SlideShare a Scribd company logo

CCPA and the Future of Privacy-First Digital Advertising

The Media Kitchen
The Media Kitchen

What is CCPA? The California Consumer Privacy Act (CCPA) - which goes into effect on January 1, 2020 - grants California residents (“consumer”): ● Control over: ○ What entities are collecting their data ○ What type of data is being collected and for what purpose ○ Who the data is being sold to / shared with and for what purpose ● The ability to delete the consumer’s data and/or stopping any selling/sharing of data Under CCPA, data collection and data sharing become fully transparent to the consumer, and, most importantly, companies must process ​opt-out​ requests within 45 days.

Marketing
1 of 8
Download to read offline
1 CCPA and the Future of Privacy-First Digital Advertising There are still potential amendments to CCPA that are being discussed and we will make updates to this POV if necessary. What is CCPA? The California Consumer Privacy Act (CCPA) - which goes into effect on January 1, 2020 - grants California residents (“consumer”): ● Control over: ○ What entities are collecting their data ○ What type of data is being collected and for what purpose ○ Who the data is being sold to / shared with and for what purpose ● The ability to delete the consumer’s data and/or stopping any selling/sharing of data Under CCPA, data collection and data sharing become fully transparent to the consumer, and, most importantly, companies must process ​opt-out​ requests within 45 days.
2 What are the key components* of CCPA? *As of 9/19/2019 ● What types of companies must comply with CCPA? (Source: Spencer Fane LLP) ● Who are the main characters? business for-profit entity that collects personal data and determines how/why it will be used service provider for-profit entity that processes personal data on behalf of a business. More importantly, there must be a written contract between the two to prohibit the service provider from ​“retaining, using, or disclosing personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business.” Examples: The Trade Desk, Google, Facebook, DMP third party defined as a party that is neither a business nor a service provider. There must be a written contract between a business and a service provider (or any person) to be considered a third party
3 ● CCPA is an ​opt-out​ policy, meaning consumers allow data sharing by default, and must opt out to limit access ○ One caveat is for children who are ​16 or younger​: data sharing is prohibited by default and they (or their guardians) must opt in for anyone to use data ● How is Personally Identifiable Information (PII) defined in CCPA? ○ CCPA defines PII broadly as data that, “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked” to an individual ○ In other words - IP address, physical address, phone number, and mobile ad ID - are all direct identifiers that are covered while user personas - ‘likely to buy a car’ or ‘business traveler’ - that are crafted from direct identifiers are also covered under CCPA ● Under CCPA, consumers have the right to make two types of verifiable requests to businesses: ○ Request 1: The types of personal information collected by the business, and the entities with which the business shared or sold the personal information in the past 12 months ○ Request 2: Delete personal information ○ Consumers can make up to two requests within a 12-month period ● What are the penalties for non-compliance? ○ Maximum $2.5K fine per user request​ that was not fulfilled within 45 days ■ Companies will have 30 days to resolve the problem ■ If the issue is not resolved within the 30 day window, the California Attorney General will pursue legal action against the business and/or service provider ○ Maximum $7.5K fine per user request​ that was not fulfilled if the business is found to have intentionally violated the terms ■ Example​: If Facebook’s Cambridge Analytica data breach affected around 20MM California residents (hypothetical), they would be slapped with ​a maximum fee of $50B​. If Facebook was found to have deliberately shared California users’ data with Cambridge Analytics, they would be on the hook for ​a maximum penalty of $300B (Facebook’s 2018 revenue was around $55B) ● Businesses cannot refuse providing services to consumers who have opted out of data collection. No discrimination based on opt-ins/opt-outs is allowed. However, businesses can encourage user consent through financial incentives. CCPA’s impact on digital advertising ● When a consumer chooses to opt out on a brand website, personalized advertising based on past engagement will not be possible. The consumer will still have a chance to see the brand’s ad, but it won’t be a specific creative catered to the user based on audience rules or prior on-site behavior
4 ○ In this scenario, the brand is the ‘business’ and the Data Management Platform (DMP) or Dynamic Creative Optimization (DCO) platform that processes user data to inform retargeting is the ‘service provider’. The Demand Side Platform (DSP) and Supply Side Platform (SSP) involved in displaying the ad will also be categorized as ‘service providers’ unless a contract specifically identifies them as ‘third parties’ ○ The opt-out request must be processed between every service provider that is involved (up to 45 days to fulfill the request) ○ Google and Facebook could technically be both ‘business’ and ‘service provider’ (more on this later) ● Ad technologies that obtain and process third party data will be affected most by CCPA since none of the data they handle is explicitly shared by the user for any business purpose ○ Examples: Tapad, Drawbridge, LiveRamp, Acxiom, Lotame ○ Bad actors who exploit Programmatic supply chains for monetization (i.e. fraudulent traffic, ad farming) will face challenges, and in that regard, CCPA will have a positive effect Image credit: Adweek ● The Walled Gardens (Google, Facebook, Amazon)​ will not be affected as much since in most scenarios, they are the ‘business’ and ‘service provider’ ● Each Walled Garden is also gathering first-party user data for specific purposes (e.g. Google Maps, Instagram, Google Photos, Amazon Prime, etc.) and not much of it is shared externally so it is that much easier to control ● CCPA will encourage these companies to build taller walls and force advertisers to commit to respective ecosystems ● Even if a user opts out on a ​brand’s website​, if the brand wants to use the user’s ​Facebook behavior​ to target them with specific ​Facebook ads​, that will still be enabled unless the user opts out of Facebook’s personalized ads explicitly ● There are still changes that could be made to CCPA (e.g. The Senate Bill 753 was proposed earlier this year to exempt advertisers from CCPA) and TMK will modify this POV if the final version changes anything that is already stated here How will CCPA affect Ad Tech? ● What is difficult to anticipate is the ​opt-out rate ○ GDPR: According to Quantcast, ​over 90% of users opted in​ when visiting EU-based domains
