Digiday Research: 52 percent of publishers haven’t started preparing for the California Consumer Privacy Act
The California Consumer Privacy Act will come into effect in January, but many publishing executives remain completely unaware of the new law.
When Digiday polled 200 U.S. publisher executives this February only half of them said they were aware of what CCPA was, and over half of those aware of it said their companies have not yet begun preparing for its introduction.
The CCPA will grant California’s 40 million residents access to any personal data collected from them by publishers and other online advertising companies, and will allow them to request its deletion. The law could also mean penalties on companies of up to $2,500 per person for each violation they commit, such as selling the information of a person who has specifically asked that their information not be sold.
But despite the fact the legislation becomes enforceable in less than a year and could have considerable financial repercussions for non-compliant companies, few publishing executives who were aware of the legislation said their companies were taking steps to prepare. Of the respondents who know of the CCPA, only 48 percent said their companies had begun work to ensure compliance.
If companies have yet to begin working on CCPA regulations, they should do so quickly. Some believe that complying with the CCPA will be harder than adhering to General Data Protection Regulation. Compared to the four years companies had to prepare for GDPR, publishers have just months to prepare for CCPA.
And because CCPA is not identical to the GDPR that went into force last May in the European Union, companies won’t be able to copy and paste their GDPR provisions to their California audiences and claim to follow the law. There are some “overlapping similarities”, however, according Stephen Hicks, general counsel at Ziff Davis.
To make matters more complicated, there remains significant uncertainty around what the final legislation will actually look like due to potential amendments, trade group recommendations and ongoing lobbying efforts in Congress to create Federal-level laws.
Because of the uncertainty, “no publisher can say it’s completely compliant now,” said Hicks. But he added, “it is not too soon for publishers to spend time understanding it and taking measures to prepare like updating privacy policies.” Other steps publishers can take is mapping out their user data sources to more easily identify California residents data. Building out and testing “Do Not Sell” buttons on their homepages for consumers to opt out of having their data sold to third-parties isn’t a bad idea either.
One reason CCPA hasn’t garnered as much attention in the media world as GDPR is that agencies and brands aren’t reliant on publishers gaining user consent for them to collect consumer information. Unlike GDPR where companies needed a legal basis to collect consumers personal information, that is “not necessarily an issue with CCPA,” said Hicks. Without shared responsibility to collect personal user data, marketers aren’t culpable if publishers aren’t compliant.
Some publishers are adopting a wait-and-see approach with regards to CCPA regulations. One mid-sized publisher told Digiday that it was waiting, “to see if the Federal government steps in,” before it spends time and resources to the issue.
Regardless of the reason, many expect publishers to scramble at the last-minute to satisfy the CCPA requirements. The anonymous publisher admitted, “we didn’t start working on GDPR until six months before the deadline, and we’ll probably do the same for CCPA.”
Meanwhile, publishers have other reasons to be concerned with the CCPA. Under it, consumers can request publishers stopping selling their personal information to third parties like agencies or ad-tech vendors that use it for targeting purposes.
While selling audience data does not provide significant revenues for publishers, it is not uncommon either. Earlier Digiday research found that nearly 25 percent of publishers sell their audience data. And in a time of squeezing margins for media businesses, every extra dollar helps.
Now hiring: The FTC seeks ad tech and social media experts as it shifts its approach to investigating data abuses
The FTC's chief technologist aims to shift away from reliance on legalistic remedies to stop data abuses and wants technologists who understand ad tech and algorithms to help.
LinkedIn looks to premium publishers as a way to drive subscriber revenue
The pilot program is designed to drive subscriber revenue for both participating publishers as well as LinkedIn.
How Yahoo is experimenting with platforms and partnerships to grow its audience
Yahoo wants to get fanatics for sports, finance and lifestyle all actively spending within its owned and operated portfolio of media brands.
SponsoredHow the ad industry can use its borrowed time to future-proof first-party data solutions
Trent Lloyd, co-founder and head of brand solutions, Eyeota Google’s updated timeline for its Privacy Sandbox rollout, including its two-year delay of third-party cookie deprecation on Chrome, didn’t come as a surprise to many industry observers, given the limited utility of Google’s FLoC and the slow momentum of the Privacy Sandbox in the World Wide […]
In some California privacy cases, analytics trackers are in the crosshairs — and violators could be charged by the cookie
Letters companies have received from the state's attorney general ask them for details about cookie tracking for ads and analytics.
The Financial Times plans to open 2 more U.S. bureaus to target ‘global Americans’
The Financial Times, with investment from owner Nikkei, is opening new bureaus in the U.S. to cover American companies that are players on a global scale, for U.S. readers.