Founding Father John Adams once said, “Power must never be trusted without a check,” and more than 200 years later, those words still ring true. Today data is a precious commodity, and Silicon Valley’s control of data represents a new form of power. Legislation and self-regulation will be a crucial means to keeping that power in check. The power and value of data is becoming clearer, and this means an inevitable readjustment of the legislative environment that marketers will need to adapt to sooner rather than later.
Across the country, lawmakers are striving to keep the duopoly in line. Earlier this summer, Washington State filed lawsuits against Facebook and Google, over alleged violations of campaign finance law. The claim is that they did not disclose who was taking out political ads on their platforms.
The California Consumer Privacy Act (CCPA) was recently passed to tighten data handling in the home of Silicon Valley. The legislation will force companies like Facebook and Google to disclose the nature of data they hold on consumers as well as who they are sharing that data with. This echoes moves made to tighten data privacy laws in Europe where the General Data Protection Regulation (GDPR) came into force a few months ago.
What underpins this tension between power and regulation in tech is the enormous value of data. Data is powering marketing to new levels, helping companies reach their target market more efficiently than ever. Not only this, businesses are able to connect with people on entirely new levels: Data is increasingly the key to satisfying and retaining customers. It is the new lifeblood of cultivating relationships and building loyalty. This enormous potential needs to be handled responsibly, and U.S. legislation will undoubtedly see a continued push to tighten privacy rules.
This begs the question: What specific shifts should marketers expect when it comes to U.S. data laws? The CCPA is very much an indication of the sorts of legislative changes that marketers will need to begin preparing for, just as companies operating in the EU have found this year.
Similarly to GDPR, the CCPA includes a provision to improve the basic rights that citizens have over their data, as well as redefining the meaning of “personal information.” There are important clauses in the legislation that mean fines for companies failing to comply with tighter regulation. As of January 1, 2020, this will apply to all companies handling the data of Californian citizens.
On this basis, companies handling the data of U.S. citizens have just over a year to adapt to the new rules governing the state’s 40 million citizens. That involves deciding whether they operate with two separate legal processes (one for California. users and one for non-California users), or whether they simply use the California framework as the lowest common denominator for all data handling in the U.S. The latter would certainly simplify processes in the long run, effectively pre-empting moves by other states to replicate GDPR and CCPA-style legislation. If you are already GDPR compliant, make sure you are aware of any additional changes you may need to bring in by 2020 to be fully CCPA compliant.
There are other moves that are worth considering now to ensure momentum is gathered by all data-driven industries, and digital marketers, in particular. If you are not already, make sure you are working with suppliers who are transparent around data protocols. This includes knowing where your partners get their data from and being clear on the differences between data handling and data processing.
Most importantly, GDPR and CCPA signal a new paradigm of privacy by design and a drive to ensure consumers are more conscious of their rights. Consent is at the center of this paradigm shift, and marketers will need to see this as the core mechanism to building a better data culture globally.
That said, there still remains a stubborn information gap between consumers and marketers where the former isn’t fully aware of the privacy policies already in place, such as encryption and anonymization of personally identifiable data. Fortunately, tech companies are accepting that legislation in some form can be beneficial for shaping a better data culture. Now is the time to get ahead of the game and make preparations for an inevitable readjustment of privacy laws across the U.S. at large, at state level, if not federal just yet.