5 ○ If CCPA’s consent management workflow is similar to GDPR, then we can expect ~10% opt-outs ○ However, if the consent management workflow is neutral and opting out is a clear choice, we expect the opt-out rate to hover around 30-40% ■ The reason we don’t believe many users will opt out is because the consent management platforms are cumbersome when the answer is not “accept” (more on this below) ○ For our POV on how Ad Tech will be affected, we will assume an opt-out rate of 10% ● Measurement and Attribution ○ How to gauge the impact on measurement: ■ How many visits/conversions (avg) are coming from California residents today? → this is essentially the maximum number of users that will be impacted by CCPA ■ How many unique visitors (avg) visit the site? → number of uniques will increase from California once users start opting out ■ How many conversions occur within the first 24 hrs of ad exposure? → more on this below in the browser privacy section ■ How many ad touchpoints (avg per user, avg per media partner) are users exposed to before converting? → if fractional attribution is part of your measurement solution today, this figure will help assess the amount of credit partners could potentially lose in California ● What types of first party targeting will be disabled if a user opts out? ○ Retargeting based on user’s prior site engagement ○ Site personalization based on user’s prior site engagement ○ Ad suppression based on user’s prior site engagement ○ Cross-device targeting by leveraging a unified device graph per user (by login or wifi access) ○ Dynamic creative / sequential creative messaging ● What about lookalike audience segments that leverage 1st/2nd/3rd party audience data? ○ Audience platforms that are not called Facebook, Google, and Amazon will need explicit consent from the user to continue their current practices ○ Since 3rd party audience platforms ​do not own ​any of the user data, they will need to work with publishers and brands’ consent management process/platforms to process audience data. CCPA alone will not cripple these platforms, but they are likely weary of browser-level privacy features along with future Federal Regulations ● Will a Data Management Platform (DMP) help in any way? ○ It could certainly help manage opt-out requests, especially if the DMP has direct integrations with consent management platforms (CMP) or has its own CMP ○ There is very little DMPs can do to minimize opt-outs otherwise
6 Consent management is biased ● Consent management tools dissuade opt-outs (or opt-ins) by nature ● When you review NYT’s GDPR consent notification, it is very clear that the easiest choice is to accept​ because once you click something that is not “I Accept” or “X”, the user is met with a long list of privacy guidelines and a lot more clicks to customize privacy settings ● This is why we believe opt-out rates for CCPA won’t be high. However, it is contingent on the consent management experience The future of privacy There is an argument to be made that CCPA is not the biggest hurdle for advertisers to prepare for since the Federal version is still a big unknown and the opt-out rates may not be problematic. ​The more serious change is coming from web browsers​: every major browser is in a privacy race as we speak. This is a massive win for users who want more transparency over their personal data, and a headache to advertisers who want to accurately measure ad lift ● Browser privacy updates - below is a simplified list of how major browsers are shaking up cookie tracking by default ○ Safari​: The latest version does not allow cookie-tracking past a 24hr window ○ Chrome​: Google is giving users all of the tools to manage what types of information users want to share. It is a ​passive stance​ that requires a lot more input from the user ○ Edge​: Microsoft has a feature called “tracking prevention” that disables all third-party trackers on a website ○ FireFox​: Mozilla’s “Enhanced tracking prevention” disables all third-party tracking cookies, and they are also testing a ​VPN feature​ that could be part of a paid subscription in the future ● Monitoring site visitors’ browser types will be important since there could be a direct correlation to anomalies in site analytics and/or media reporting
7 ● CCPA will likely be used as a template for a ​Federal privacy bill​, and that will take at least a couple years to crystallize since there has not been much traction on this yet. Although every State is currently working on some form of a privacy bill, it does not make sense for each State to have its own version. That would mean companies would have to comply with 50 different bills - that is a nonsensical approach to privacy compliance ● Each browser’s privacy feature can already cripple cookie tracking regardless of CCPA. However, what separates CCPA from browser features is how negligence or non-compliance is treated. If someone finds a workaround to disarm browser features, it requires a patch and maybe an apology. If someone ignores CCPA, there could be immense financial consequences Preparing for a privacy-first future In short, we do ​not​ believe CCPA alone will disrupt how media campaigns are managed and measured. Browser-level privacy features will pose a bigger threat to media strategies, and how the browser privacy race shifts market share will be something to keep an eye on. Nobody can guarantee that Chrome will be the most widely used application in the next five years. This does not mean CCPA compliance can be taken lightly since users must have the ability to control how their data is being collected and used. The status quo is shifting and we must adapt to it and respect the changes not just as advertisers, but also as consumers. What can we do to prepare for 2020 and beyond? ● Review ​data security​ partners/solutions that are already in place and identify areas of improvement. CCPA is about data security as much as it is about data transparency ● Map out how user data is collected, how it is stored/secured, and how it is distributed to third parties for what purpose today ○ This will help with understanding which partners need to be surveyed for compliance and better organize how user data is managed internally ○ Confirm that every partner who has access to user data is compliant and how the partner is keeping the data secure ● Review current contracts and make sure user data security / liability / purpose are clearly stated ● Make sure to partner with a Consumer Management Platform ● Work with internal team to figure out how users’ data requests are received (website, email, and/or toll free number) and delivered - creating a repeatable process is key
8 TMK is working diligently with all of our partners to ensure and enforce CCPA compliance while keeping up with the latest on all privacy related updates. Please reach out to us with any questions and we will be more than happy to help. Thank you! Helpful sources: https://www.marketwatch.com/story/a-watered-down-version-of-californias-data-privacy-law-is-a-possibility- privacy-experts-warn-2019-06-27 https://www.adweek.com/programmatic/trade-bodies-prep-ad-tech-for-a-tougher-regulatory-climate/ https://www.lexology.com/library/detail.aspx?g=67b2af96-ef55-45ac-af23-26e8690c285d https://www.adweek.com/programmatic/these-companies-want-to-tighten-californias-privacy-laws-even-furth er/ https://www.mediapost.com/publications/article/337935/brands-begin-to-hit-roadblocks-with-real-time-ad-b.h tml https://www.adlawaccess.com/2019/07/articles/california-senate-committee-blesses-majority-of-ccpa-amend ments/ https://www.natlawreview.com/article/proposed-expansion-ccpa-s-private-right-action-defeated-state-senate https://www.emarketer.com/content/will-ccpa-have-gdpr-like-effects https://www.jdsupra.com/legalnews/verifying-the-verifiable-considering-a-29537/ https://www.mediapost.com/publications/article/339517/son-of-gdpr-are-you-ready-for-the-ccpa.html https://iapp.org/news/a/a-data-processing-addendum-for-the-ccpa/ https://www.exchangewire.com/blog/2019/06/20/browser-privacy-advertising-qa-with-jascha-kaykas-wolff-m ozilla/ https://www.adweek.com/programmatic/googles-planned-chrome-updates-will-enhance-privacy-but-cause-c omplications-for-ad-tech/

