Call us at 970.744.3340|Login
Jan 22

choozlechat: A marketer’s guide to navigating the CCPA with Kendra Rizzo

Hannah Middleton, Content Manager: To kick things off, let’s start with a random, yet telling question: If you had to watch one TV show over and over again for the rest of time, what would it be?

Kendra Rizzo, VP of Advertising Technology: Dr. Who because I love it, but also because there are so many seasons to watch.


H: Now that we’ve got the most important question out of the way, let’s chat CCPA. In a nutshell, what’s the CCPA, and why should marketers care?

K: The California Consumer Privacy Act (CCPA) is the most comprehensive privacy law in the United States to date and is designed to give Californians more control over their personal information (i.e., data) by providing rights that include the right to access information, the right to opt-out of the sale of their information, and the right to deletion, among others.

Marketers should care about this privacy law to respect and maintain the best data for their users (and, obviously, to avoid getting slapped with a fine).


H: How did the CCPA come about?

K: Back in June of 2018, the CCPA was passed as a bill, but not without opposition. The advertising industry argued that it would hurt revenue and increase business costs–and they weren’t wrong about that. While the bill is meant to go after larger companies, the California Department of Justice estimates that the CCPA will affect between 15,000 and 400,000 businesses, 50 percent of them being small businesses.

Further, there has been heightened attention on data privacy over the past couple of years. More users are becoming aware of how their data is being used. The fact is that your data–whether it’s your name, your location, or your shopping habits–has been a commodity for decades now. The CCPA, and similar privacy laws, are a response to the unchecked and unregulated data collection industry.


H: For the most part, it sounds like the CCPA is the US-equivalent of GDPR, but how do the two differ?

K: Both laws have penalties for non-compliance, and both laws require that companies disclose what information is being collected on users, what information is being shared or sold, and who that information was sold or shared to.

However, there are quite a few differences between the two, the main one being that the GDPR covers all EU citizens and residences. The CCPA only covers California citizens. Another big difference is that in order to track EU citizens, a company has to have consent (opt-in) or a requirement to collect the data, where California citizens are opted-in by default and now have the right to withdraw their consent for the sale of their data.


H: Do you foresee other states adopting something similar to the CCPA?

K: Yes, I think we will see other states adopting similar laws. This will make it much tougher for the advertising industry to keep up with the varying privacy laws throughout the country.

California is usually seen as a catalyst for legislation across the United States. The state, after all, has one of the largest populations in the country. While California is the only state to pass a privacy law thus far, it has already inspired other states to introduce their own regulation. I wouldn’t be surprised if a federal law is just around the corner.


H: What has Choozle done to prepare for the CCPA?

K: Choozle has worked with both our DSP and DMP partners to update our onboarding and retargeting protocols to make sure they meet CCPA standards. We have also worked with our privacy partner NAI to update on opt-out policy and the stopping of selling of California residents.


H: How can marketers prepare for the CCPA?

K: There are three steps marketers can take to prepare for the CCPA.

  1. Confirm your clients’ websites (or your brand’s website) has an updated Privacy Policy on their website that explicitly states the use of and reason. It should include potential purposes that you may use personal information for in the future—for example, include notice of the use of IP addresses for targeted advertising, similar to cookies and mobile IDs.
  2. Include links to opt-out services for Notice at Collection, Notice of Right to Opt-Out of Sale, and Notice of Incentive within your privacy policy for any partners that are collecting data on your behalf on your website.
  3. Ensure all CRM lists (and IP address lists) that might include California residents were collected through permission-based methods.

About The Author