership Live podcast with Daphna Horowitz
Go to Post
Text LinkWhy Data Privacy is Being Overhauled in 2023: Dan Frechtling featured on the Security Weekly Productions podcast
Go to Post
Text LinkOur Director of Product, Christine Desrosiers, discusses the current state of Ad Tech with Brand Safety Institute
Go to Post
Text LinkGeekwire wrote about the heartening link that brought our CEO and CFO to Boltive.
Go to Post
Text LinkWe're fresh out of content!
All the news that's fit to print.