Recommended

What are cookies and what is changing
What are cookies and what is changingWhat are cookies and what is changing
What are cookies and what is changing
DCRB
 
Media Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureMedia Kitchen - The Cookieless Future
Media Kitchen - The Cookieless Future
The Media Kitchen
 
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
Tealium
 
Third-Party Cookie Loss Masterclass 1: So Your Cookie Crumbled, What's Next?
Third-Party Cookie Loss Masterclass 1: So Your Cookie Crumbled, What's Next?Third-Party Cookie Loss Masterclass 1: So Your Cookie Crumbled, What's Next?
Third-Party Cookie Loss Masterclass 1: So Your Cookie Crumbled, What's Next?
Tealium
 
First Party Data: What, Where, and How?
First Party Data: What, Where, and How?First Party Data: What, Where, and How?
First Party Data: What, Where, and How?
MediaPost
 
The Promise of First-Party Data: How the Top Brands Get the Strongest ROI for...
The Promise of First-Party Data: How the Top Brands Get the Strongest ROI for...The Promise of First-Party Data: How the Top Brands Get the Strongest ROI for...
The Promise of First-Party Data: How the Top Brands Get the Strongest ROI for...
Signal
 
Internet advertising
Internet advertisingInternet advertising
Internet advertising
Central Sikh Gurdwara Boards
 
Digit-Tech Analytics Workshop
Digit-Tech Analytics WorkshopDigit-Tech Analytics Workshop
Digit-Tech Analytics Workshop
Datalicious
 

Recommended

What are cookies and what is changing
What are cookies and what is changingWhat are cookies and what is changing
What are cookies and what is changing
DCRB
 
