Privacy and data protection have become more critical with the growth of big data. Privacy and data protection regulations have now been introduced.
California’s Consumer Data Protection Act will be expanded on January 1, 2023, bringing in new concepts and a broader scope.
According to the United Nations Conference on Trade and Development, 71% of countries currently have a regulation in place for data privacy and protection, and another 9% are drafting their own laws.
As discussed in this article, Google studies strategies to phase out third-party cookies.
This scenario shows that regulations like GDPR and CCPA will not go away. User data is increasing in value, and companies must adapt their digital marketing strategy. If they fail to do this, they will either have to take legal risks or stop capturing user data.
This article will discuss the changes made to the CCPA and the marketing strategies marketers should use to capture high-value data. We’ll also talk about how Rock Content can assist your company in preparing for the future of data collection and what you need to do legally to ensure compliance.
What is the CCPA?
CCPA is the California Consumer Privacy Act of 2018. It is a Legal Act that takes effect in all of California and gives consumers more control over their data.
The California Privacy Act went into effect on January 1, 2020. It discusses privacy concerns and how businesses should act in collecting data about people who reside or transit through California.
Among the CCPA’s objectives, you will find
- The Right to Know About the Personal Information Collected by a Business and How it Is Used and Shared;
- The Right to Delete Personal Information Collected from Them (with some exceptions);
- The right to opt-out from the sale of personal information
- The right of non-discrimination when exercising their CCPA Rights.
By establishing the rights of Californian consumers over their data and defining legal limitations for data collection by companies. Informing consumers about what data is collected will give them greater control.
What is new with the CPRA?
California Privacy Rights Act will be implemented on January 1, 2023. It will update the California Consumer Protection Act of 2018.
First, you should know that the Personal Information category has changed and now includes Personal Sensitive Information. This includes:
- Direct identifiers are data that identify an individual, for example, a person’s real name, alias, or social security number, a driver’s license number, and a fingerprint. ;
- Indirect identifiers are data that can identify a person in several ways, including cookies, phone numbers, email addresses, and IPs. They also include consumption histories, trends, internet history, or geolocation.
- Data that is sensitive, such as data that could be used to identify a person’s characteristics, including religious beliefs, gender, sexual orientation, affiliations with parties, medical and educational background, financial and economic background, etc.
Right to information on automated decision-making
- The CPRA allows consumers to see the data used to make automated decisions. Your company must tell the user in these situations what data and how they were used and the results of the findings.
Right to opt out of automated decision-making.
- Consumers have the right to be informed about the automatic decisions made as they have the information collected. They also have the option to opt out of these decisions. This includes profiling consumers for automated decision-making.
Right to Correct
- The right to correct empowers consumers, as the name implies, to ask for an update to their data when they feel it is outdated or inaccurate.
Limit the use of Personal Sensitive Data.
- This new right allows consumers to direct a company collecting SPIs at any time, limiting its use to only the information necessary to provide the service or goods they purchased.
What do marketers need to do to comply?
- Some of the requirements are dependent on the context of a website. If it does not collect sensitive data, it is not required to stop using it.
- To comply with the CPRA, marketers must empower their customers:
- What data is being collected, and why?
- The ability to opt out of data collection automatically.
- Offer customers a way to request a copy of an update or deletion of their data.
- Your users must be able to opt out of automated decisions based on SPIs if you use them.
- You must include a link on your website that says Do Not Sell My Personal Information. Users can click this link to opt out of selling their data to third parties.
- You must obtain consent from minors under 16 years old before you can sell or give their personal information to third parties. Consumers under the age of 13 must consent to selling personal information. Businesses that disregard the generation of consumers will be considered to have actual knowledge. This right can be called the “right of opt-in.”
- You have 45 days from the date of the request to provide a copy or update data.
What preparations has ION made for the event?
- You now know the requirements to comply with the CCPA and its CPRA update. Let’s discuss how Ion can help reduce your business risks while enabling you to collect valuable data on your audience and guide you through your conversion funnel.
- It is important to note that these data are classified as sensitive because they can be used to identify users and thus invade their privacy.
- Ion anonymizes IP data and geolocation to help you gain insight from your audience. We help clients understand their audience profiles by answering questions like What are the best acquisition channels for your business? What are your conversion rates? You can do this without invading the privacy of your audience!
What is ION’s responsibility as a customer under the CCPA?
- We still need to define what your company must do, regardless of which data collection platform you choose.
- It’s good to know that many of these requirements are similar to the GDPRs, and your business may already follow some.
- Users should be able to request copies, updates, or deletions of their data.
- Users should have the option to stop your company from selling their data if you are going to sell it. This can be done by clicking on a link that says “Don’t Sell My Data” or visiting your company’s policy page.
- If your business sells personal information to consumers aged between 13 and 16, their parents or guardians must consent.