MediaRadar Blog

California consumer privacy act

California Consumer Privacy Act – What Does it Mean to Ad Tech?

The California Consumer Privacy Act (CCPA) went into effect on January 1.  

The first of its kind in the US, this piece of legislation is intended to put control of personal privacy back in the consumer’s court. 

Much like the GDPR, the enactment puts pressure on publishers and ad tech companies to comply with certain regulations when dealing with California residents. California residents can opt-out of data collection all together.

Even though the CCPA was signed into law in June 2018, there has been confusion and delays to actually get up to speed with the new law. 

However, the law is now in force and it companies may face penalties if they are not fully compliant by July 1

Are you ready for the big changes Ad Tech will see in 2020?

MediaRadar Blog Signup

The CCPA: what it is and the companies it impacts

This landmark piece of legislation gives California residents new rights as it relates to their online data.

California residents now have the right to:

  • Know which information is collected, used, shared or sold
  • Delete information held by businesses and their service providers
  • Right to opt-out from the sale of their personal data 
  • Right to non-discrimination when exercising their privacy rights

Californians can now ask companies for all the personal information they have on the individual and sue if privacy guidelines have been violated.

The law applies to companies that:

  • Have more than $25M in annual revenue
  • Receives or sells data on at least 50,000 people
  • Collects at least half of their revenue from the sale of personal data

Unlike previous laws tailored to specific industries, such as California’s Insurance Information and Privacy Protection Act (IIPPA),the law takes a broad approach to privacy. Its general nature is likely to experience amendments and clarification on definitions with time. 

Unlike the GDPR, the CCPA does not require opt-in from consumers for companies to gather their information. Rather, it works out of a framework where consumers can choose to opt-out. 

As publishers and Ad Tech companies figure out how to adopt the new rules, there has been a lack of support coming from the Attorney General’s office

The clearest guidelines on implementation come from IAB. The IAB CCPA Compliance Framework for Publishers & Technology Companies is the most extensive framework for companies seeking to fall in line with the new laws.

The CCPA brings up many questions and demands new technology for publishers

The CCPA Compliance Framework gives publishers and Ad Tech companies something to work with but there are still plenty of kinks to work out.

For example, the guidelines provide structure for what publishers need to communicate to customers when it pertains to permissions for the sale of their data — but companies need to come up with the language that best suits their business. 

The most hotly debated gray area is on what constitutes the sale of data and distributing targeted advertising. 

“What ‘do not sell’ should mean is that this person’s information cannot be used for that given transaction,” says Daniel Sepulveda, senior VP for policy and advocacy at MediaMath, a programmatic marketing technology platform. “But there are services that we can deliver within the scope of that transaction that should be allowed.” 

Some publishers are taking a strict interpretation that selling personal information and targeted advertising are one and the same. Others disagree, claiming that ad tech partners are service providers and that they are not selling data under the CCPA’s definition. 

Regardless of the publishers approach in these beginning stages, ad prices have already been impacted.

Ad tech firm Infolinks found that ad prices dropped 44% when a California resident opted out of the sale of their personal information in January. Infolinks sells ads across a network of 25,000 primarily small to mid-sized publishers, but the reduction of ad prices is a concern for publishers of all sizes. 

The most interesting ad tech to keep an eye on will be programmatic advertising. 

According to Media Radar data:

  • In 2019 85% of companies advertising online ran at least part of their ad buys programmatically
  • In 2019, 37% of all spend on online ads was made via programmatic ad placements

It is unclear how programmatic ad placements will be affected if there are not clear definitions regarding the sale of personal data and ad tech service providers.

The nuances of the law are forcing ad tech companies to create new consent management solutions and solutions that can target consumers who have put restrictions on the sale of their data.

We may see a rise in contextual advertising — targeted advertising based on what the visitor is viewing, rather than personal details. On top of that, companies who use Google will see changes within Google Ad Manager for individuals who restrict their data collection. 

Alternative supply-side partners outside of Google may start to serve more personal data for limited uses.

The CCPA is just one piece of a greater push for consumer privacy

The CCPA is not the only big push for greater consumer privacy. It was put in place right before Google announced that it is phasing out cookies within the next two years.

Similar pieces of legislation designed to protect internet user privacy were signed into law in Nevada and Maine last year.  

Over 500,000 businesses are directly impacted by the CCP, but similar laws are appearing around the globe. Even if strict enforcement has yet to be seen, one thing is clear: publishers and ad tech will see drastic changes in the coming years.