Media Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureMedia Kitchen - The Cookieless Future
Media Kitchen - The Cookieless Future
The Media Kitchen
 
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
Tealium
 
Third-Party Cookie Loss Masterclass 1: So Your Cookie Crumbled, What's Next?
Third-Party Cookie Loss Masterclass 1: So Your Cookie Crumbled, What's Next?Third-Party Cookie Loss Masterclass 1: So Your Cookie Crumbled, What's Next?
Third-Party Cookie Loss Masterclass 1: So Your Cookie Crumbled, What's Next?
Tealium
 
First Party Data: What, Where, and How?
First Party Data: What, Where, and How?First Party Data: What, Where, and How?
First Party Data: What, Where, and How?
MediaPost
 
The Promise of First-Party Data: How the Top Brands Get the Strongest ROI for...
The Promise of First-Party Data: How the Top Brands Get the Strongest ROI for...The Promise of First-Party Data: How the Top Brands Get the Strongest ROI for...
The Promise of First-Party Data: How the Top Brands Get the Strongest ROI for...
Signal
 
Internet advertising
Internet advertisingInternet advertising
Internet advertising
Central Sikh Gurdwara Boards
 
Digit-Tech Analytics Workshop
Digit-Tech Analytics WorkshopDigit-Tech Analytics Workshop
Digit-Tech Analytics Workshop
Datalicious
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDs
Raghu KLN
 
Digital Velocity London - What's The Future for Data Orchestration, Tealium D...
Digital Velocity London - What's The Future for Data Orchestration, Tealium D...Digital Velocity London - What's The Future for Data Orchestration, Tealium D...
Digital Velocity London - What's The Future for Data Orchestration, Tealium D...
Tealium
 
Keynote: Data Strategy: Starts with First-Party Data
Keynote: Data Strategy: Starts with First-Party DataKeynote: Data Strategy: Starts with First-Party Data
Keynote: Data Strategy: Starts with First-Party Data
MediaPost
 
Third-Party Cookie Loss Masterclass 3: Making Sense of the Changing Identity ...
Third-Party Cookie Loss Masterclass 3: Making Sense of the Changing Identity ...Third-Party Cookie Loss Masterclass 3: Making Sense of the Changing Identity ...
Third-Party Cookie Loss Masterclass 3: Making Sense of the Changing Identity ...
Tealium
 
Data Defining Audiences for Marketers
Data Defining Audiences for MarketersData Defining Audiences for Marketers
Data Defining Audiences for Marketers
MediaPost
 
Building a Foundational Tech Stack to Support Your First-Party Data Strategy
Building a Foundational Tech Stack to Support Your First-Party Data StrategyBuilding a Foundational Tech Stack to Support Your First-Party Data Strategy
Building a Foundational Tech Stack to Support Your First-Party Data Strategy
Tinuiti
 
April partner bootcamp deck cookieless future
April partner bootcamp deck cookieless futureApril partner bootcamp deck cookieless future
April partner bootcamp deck cookieless future
Acquia
 
Netcel’s insider’s guide to ecommerce success
Netcel’s insider’s guide to ecommerce successNetcel’s insider’s guide to ecommerce success
Netcel’s insider’s guide to ecommerce success
Karen Bewick
 
Digital Velocity London 2018 - Getting to Grips with Global B2B, Julian Brewer
Digital Velocity London 2018 - Getting to Grips with Global B2B, Julian BrewerDigital Velocity London 2018 - Getting to Grips with Global B2B, Julian Brewer
Digital Velocity London 2018 - Getting to Grips with Global B2B, Julian Brewer
Tealium
 
Unlocking First Party Data Right Under Your Nose
Unlocking First Party Data Right Under Your NoseUnlocking First Party Data Right Under Your Nose
Unlocking First Party Data Right Under Your Nose
MediaPost
 
Data Restart 2021: Pavel Jašek - Konverzní modelování
Data Restart 2021: Pavel Jašek - Konverzní modelováníData Restart 2021: Pavel Jašek - Konverzní modelování
Data Restart 2021: Pavel Jašek - Konverzní modelování
Taste
 
Thomas Gylling “delivering killer content with digital marketing”
Thomas Gylling “delivering killer content with digital marketing”Thomas Gylling “delivering killer content with digital marketing”
Thomas Gylling “delivering killer content with digital marketing”
Thomas Gylling
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing Impact
CMassociates
 
Consumer Law Seminar ABTA
Consumer Law Seminar ABTAConsumer Law Seminar ABTA
Consumer Law Seminar ABTA
RedEye
 
GDPR: A Practical Guide for Marketers
GDPR: A Practical Guide for MarketersGDPR: A Practical Guide for Marketers
GDPR: A Practical Guide for Marketers
Treasure Data, Inc.
 
