The gist of the California law protecting customer data privacy looks a lot like the European Union’s enacted General Data Protection Regulation. That the effective date of the Consumer Privacy Act isn’t until January 2020 is small compensation to marketers who are concerned that state after state will enact its own version of the legislation by then.
Plus, they worry that it won’t be clear when consumers are subject to the California law or not. Are they residents? Or are they just passing through, asks Ad Age on June 29.
The New York Times summarizes the now-week-old law on June 28:
"The new law grants consumers the right to know what information companies are collecting about them, why they are collecting that data and with whom they are sharing it. It gives consumers the right to tell companies to delete their information as well as to not sell or share their data. Businesses must still give consumers who opt out the same quality of service.
“It also makes it more difficult to share or sell data on children younger than 16.”
Considering the Supreme Court just backed a state’s right to collect taxes from an e-commerce marketer and other states are considering that precedent to move forward on efforts to collect sales tax from online retailers, many marketers are also viewing this California decision as a precedent that may sweep the country, state by state.
Violating the California law, though, doesn’t have nearly as expensive consequences as GDPR. Ad Age says each violation could cost as much as $750. Another bright spot for marketers is the week-old law was an emergency measure that wasn’t as harsh to marketers as a ballot initiative it replaced, reports the Times. (The lesser devil is also the reason California tech companies and business lobbies didn’t oppose the 2020 law.)
Understand That Consumers Want Customer Data Privacy
Ballot initiatives in California come from citizens and, in this case, citizens in favor of the initiative that got bumped off of the ballot by the CPA were upset that the 2020 law didn’t allow individuals to sue. The Times article notes that consumers are upset about what they see as violations of customer data privacy, especially in the wake of Facebook’s Cambridge Analytica scandal. So other states following California’s lead is a distinct possibility.
Go Ahead and Audit Customer Data Now
This way if the law does see a state-to-state imitation, marketers will know the status of their customer data. Is it first-party opt in? No? Be proactive and gain first-party opt ins.
Related story: GDPR Compliance Means Rebuilding Lost Email Lists