• About Us
    • New York
  • Work
  • Capabilities
  • Careers
  • Technology
  • Blog
  • Contact Us
  • About Us
    • New York
  • Work
  • Capabilities
  • Careers
  • Technology
  • Blog
  • Contact Us
August 10, 2018

Our Initial Thoughts on California’s Consumer Privacy Act (CCPA)

Posted by Austin Denny

If you think back six weeks — granted, a difficult task in 2018 — you may recall hearing something about a new privacy law in California. It was framed as if Godzilla had loosened his grip on Tokyo (Tokyo is a stand-in for the EU in this metaphor) and leaped across the Pacific, landing squarely in Silicon Valley, ready for destruction. As quickly as it came, though, it was gone. And nary a building was toppled. We should be paying more attention.

California governor, Jerry Brown, hastily signed Assembly Bill 375 into law on June 28, the very same day that it came to and cleared the floor. National publications heralded the bill, referred to as the California Consumer Privacy Act (CCPA), as GDPR lite, a characterization that sounded alarm bells in most industries. GDPR lite is a misnomer, though, as CCPA expands upon GDPR in a few meaningful ways.

Even more telling, the expediency displayed in its passing was no mistake. The California legislature, facing a sure-to-pass, far-more-restrictive, and difficult-to-modify version of the bill — a ballot measure brought by Californians for Consumer Privacy — took the less painful of the two routes. Interesting enough, the Thursday on which CCPA passed also happened to mark the last day on which the ballot measure could be pulled from consideration.

California State Flag

For a brief moment, it appeared that we may have gained some wisdom and foresight from our recent bout with GDPR. Attention precipitously dropped as the ever-shortening news cycle moved along. Within two weeks, the public conversation around CCPA seemed reminiscent of that around GDPR in 2017: somewhat non-existent.

As we saw with GDPR, the likelihood of organizations to take preparatory action is negatively correlated to the amount of time remaining before implementation, exponentially so in some cases. Empirically, it’s not surprising that, with an actual implementation date of January 1, 2020, CCPA isn’t exactly looming in our collective consciousness.

That’s 512 days away, you say? No sweat. It certainly leaves a lot of opportunity for the considerable opposition to lobby for amendments to the law’s scope. We’re probably okay to ignore it for at least 508 days.

As Shakespeare’s Mercutio would say to everyone thinking this, “a pox on your house“!

Potential changes to the law notwithstanding, its current form and significant future impact on most organizations, I think, warrants comprehensive consideration and preparation. Without going into too much detail here, the fact that the law poses the thought of running two separate websites, one for California and one for the rest of the US, as a means of compliance is reason enough to take pause.

Further, CCPA and the politics of how it came to pass speak to the broader course of privacy-related regulation globally, a topic that will be critical to the formulation of macro-level strategy in the years to come.

I make a big deal about this for many reasons, some of which we’ll explore in depth, but simply put: this is obviously something that people care about. They care so much so that nearly 700k Californian petitioners, backed by only $3.5 million, bent a trillion-dollar industry to their will by way of landslide votes in the CA House and Senate. That’s saying something.

As much as we talk about brands forming deeper bonds with their customers through digital media, that rhetoric rings hollow if we don’t sincerely respect their wishes, particularly regarding something as sensitive as personal data.

Our Initial Questions

The fleeting, superficial coverage of CCPA failed to convey the gravity of its implied future state — an error, to be sure — but a stronger indictment could be made in the wake of GDPR of the current failure to warn against similar unpreparedness heading into 2020. Recognizing this shrugging-off of impending regulation by the regulated, a number of questions arise that need answering.

  1. Doesn’t the US already have privacy laws? What gives?
  2. What exactly does CCPA require of organizations, and how does one know whether it applies in their situation?
  3. How does CCPA overlap with and add to GDPR?
  4. What are the implications of non-compliance, and how do the concepts of jurisdiction and enforcement compare to other regulations?
  5. Wild speculation about the future of regulation in the US and globally (maybe based on case studies of previously regulated practices).
  6. What is the market doing to address privacy concerns outside of introducing regulation?

The scope of inquiry here is pretty broad but necessary. So, it’s time to dust off the white- paper-writing hat and get to work. In the meantime, the one piece of advice I can offer without reservation is this: I’m not a lawyer. You need a lawyer to provide professional guidance on CCPA. Please, please hire a lawyer.

To read the CCPA in its entirety, you can find the legislation here.

CCPAdata privacydata securityGDPRuser privacy
Previous
Next

Latest White Papers

  • Shifting Plans for 2020 & Beyond
  • Game On: How Brands Can Log Into A Diverse Multi-Billion Dollar Industry
  • What CCPA Means For Brands
  • How Google is Improving Consumer Data Privacy
  • Ways to Prepare for the Cookieless Future
  • See all White Papers

Featured Posts

  • Ad Age Names PMG #1 Best Place to Work in 2021
  • MediaPost Names PMG Independent Agency of the Year
  • PMG Client Portfolio Trends During Amazon Prime Day 2020
  • A Closer Look at the Congressional Big Tech Market Power Report
  • What to Know About Reddit

Categories

  • Consumer Insights
  • Content
  • Creative Design
  • Data Analytics
  • Development
  • Digital TV & Video
  • Ecommerce
  • Industry News
  • Local
  • Mobile
  • Paid Search
  • PMG Culture
  • Programmatic & Display
  • SEO
  • Social Media
  • Structured Data
Fort Worth

2845 West 7th Street
Fort Worth, TX 76107

Dallas

3102 Oak Lawn Avenue
Suite 650
Dallas, TX 75219

Austin

823 Congress Avenue
Suite 800
Austin, TX 78701

London

33 Broadwick Street
London
W1F 0DQ

New York

120 East 23rd Street
New York, NY 10010

Get in touch

(817) 420 9970
info@pmg.com

Subscribe to the PMG Newsletter
© 2021 PMG Worldwide, LLC, All Rights Reserved
  • Contact
  • Privacy Policy
 Tweet
 Share
 Tweet
 Share
 Tweet
 Share
 LinkedIn
We and our partners use cookies to personalize content, analyze traffic, and deliver ads. By using our website, you agree to the use of cookies as described in our Cookie Policy.