Datawise Group Profile
Datawise Group ProfileDatawise Group Profile
Datawise Group Profile
Vinay Kumar
 
Deck 1: Redefining Data-Driven by Flashtalking
Deck 1: Redefining Data-Driven by FlashtalkingDeck 1: Redefining Data-Driven by Flashtalking
Deck 1: Redefining Data-Driven by Flashtalking
Flashtalking
 
Media Measurement Success - Flashtalking 2017
Media Measurement Success - Flashtalking 2017Media Measurement Success - Flashtalking 2017
Media Measurement Success - Flashtalking 2017
Flashtalking
 
Customer Lifecycle Engagement for Insurance Companies
Customer Lifecycle Engagement for Insurance CompaniesCustomer Lifecycle Engagement for Insurance Companies
Customer Lifecycle Engagement for Insurance Companies
edynamic
 
Bluekai Little Blue Book
Bluekai Little Blue BookBluekai Little Blue Book
Bluekai Little Blue Book
whatismarketing
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc
 
Everything B2B Tech Marketers Need to Know About Privacy + Consent
Everything B2B Tech Marketers Need to Know About Privacy + ConsentEverything B2B Tech Marketers Need to Know About Privacy + Consent
Everything B2B Tech Marketers Need to Know About Privacy + Consent
Kiwi Creative
 

More Related Content

What's hot

April partner bootcamp deck cookieless future
April partner bootcamp deck cookieless futureApril partner bootcamp deck cookieless future
April partner bootcamp deck cookieless future
Acquia
 
Netcel’s insider’s guide to ecommerce success
Netcel’s insider’s guide to ecommerce successNetcel’s insider’s guide to ecommerce success
Netcel’s insider’s guide to ecommerce success
Karen Bewick
 
GDPR: A Practical Guide for Marketers
GDPR: A Practical Guide for MarketersGDPR: A Practical Guide for Marketers
GDPR: A Practical Guide for Marketers
Treasure Data, Inc.
 

What's hot (20)

The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDs
 
Digital Velocity London - What's The Future for Data Orchestration, Tealium D...
Digital Velocity London - What's The Future for Data Orchestration, Tealium D...Digital Velocity London - What's The Future for Data Orchestration, Tealium D...
Digital Velocity London - What's The Future for Data Orchestration, Tealium D...
 
Keynote: Data Strategy: Starts with First-Party Data
Keynote: Data Strategy: Starts with First-Party DataKeynote: Data Strategy: Starts with First-Party Data
Keynote: Data Strategy: Starts with First-Party Data
 
Third-Party Cookie Loss Masterclass 3: Making Sense of the Changing Identity ...
Third-Party Cookie Loss Masterclass 3: Making Sense of the Changing Identity ...Third-Party Cookie Loss Masterclass 3: Making Sense of the Changing Identity ...
Third-Party Cookie Loss Masterclass 3: Making Sense of the Changing Identity ...
 
Data Defining Audiences for Marketers
Data Defining Audiences for MarketersData Defining Audiences for Marketers
Data Defining Audiences for Marketers
 
Building a Foundational Tech Stack to Support Your First-Party Data Strategy
Building a Foundational Tech Stack to Support Your First-Party Data StrategyBuilding a Foundational Tech Stack to Support Your First-Party Data Strategy
Building a Foundational Tech Stack to Support Your First-Party Data Strategy
 
April partner bootcamp deck cookieless future
April partner bootcamp deck cookieless futureApril partner bootcamp deck cookieless future
April partner bootcamp deck cookieless future
 
Netcel’s insider’s guide to ecommerce success
Netcel’s insider’s guide to ecommerce successNetcel’s insider’s guide to ecommerce success
Netcel’s insider’s guide to ecommerce success
 
Digital Velocity London 2018 - Getting to Grips with Global B2B, Julian Brewer
Digital Velocity London 2018 - Getting to Grips with Global B2B, Julian BrewerDigital Velocity London 2018 - Getting to Grips with Global B2B, Julian Brewer
Digital Velocity London 2018 - Getting to Grips with Global B2B, Julian Brewer
 
Unlocking First Party Data Right Under Your Nose
Unlocking First Party Data Right Under Your NoseUnlocking First Party Data Right Under Your Nose
Unlocking First Party Data Right Under Your Nose
 
Data Restart 2021: Pavel Jašek - Konverzní modelování
Data Restart 2021: Pavel Jašek - Konverzní modelováníData Restart 2021: Pavel Jašek - Konverzní modelování
Data Restart 2021: Pavel Jašek - Konverzní modelování
 
Thomas Gylling “delivering killer content with digital marketing”
Thomas Gylling “delivering killer content with digital marketing”Thomas Gylling “delivering killer content with digital marketing”
Thomas Gylling “delivering killer content with digital marketing”
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing Impact
 
Consumer Law Seminar ABTA
Consumer Law Seminar ABTAConsumer Law Seminar ABTA
Consumer Law Seminar ABTA
 
