We are living in the age of new consumer rights and digital privacy. In the United States, marketers and brands always find compliance with the EU’s GDPR (implemented in 2018) to be a challenge. The next chapter in customer data protection is the CCPA or the California Consumer Privacy act of 2018. This legislation represents the most comprehensive list of data protection regulations in the history of the United States. The CCPA provides all consumers with unprecedented rights in order to have control over their private data.
California Consumer Privacy Act
The California Consumer Privacy Act or the CCPA came as a response to a variety of scandals and breaches, exposing the private information of all consumers held by companies to third parties.
What the CCPA entails:
- Consumers have the right to know what information companies have collected about them, the reason for collection, and with whom this information is going to be shared.
- Consumers have the right to stop the companies from sharing information or even ask them to delete it completely.
- Even if consumers choose not to share the data the companies have collected, the companies should offer the same quality of services to those consumers.
- The law means imposing strict limitations for collecting this information on individuals who are under 16 years of age and prohibits selling any information on users below 13 years of age.
- Consumers can even sue the companies if their personal data is subject to usage in an unauthorized manner, and/or if it gets stolen owing to the failure of the company in implementing and maintaining security protocols and practices.
CCPA compliance applies to all companies which conduct business or serve customers within the state of California. However, the implications of this law are bound to reach all over the globe because of California’s economy ranking as the fifth-largest by GDP in the world.
Does it affect me?
The CCPA mandates companies to consider and analyze their data collection procedures, privacy practices, warehousing, and usage – all under the penalty of law. It is a sign that soon there will be a huge wave of privacy regulations across regions like Nevada. State-specific data protection laws are in the pipeline and there is a potential for it to exist at the federal level as well.
Local lawmakers will no doubt introduce more of such privacy laws focused solely on the consumers. All marketers must understand that casual collection and retention of personal information in the cloud is going to end in the days to come.
The Similarities and Differences Between the GDPR and the CCPA
The CCPA is closely based on the GDPR. When it comes to the GDPR, it includes particular requirements for the provision of notice of rights to consumers, the right for customers to access file and private data records in a readily usable format, and the right of the consumers to have their data be deleted.
When this law came into practice on January 1st 2021, consumers had the right to demand the deletion of their personal information which had been collected up to 12 months before the request was made. Companies have to technically be compliant in their data tracking tools and systems from as early as 2019.
In contrast to the GDPR, the CCPA provides customers the right to sue companies for theft, disclosure, and unauthorized usage of personal data because of their failure to exercise and regulate proper security practices and procedures. The definition of personal information is broader for CCPA than GDPR and includes your location and biometric data along with all inferences that have been obtained from any such customer profiles.
Who has to comply with the CCPA?
All companies which meet the below-mentioned criteria have to follow the CCPA.
- First of all, a company that is involved in buying, selling or sharing private data of 50,000,000 or more customers and devices.
- Secondly, a company that has a gross revenue of above $25,000,000.
- Obtain a minimum of 50% of their annual revenue from sharing personal information.
The companies which face the maximum impact of CCPA will be those which have a huge storage of private data of their customers like data brokers or telecom providers as well as companies that deal in private information for target marketing. But it is crucial to understand how and if the CCPA will affect your business.
Effects of the CCPA on the B2C marketers
The CCPA ensures that anyone who collects and uses private data, including marketers must follow strict data protection standards that are designed to protect you from data breaches. They must also have some protocols to address issues of data deletion appeals from customers whose data has been held and lastly, be able to document the status of the consumers to opt-in or opt-out.
All violations of CCPA compliance will have financial penalties. It can result in fines up to $7,500 per violation and up to more than $750 and/or real damages per violation on the individual level.
While the CCPA prohibits companies from denying services to the consumers who opt-out of sharing private information, it gives them the freedom to offer incentives to customers who allow the sharing. What this means is that companies can offer discounts and low prices in exchange for the marketing opt-ins and this permission to share private information with third parties.
The rule of thumb is that if a company is compliant with the stringent standards of the GDPR, you are likely to be in the homestretch for CCPA compliance. If you are not sure about where you stand, you must talk to any privacy or security center for more information on this kind of compliance.
Marketers must realize that whether it is the GDPR or the CCPA, they are going to be facing a wave of new data privacy regulations which no company should neglect. We should encourage the marketing professionals to see these rules and regulations as an opportunity to build reliable relationships with their customers, instead of viewing them as a burden. By practicing transparency about the personal information you collect and using it in a responsible manner, you will build trust with your customers. Such business practices will be the foundation of your smart marketing, marked by personalization and relevancy at every step.