Guest Columns
4 mins read

CCPA: Ready or not here it comes


Publishers are reaching the point of data privacy fatigue. When the GDPR landed, most went into red alert and re-directed their energy, and resources, at ensuring compliance. Then new legislation started cropping up across the globe. Now, with the California Consumer Privacy Act (CCPA) already active, beside a few genuine attempts at compliance many businesses in the digital ecosystem are still struggling to come to terms with the impending legislation, including various industry groups and bodies writing the Office of the Attorney General to make amendments to the draft.

Given the volumes of data being mined since the start of the data “gold rush”, hoping that minor adjustments will be enough is a short-sighted — and non-beneficial — approach. The recent spate of regulations isn’t a clampdown on data usage, it’s a wider consumer movement for better data protection; and if publishers don’t travel with the tide, they will miss the opportunity to boost trust and engagement.

Easing the compliance throttle

Relaxed attitudes to CCPA enforcement could partly spring from the perception it isn’t a huge step up from the GDPR. While it’s a sizeable shift for U.S. data privacy, the CCPA’s scope is more refined; applying to Californian residents and businesses; and even then, only firms grossing over $25 million annually or processing the data of more than 50,000 consumers.

However, there are some key rules and differences between the regulations. The CCPA gives Californian consumers the right to know what personal data is collated and whether it’s shared, as well as the ability to opt out of selling data to third parties and request deletion. The legislation also protects data linked to specific households, not just individuals.

But with no explicit consent requirement — except for consumers aged 13-16 — many businesses see a chance to continue collating data as they have before. With some tweaks to ensure consumers can opt out and find details about what happens to their data, should they request it. This minimal approach, however, won’t make the grade amid increasing privacy sensitivity.  

Restoring depleting consumer trust

There is a reason why the GDPR and CCPA have sparked a flood of similar legislation, with the CCPA inspiring multiple states to propose data laws. Consumers are becoming more aware of their digital footprint, and after incidents such as the Cambridge Analytica scandal, concern about online privacy is driving a spike in tighter data regulation. In fact, 79% of U.S. consumers are still worried about how companies handle their data.

For publishers, this means aiming for minimal compliance won’t be enough to address the underlying issue and secure lasting consumer confidence. They must earn trust and prove their commitment to responsible data management by following the rules, and more: setting their sights on offering the optimal ‘User Privacy Experience”.

Raising the bar on data defence

User Privacy Experience, or Privacy UX, is about surpassing regulatory necessities to provide real value for consumers. At a higher level, the goal is building better privacy interactions by combining user experience learnings, with human-centric design. In everyday terms, that means going beyond giving consumers a basic tick-box option.

For instance, take consent requests for data sales. Rather than sending generic messages packed with legal terms, publishers should be showing that privacy truly matters by creating requests in consumer-friendly language. Better still, using techniques such as progressive consent — where individuals set their data preferences over a period of their choice — can indicate commitment to empowering audiences and giving them control, not just avoiding penalties. 

But to keep consumer trust, it’s also essential that attention to detail doesn’t stop with the consent conversation. Publishers need to illustrate long-term interest in protecting privacy by continuously ensuring processes are aligned with individual preferences, and making tools simple to navigate.

Future-proofing privacy practices

The CCPA doesn’t have to be an obstacle or endurance test for publishers. By dialing up their Privacy UX to meet and exceed the minimum CCPA bar, content owners can use this latest regulation as the launch pad for more consumer-focused data handling and interactions that set them apart from the crowd, and build consumer trust.

When organisations can illustrate they are serious about defending data privacy and respecting consumer rights, they stand a better chance of gaining confidence and data consent — and that makes optimising experiences worthwhile. Whether publishers are ready or not, the CCPA is an opportunity to transform the way they handle data privacy for the better; it’s up to them to take it.

Darren Guaranccia, Chief Product Officer, Crownpeak

AboutCrownpeak provides the leading, enterprise-grade, cloud-first Digital Experience Management (DXM) platform. The Crownpeak DXM platform empowers Fortune 2000 companies to quickly and easily create, deploy, and optimize customer experiences across global digital touchpoints at scale. Besides featuring content management, personalization, search, and experience delivery services, it is the only digital experience platform that includes built-in Digital Quality Management (DQM) to ensure brand integrity, best practices, and web accessibility compliance.

Photo by Crawford Ifland on Unsplash