GDPR: A Practical Guide for Marketers
GDPR: A Practical Guide for MarketersGDPR: A Practical Guide for Marketers
GDPR: A Practical Guide for Marketers
 
Datawise Group Profile
Datawise Group ProfileDatawise Group Profile
Datawise Group Profile
 
Deck 1: Redefining Data-Driven by Flashtalking
Deck 1: Redefining Data-Driven by FlashtalkingDeck 1: Redefining Data-Driven by Flashtalking
Deck 1: Redefining Data-Driven by Flashtalking
 
Media Measurement Success - Flashtalking 2017
Media Measurement Success - Flashtalking 2017Media Measurement Success - Flashtalking 2017
Media Measurement Success - Flashtalking 2017
 
Customer Lifecycle Engagement for Insurance Companies
Customer Lifecycle Engagement for Insurance CompaniesCustomer Lifecycle Engagement for Insurance Companies
Customer Lifecycle Engagement for Insurance Companies
 
Bluekai Little Blue Book
Bluekai Little Blue BookBluekai Little Blue Book
Bluekai Little Blue Book
 

Similar to CCPA and the Future of Privacy-First Digital Advertising

TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
TrustArc
 
The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA)The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA)
Tinuiti
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc
 
How To Harness First-Party Data & Win In A Cookieless Future
How To Harness First-Party Data & Win In A Cookieless FutureHow To Harness First-Party Data & Win In A Cookieless Future
How To Harness First-Party Data & Win In A Cookieless Future
Search Engine Journal
 

Similar to CCPA and the Future of Privacy-First Digital Advertising (20)

TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 
Everything B2B Tech Marketers Need to Know About Privacy + Consent
Everything B2B Tech Marketers Need to Know About Privacy + ConsentEverything B2B Tech Marketers Need to Know About Privacy + Consent
Everything B2B Tech Marketers Need to Know About Privacy + Consent
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA)The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA)
 
Improving Customer Experience in Government-business Interaction.pdf
Improving Customer Experience in Government-business Interaction.pdfImproving Customer Experience in Government-business Interaction.pdf
Improving Customer Experience in Government-business Interaction.pdf
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019
 
Data Driven Advertising
Data Driven AdvertisingData Driven Advertising
Data Driven Advertising
 
Winterberry group the state of consumer data onboarding november 2016
Winterberry group the state of consumer data onboarding november 2016Winterberry group the state of consumer data onboarding november 2016
Winterberry group the state of consumer data onboarding november 2016
 
Understanding first-party cookies and attribution models
Understanding first-party cookies and attribution modelsUnderstanding first-party cookies and attribution models
Understanding first-party cookies and attribution models
 
How To Harness First-Party Data & Win In A Cookieless Future
How To Harness First-Party Data & Win In A Cookieless FutureHow To Harness First-Party Data & Win In A Cookieless Future
How To Harness First-Party Data & Win In A Cookieless Future
 
A Framework for Digital Business Transformation
A Framework for Digital Business TransformationA Framework for Digital Business Transformation
A Framework for Digital Business Transformation
 
Abbie Clement — GDPR, CCPA, ePrivacy: Which Data Laws Are Next and How the Ne...
Abbie Clement — GDPR, CCPA, ePrivacy: Which Data Laws Are Next and How the Ne...Abbie Clement — GDPR, CCPA, ePrivacy: Which Data Laws Are Next and How the Ne...
Abbie Clement — GDPR, CCPA, ePrivacy: Which Data Laws Are Next and How the Ne...
 
a6-zhao
a6-zhaoa6-zhao
a6-zhao
 
Targeted Advertisements & Privacy
Targeted Advertisements & Privacy Targeted Advertisements & Privacy
Targeted Advertisements & Privacy
 
Lay of the Land for All Things Privacy
Lay of the Land for All Things PrivacyLay of the Land for All Things Privacy
Lay of the Land for All Things Privacy
 
Targeted Online Advertising
Targeted Online AdvertisingTargeted Online Advertising
Targeted Online Advertising
 
Data and Creativity - Choices in Digital Marketing
Data and Creativity - Choices in Digital MarketingData and Creativity - Choices in Digital Marketing
Data and Creativity - Choices in Digital Marketing
 

More from The Media Kitchen

More from The Media Kitchen (20)

TMK OTT Overview: June 2019
TMK OTT Overview: June 2019TMK OTT Overview: June 2019
TMK OTT Overview: June 2019
 
WTF is Programmatic?: August 2017
WTF is Programmatic?: August 2017WTF is Programmatic?: August 2017
WTF is Programmatic?: August 2017
 
TMK.edu Traditional Media Buying
TMK.edu Traditional Media BuyingTMK.edu Traditional Media Buying
TMK.edu Traditional Media Buying
 
TMK.edu Site Direct + Content
TMK.edu Site Direct + ContentTMK.edu Site Direct + Content
TMK.edu Site Direct + Content
 
