California’s privacy law will force publishers to be more upfront about subscriber data sales
Another obstacle is coming at print media.
Magazine and newspaper publishers that sell their subscribers’ data to other companies will be pressed to make changes to those businesses when California’s recently passed privacy law takes effect in January 2020. At minimum the law will compel those publishers to be more upfront about their subscriber data sales practices and to provide new opt-out options to their subscribers.
When California’s privacy law takes effect in January 2020, companies that sell people’s personal information will need to feature a “Do Not Sell My Personal Information” link on their websites’ home pages and to let people opt out of their information’s sale through the site. Since the law applies to any company that makes more than $25 million a year in gross revenue or that buys, sells or shares the personal information of at least 50,000 people or devices, it will likely concern many of the major publishers that sell their subscribers’ data. That will force a change for publishers that typically disclose their data sales practices within their privacy policies and compel people to make their opt-out requests through the mail or email.
Publishers including The New York Times, Meredith and Condé Nast state in their privacy policies that they sell or rent their subscribers’ information to other companies for those companies’ own marketing purposes; the California privacy law considers renting to be the same as selling. Those companies do not explicitly disclose that practice on their online subscription sign-up forms; instead they link to their privacy policies. (Of those three publishers, only Meredith lets people opt out through an online form; The New York Times and Condé Nast require people to submit their opt-out requests through the mail or email.)
A spokesperson for The New York Times said the company is reviewing potential changes it may make to comply with the California privacy law. A Condé Nast spokesperson declined to comment and a Meredith spokesperson did not respond to a request for comment by press time.
“In the same way that GDPR necessitated that data controllers be more explicit about their collection consent policies, media that are actively reselling first party subscriber data should consider a similar approach. Giving consumers a direct means to understand where their data has been sold and request stoppage is one thing, but the more proactive step is to be more transparent at the point of purchase rather than requiring users to do the heavy lifting to seek this out,” said Jed Williams, chief innovation officer at the Local Media Association.
California’s privacy law isn’t the first law in the U.S. or even California to affect publishers’ data-selling businesses. A law passed in California in 2003 called the “Shine The Light” law gave people a way to request what information companies share for direct marketing purposes and with whom, though it exempted companies that provide an opt-out option in their privacy policies. And a 20-year-old Michigan law, the Video Rental Privacy Act, restricts certain companies including magazine publishers from selling subscribers’ information without consent or without providing notice.
Within the past month, both Hearst and Time Inc. (now owned by Meredith) have agreed to settle multimillion-dollar class-action lawsuits that alleged the publishers violated the law by selling the personal information, such as names and mailing addresses, of Michigan residents who subscribed to the companies’ respective magazines. Hearst and Time Inc. are only the latest publishers to agree to settle lawsuits for allegedly violating the Michigan law. In 2016 Rodale (now owned by Hearst) reached a similar agreement. Conde Nast has also been hit with a lawsuit for allegedly violating the Michigan law; that litigation is ongoing.
However there may be a loophole in the California law for publishers that only sell people’s names and mailing addresses, though taking advantage of that loophole would require jumping through some hoops.
“The interesting thing about the California law is it exempts data that’s already out in the public domain,” said Debbie Reynolds, data privacy officer and director of eDiscovery at law firm Eimer Stahl. For example, if a person posts something about their birthdate as a public post on Facebook or Twitter, “in theory companies could argue that really isn’t private information because it’s publicly available someplace else,” she said.
If California’s attorney general, who is charged with enforcing the state’s privacy law, upholds that theoretical interpretation, then publishers selling California subscribers’ names and mailing addresses may be able to skirt around the law if those names and addresses are found in public records. According to Reynolds, if a person has purchased a home or donated to a political campaign, their name and address are likely to be in the public domain. Of course publishers would have to take pains to ensure that they only sell the names and addresses of subscribers whose information is in the public domain, and even then they would be in uncertain territory.
“There isn’t a precedent because there was never a law related to it,” said Reynolds. She added, “No one up to this point in the U.S. has argued that someone’s address is private information.”
Dentsu’s new Web3 readiness tool shines light on the tech’s potential to complement AI
Dentsu's Innovation Initiative is launching a web3 readiness index next month — at a time when the industry is obsessed with AI. Could the two technologies actually make a good pair?
Digiday+ Research deep dive: Publishers large and small put their resources into first-party data
Eighty-two percent of publishers overall say they're already using first-party data to prepare for the end of the third-party cookie, and nearly half are requiring users to register and integrating first-party data segments into DSPs – indicating that first-party data is the clear path forward for publishers heading into the post-cookie world.
Media Briefing: Why publishers hope chatbots will be the latest retention tool
Publishers hope the chatbots they are developing will be the latest retention tool to keep readers onsite and to get them to consume more content.
SponsoredHow enterprise-grade CDPs are enhancing data processes and improving customer experiences
Produced in partnership with Marketecture The following article highlights an interview between Martin Kihn, Salesforce’s senior vice president of Marketing Cloud, and Ari Paparo, founder and CEO of Marketecture Media. Register to watch more of the discussion and learn how brands are making the most of enterprise-grade CDP technologies. As brands expand across channels and […]
How programmatic advertising will evolve this year on the heels of audio growth and privacy changes
Comscore’s programmatic division Proximic released a State of Programmatic study highlighting the growth of audio and podcasting, other digital advertising channels and challenges around third-party data.
Why podcasters are selling subscriptions through third-party vendors
Many podcasters are turning to third party platforms like Supporting Cast and Supercast to launch or grow their subscription businesses beyond Spotify or Apple.