We are at a turning point in the marketing industry. It is almost a year since the GDPR arrived in the EU, but the repercussions are still being digested in Europe and beyond. Meanwhile, on the other side of the Atlantic, a driving effect of data protection has been felt from afar. It is now more important than ever for marketers to exercise due diligence on data issues, as well as data from their partners. But how did we get there and what can marketers do to make sure they comply with the recently proposed regulation as a result of the GDPR?
Beyond the GDPR
On the heels of the GDPR arrived in the EU in April 2018, a private bill defining a new consumer data protection online has been proposed in California. However, to circumvent Golden State's strict rules on such cases, the private member's bill was torpedoed by a traditional manufacturing law known as the California Consumer Privacy Act (CCPA). ), whose launch date is January. 2020. In order to get the regulation adopted quickly, some inconsistencies have been neglected and are disappearing.
As these privacy initiatives grew, organizations strove to comply with industry standards. The GDPR has taught us that despite a solid two-year period before the law is enforced, very few companies have made efforts to comply until just a few months before implementation. Many observers were surprised to find that, in some cases, the CCAC was actually more expensive than the GDPR, an example being that personal data have an even broader definition within the meaning of the CCAC. In the background, as the CACP continued to make its way through the regulatory plumbing, another player came into play.
Sadly Hearing in the Senate early 2018, Mark Zuckerberg was of the opinion that some regulations were "inevitable". support for a federal law on the protection of privacy. With the release of the CACP draft text, progress has been accelerated, not least because of the strict but ambiguous terms of the CACP. Key stakeholders have argued that a new federal law should, exceptionally, override state laws (while normally, the opposite is true). This growing dynamic culminated in a request for comment process [.pdf] launched by the National Telecommunications and Information Administration to determine what such a federal framework might look like. With the comment period now over, it was revealed that 217 comments had been made from various technology providers, privacy advocates, brands, government agencies, commercial organizations and individuals.
found how quickly these comments were translated into a federal framework, if it took precedence over the CACP and to what extent it aligned with the RGPD. With all of these potential changes in the work, how can marketers integrate into the equation and better prepare for the next regulatory update on privacy?
What can marketers do to stay in step with the changes to privacy regulations
The basic concepts of data protection that we can we expect transparency and control of data processing, allowing consumers to see what data is being processed, to request deletion or transfer, and to opt out of this treatment.
If you are in California (or have important commercial interests in this country), it is important that you know about CACP and its quirks and that you comply with them by the end of 2019. Elsewhere , pay close attention to how the federal law develops, as this could make the CAPC redundant.
Given recent lessons learned from the RGPD, precautions must be taken internally. In particular, marketers must consider how they target consumers and what data they collect from them.
"Can our business fully operate without these data in hand?" "How are the suppliers I work with accredited? consider including a data addendum in partner contracts?
These are some of the questions that marketers should ask themselves. In an ideal world, marketers should do their best to obtain the consent of the data they collect from the consumer. Although the task is arduous, marketers will need to be creative in how they target consumers.
Finally, the best way to ensure something is done is to hold someone accountable. Companies should designate a lead for this initiative and keep abreast of privacy developments through IAPP.
United States. Marketers should be wary of what has happened in the EU (at least for the moment), where data volumes have dropped and some data entry has been completely disabled. However, the time has not come to panic, as the balance of US sensitivities is very different from that of the EU. It is hoped that the US National Telecommunications and Information Administration will absorb some of the comments received, such as the responses to the implementation of the GDPR and the response to the draft text of the RGPD. CCPA, in order to achieve a federal law that: if done right, could become the new de facto global standard.
The opinions expressed in this article are those of the invited author and not necessarily those of Marketing Land. Associated authors are listed here.
About the Author
Tim Sleath is the Vice President of Product Management and Data Protection at Exponential. Tim oversees the orientation of Exponential's ad serving platform and data capabilities and ensures that the product suite provides customers, publishers, and Internet users with the protection and protection of appropriate data. Prior to joining Exponential, Tim developed the business solutions function of the EU and led Product Management at Specific Media. His experience in managing products outside of Adtech includes Regus broadband networks, Schlumberger SMS infrastructures and Sema Group GSM systems. Tim holds an MBA from INSEAD, CIPP / E and CIPT from the International Association of Privacy Professionals and is Scrum CSPO certified.