TMK.edu Search 101
TMK.edu Search 101TMK.edu Search 101
TMK.edu Search 101
 
Tmk.edu Startup + Brand Collaborations: October 2016
Tmk.edu Startup + Brand Collaborations: October 2016Tmk.edu Startup + Brand Collaborations: October 2016
Tmk.edu Startup + Brand Collaborations: October 2016
 
TMK.edu Site Direct Video Social: July 2016
TMK.edu Site Direct Video Social: July 2016TMK.edu Site Direct Video Social: July 2016
TMK.edu Site Direct Video Social: July 2016
 
TMK.edu Promotions and Sponsorships: September 2016
TMK.edu Promotions and Sponsorships: September 2016TMK.edu Promotions and Sponsorships: September 2016
TMK.edu Promotions and Sponsorships: September 2016
 
TMK.edu Programmatic: September 2016
TMK.edu Programmatic: September 2016TMK.edu Programmatic: September 2016
TMK.edu Programmatic: September 2016
 
TMK.edu Billing: September 2016
TMK.edu Billing: September 2016TMK.edu Billing: September 2016
TMK.edu Billing: September 2016
 
Traditional Media Buying
Traditional Media BuyingTraditional Media Buying
Traditional Media Buying
 
The Current State of Ad Blocking
The Current State of Ad BlockingThe Current State of Ad Blocking
The Current State of Ad Blocking
 
TMK.edu Communications Planning: June 2015
TMK.edu Communications Planning: June 2015TMK.edu Communications Planning: June 2015
TMK.edu Communications Planning: June 2015
 
TMK.edu Site Direct, Video, & Social Presentation: July 2015
TMK.edu Site Direct, Video, & Social Presentation: July 2015 TMK.edu Site Direct, Video, & Social Presentation: July 2015
TMK.edu Site Direct, Video, & Social Presentation: July 2015
 
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015
 
TMK.edu Mobile Presentation: August 2015
TMK.edu Mobile Presentation: August 2015TMK.edu Mobile Presentation: August 2015
TMK.edu Mobile Presentation: August 2015
 
ONDEC | Edition 3 | Strangers
ONDEC | Edition 3 | StrangersONDEC | Edition 3 | Strangers
ONDEC | Edition 3 | Strangers
 
TMK | Mobile Overview | March 2015
TMK | Mobile Overview | March 2015TMK | Mobile Overview | March 2015
TMK | Mobile Overview | March 2015
 
Programmatic at TMK
Programmatic at TMKProgrammatic at TMK
Programmatic at TMK
 
kbs+ Ventures Class 10 | Perfecting Your Pitch
kbs+ Ventures Class 10 | Perfecting Your Pitchkbs+ Ventures Class 10 | Perfecting Your Pitch
kbs+ Ventures Class 10 | Perfecting Your Pitch
 

Recently uploaded

Mastering Affiliate Marketing: A Comprehensive Guide to Success
Mastering Affiliate Marketing: A Comprehensive Guide to SuccessMastering Affiliate Marketing: A Comprehensive Guide to Success
Mastering Affiliate Marketing: A Comprehensive Guide to Success
Abdulsamad Lukman
 

Recently uploaded (20)

Mastering Affiliate Marketing: A Comprehensive Guide to Success
Mastering Affiliate Marketing: A Comprehensive Guide to SuccessMastering Affiliate Marketing: A Comprehensive Guide to Success
Mastering Affiliate Marketing: A Comprehensive Guide to Success
 
Cartona.pptx. Marketing how to present your project very well , discussed a...
Cartona.pptx. Marketing how to present your project very well , discussed a...Cartona.pptx. Marketing how to present your project very well , discussed a...
Cartona.pptx. Marketing how to present your project very well , discussed a...
 
W.H.Bender Quote 61 -Influential restaurant and food service industry network...
W.H.Bender Quote 61 -Influential restaurant and food service industry network...W.H.Bender Quote 61 -Influential restaurant and food service industry network...
W.H.Bender Quote 61 -Influential restaurant and food service industry network...
 
Best 5 Graphics Designing Course In Chandigarh
Best 5 Graphics Designing Course In ChandigarhBest 5 Graphics Designing Course In Chandigarh
Best 5 Graphics Designing Course In Chandigarh
 
Social Media Marketing Portfolio - Maharsh Benday
Social Media Marketing Portfolio - Maharsh BendaySocial Media Marketing Portfolio - Maharsh Benday
Social Media Marketing Portfolio - Maharsh Benday
 
SALES-PITCH-an-introduction-to-sales.pptx
SALES-PITCH-an-introduction-to-sales.pptxSALES-PITCH-an-introduction-to-sales.pptx
SALES-PITCH-an-introduction-to-sales.pptx
 
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptx
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptxUnveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptx
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptx
 
