Companies have gone to great lengths to acquire consumer data for the purpose of unwanted marketing and sales efforts. The California Privacy Rights Act (CPRA) and the California Privacy Protection Agency (CCPA) are privacy laws that have given consumers more control over their personal data and how it is collected and used. The most recent change has been made on January 1, 2023, as CPRA has replaced the CCPA and is set to bring significant changes that will impact how advertisers and marketers target their efforts.
CPRA’s added layer of consumer protection regulations will limit the processing, deletion, and sharing of personal information of any California consumers. This includes employees, job applicants, contractors/freelancers, suppliers, and B2B prospects. With this legislation now in effect (full enforcement will start on July 1, 2023) companies and marketers are already taking steps to ensure compliance.
What are the changes?
Marketers are now paying close attention to how these changes are affecting companies. The recent $1.2 million fine issued to Sephora for CCPA violations in data collection and processing serves as a warning of the strict penalties for noncompliance.
Companies are now adhering to new notice content requirements and passing on deletion requests to third parties. Marketers are regulating personal information transferred to comply with data security requirements. Some of the changes include:
- Personal information, with same protections as consumer data
- Expanded consumer data rights
- Right to know, right to delete, and right to opt-out
- Passwords and security questions protection
- Prohibiting numerous attempts if someone declines
- Stricter penalties for violating the data rights of children under the age of 16
These changes impose new requirements when managing service providers and require contracts for the transfer of personal information to third parties.
How will this affect advertisers?
The CCPA has granted California residents the right to opt out of the sale of their personal information, but the CPRA has taken a step further by introducing a new specific language allowing residents to opt out of having their data “shared” with advertisers.
This means that California residents will have even more control over their personal information and the ability to protect it from being used in targeted advertising systems.
Privacy professionals believe that the new CPRA will set a new tone for digital advertising and publishing that will change the way advertisers choose to advertise.
How to work with these changes?
Consumers base their purchasing decisions on more than just the product or price. The trust in the brand and the technology behind it plays a crucial role. It’s essential for companies to shift away from traditional, human-reliant privacy program management and ticketing systems, and instead adopt a more automated and streamlined approach to privacy management.
This programmatic approach will allow for more efficient and consistent implementation, reducing the potential for errors and strengthening consumer relationships. Companies should review and adjust their digital strategies to align with these new regulations.
A trend that is emerging in response to the CPRA is an increase in the use of first-party data strategies in the advertising ecosystem. This approach focuses on collecting and using consumer data in a more privacy-conscious manner. Companies can ensure they are in compliance with new regulations by being proactive and adapting to new digital strategies.
Takeaway
The CPRA is expected to add significant changes to marketers’ strategies. Privacy experts anticipate the new regulations to set a precedent for privacy laws around the globe. The industry as a whole will face challenges in adapting to the changes brought by the CPRA. But all is not lost.
Marketers can strategically work around these changes. How? By taking a closer look into their data collection and handling practices to ensure they are compliant with the new laws. This will help maintain the trust of their customers with the help of data privacy technology platforms.
OneTrust, our go-to vendor for data deletion and opt-out requests, helps organizations transition from compliance initiatives to coordinated trust intelligence. Their platform connects privacy, GRC, ethics, and ESG teams, data, and processes for seamless collaboration.
So whether via the help of compliance platforms or an optimized data collection strategy, the sooner marketers adjust their strategy the easier it will be to ride the data privacy wave. A wave that is sure to continue to change throughout the following years.