PMG Digital Made for Humans

Our Initial Thoughts on California’s Consumer Privacy Act (CCPA)

4 MINUTE READ | August 10, 2018

Our Initial Thoughts on California’s Consumer Privacy Act (CCPA)

Author's headshot

Austin Denny

Austin Denny has written this article. More details coming soon.

If you think back six weeks — granted, a difficult task in 2018 — you may recall hearing something about a new privacy law in California. It was framed as if Godzilla had loosened his grip on Tokyo (Tokyo is a stand-in for the EU in this metaphor) and leaped across the Pacific, landing squarely in Silicon Valley, ready for destruction. As quickly as it came, though, it was gone. And nary a building was toppled. We should be paying more attention.

California governor, Jerry Brown, hastily signed Assembly Bill 375 into law on June 28, the very same day that it came to and cleared the floor. National publications heralded the bill, referred to as the California Consumer Privacy Act (CCPA), as GDPR lite, a characterization that sounded alarm bells in most industries. GDPR lite is a misnomer, though, as CCPA expands upon GDPR in a few meaningful ways.

Even more telling, the expediency displayed in its passing was no mistake. The California legislature, facing a sure-to-pass, far-more-restrictive, and difficult-to-modify version of the bill — a ballot measure brought by Californians for Consumer Privacy — took the less painful of the two routes. Interesting enough, the Thursday on which CCPA passed also happened to mark the last day on which the ballot measure could be pulled from consideration.

California State Flag

For a brief moment, it appeared that we may have gained some wisdom and foresight from our recent bout with GDPR. Attention precipitously dropped as the ever-shortening news cycle moved along. Within two weeks, the public conversation around CCPA seemed reminiscent of that around GDPR in 2017: somewhat non-existent.

As we saw with GDPR, the likelihood of organizations to take preparatory action is negatively correlated to the amount of time remaining before implementation, exponentially so in some cases. Empirically, it’s not surprising that, with an actual implementation date of January 1, 2020, CCPA isn’t exactly looming in our collective consciousness.

That’s 512 days away, you say? No sweat. It certainly leaves a lot of opportunity for the considerable opposition to lobby for amendments to the law’s scope. We’re probably okay to ignore it for at least 508 days.

As Shakespeare’s Mercutio would say to everyone thinking this, “a pox on your house“!

Potential changes to the law notwithstanding, its current form and significant future impact on most organizations, I think, warrants comprehensive consideration and preparation. Without going into too much detail here, the fact that the law poses the thought of running two separate websites, one for California and one for the rest of the US, as a means of compliance is reason enough to take pause.

Further, CCPA and the politics of how it came to pass speak to the broader course of privacy-related regulation globally, a topic that will be critical to the formulation of macro-level strategy in the years to come.

I make a big deal about this for many reasons, some of which we’ll explore in depth, but simply put: this is obviously something that people care about. They care so much so that nearly 700k Californian petitioners, backed by only $3.5 million, bent a trillion-dollar industry to their will by way of landslide votes in the CA House and Senate. That’s saying something.

As much as we talk about brands forming deeper bonds with their customers through digital media, that rhetoric rings hollow if we don’t sincerely respect their wishes, particularly regarding something as sensitive as personal data.

The fleeting, superficial coverage of CCPA failed to convey the gravity of its implied future state — an error, to be sure — but a stronger indictment could be made in the wake of GDPR of the current failure to warn against similar unpreparedness heading into 2020. Recognizing this shrugging-off of impending regulation by the regulated, a number of questions arise that need answering.

  1. Doesn’t the US already have privacy laws? What gives?

  2. What exactly does CCPA require of organizations, and how does one know whether it applies in their situation?

  3. How does CCPA overlap with and add to GDPR?

  4. What are the implications of non-compliance, and how do the concepts of jurisdiction and enforcement compare to other regulations?

  5. Wild speculation about the future of regulation in the US and globally (maybe based on case studies of previously regulated practices).

  6. What is the market doing to address privacy concerns outside of introducing regulation?

The scope of inquiry here is pretty broad but necessary. So, it’s time to dust off the white- paper-writing hat and get to work. In the meantime, the one piece of advice I can offer without reservation is this: I’m not a lawyer. You need a lawyer to provide professional guidance on CCPA. Please, please hire a lawyer.

Stay in touch

Bringing news to you

Subscribe to our newsletter

By clicking and subscribing, you agree to our Terms of Service and Privacy Policy

To read the CCPA in its entirety, you can find the legislation here.

Related Content

thumbnail image

Company NewsPMG Culture

We’ve Acquired UK-Based RocketMill, Accelerating Our Growth into Europe

3 MINUTES READ | December 13, 2023

thumbnail image

Consumer TrendsSEO & Paid SearchSocial MediaProgrammatic AdvertisingStreaming & VideoPlatforms & Media

The News & Trends Impacting Retailers in the Lead-Up to Cyber Week

4 MINUTES READ | November 16, 2023

thumbnail image

Company NewsDigital MarketingProgrammatic Advertising

Mary O’Brien to Speak at Digiday Programmatic Marketing Summit

2 MINUTES READ | November 6, 2023

thumbnail image

SEO & Paid SearchPlatforms & MediaDigital Marketing

Retail Brands Won More SERP Real Estate, But Likely Fewer Clicks in Google's August Core Update

6 MINUTES READ | October 25, 2023

thumbnail image

Consumer TrendsSocial MediaAI & MarketingStreaming & VideoPlatforms & MediaDigital Marketing

Takeaways from Advertising Week New York 2023

4 MINUTES READ | October 20, 2023

thumbnail image

Consumer TrendsDigital Marketing

PMG’s 2023 Holiday Shopping Outlook

4 MINUTES READ | October 9, 2023

thumbnail image

Company NewsDigital Marketing

PMG Acquires Camelot Strategic Marketing & Media

3 MINUTES READ | October 3, 2023

thumbnail image

AlliAI & MarketingCompany NewsDigital Marketing

Ready to Transform Your Data into Insights? Just Ask Alli.

4 MINUTES READ | September 29, 2023

thumbnail image

Social MediaPlatforms & Media

TikTok Shop Launches in U.S.

3 MINUTES READ | September 15, 2023

thumbnail image

Programmatic AdvertisingDigital MarketingCompany News

PMG’s Courtney Ou to Speak at AdExchanger Programmatic I/O

2 MINUTES READ | September 14, 2023

thumbnail image

SEO & Paid SearchAI & MarketingB2B Marketing

The Top Takeaways for SEOs & Marketers from MozCon 2023

5 MINUTES READ | September 12, 2023

thumbnail image

Platforms & Media

Preparing for Apple’s iOS 17 & Link Tracking Protection

4 MINUTES READ | September 11, 2023