Instant Digital Issuance: An Overview With Critical First Touch Best Practices
Instant Digital Issuance: An Overview With Critical First Touch Best PracticesInstant Digital Issuance: An Overview With Critical First Touch Best Practices
Instant Digital Issuance: An Overview With Critical First Touch Best Practices
 
Aiizennxqc Digital Marketing | SEO & SMM
Aiizennxqc Digital Marketing | SEO & SMMAiizennxqc Digital Marketing | SEO & SMM
Aiizennxqc Digital Marketing | SEO & SMM
 
Alpha Media March 2024 Buyers Guide.pptx
Alpha Media March 2024 Buyers Guide.pptxAlpha Media March 2024 Buyers Guide.pptx
Alpha Media March 2024 Buyers Guide.pptx
 
2024 Social Trends Report V4 from Later.com
2024 Social Trends Report V4 from Later.com2024 Social Trends Report V4 from Later.com
2024 Social Trends Report V4 from Later.com
 
10 Email Marketing Best Practices to Increase Engagements, CTR, And ROI
10 Email Marketing Best Practices to Increase Engagements, CTR, And ROI10 Email Marketing Best Practices to Increase Engagements, CTR, And ROI
10 Email Marketing Best Practices to Increase Engagements, CTR, And ROI
 
The Impact Of Social Media Advertising.pdf
The Impact Of Social Media Advertising.pdfThe Impact Of Social Media Advertising.pdf
The Impact Of Social Media Advertising.pdf
 
The 9th May Incident in Pakistan A Turning Point in History.pptx
The 9th May Incident in Pakistan A Turning Point in History.pptxThe 9th May Incident in Pakistan A Turning Point in History.pptx
The 9th May Incident in Pakistan A Turning Point in History.pptx
 
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdfMicro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
 
SP Search Term Data Optimization Template.pdf
SP Search Term Data Optimization Template.pdfSP Search Term Data Optimization Template.pdf
SP Search Term Data Optimization Template.pdf
 
How consumers use technology and the impacts on their lives
How consumers use technology and the impacts on their livesHow consumers use technology and the impacts on their lives
How consumers use technology and the impacts on their lives
 
HITECH CITY CALL GIRL IN 9234842891 💞 INDEPENDENT ESCORT SERVICE HITECH CITY
HITECH CITY CALL GIRL IN 9234842891 💞 INDEPENDENT ESCORT SERVICE HITECH CITYHITECH CITY CALL GIRL IN 9234842891 💞 INDEPENDENT ESCORT SERVICE HITECH CITY
HITECH CITY CALL GIRL IN 9234842891 💞 INDEPENDENT ESCORT SERVICE HITECH CITY
 
The seven principles of persuasion by Dr. Robert Cialdini
The seven principles of persuasion by Dr. Robert CialdiniThe seven principles of persuasion by Dr. Robert Cialdini
The seven principles of persuasion by Dr. Robert Cialdini
 
Crypto Quantum Leap - Digital - membership area
Crypto Quantum Leap - Digital - membership areaCrypto Quantum Leap - Digital - membership area
Crypto Quantum Leap - Digital - membership area
 

CCPA and the Future of Privacy-First Digital Advertising

  • 1. 1 CCPA and the Future of Privacy-First Digital Advertising There are still potential amendments to CCPA that are being discussed and we will make updates to this POV if necessary. What is CCPA? The California Consumer Privacy Act (CCPA) - which goes into effect on January 1, 2020 - grants California residents (“consumer”): ● Control over: ○ What entities are collecting their data ○ What type of data is being collected and for what purpose ○ Who the data is being sold to / shared with and for what purpose ● The ability to delete the consumer’s data and/or stopping any selling/sharing of data Under CCPA, data collection and data sharing become fully transparent to the consumer, and, most importantly, companies must process ​opt-out​ requests within 45 days.
  • 2. 2 What are the key components* of CCPA? *As of 9/19/2019 ● What types of companies must comply with CCPA? (Source: Spencer Fane LLP) ● Who are the main characters? business for-profit entity that collects personal data and determines how/why it will be used service provider for-profit entity that processes personal data on behalf of a business. More importantly, there must be a written contract between the two to prohibit the service provider from ​“retaining, using, or disclosing personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business.” Examples: The Trade Desk, Google, Facebook, DMP third party defined as a party that is neither a business nor a service provider. There must be a written contract between a business and a service provider (or any person) to be considered a third party
  • 3. 3 ● CCPA is an ​opt-out​ policy, meaning consumers allow data sharing by default, and must opt out to limit access ○ One caveat is for children who are ​16 or younger​: data sharing is prohibited by default and they (or their guardians) must opt in for anyone to use data ● How is Personally Identifiable Information (PII) defined in CCPA? ○ CCPA defines PII broadly as data that, “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked” to an individual ○ In other words - IP address, physical address, phone number, and mobile ad ID - are all direct identifiers that are covered while user personas - ‘likely to buy a car’ or ‘business traveler’ - that are crafted from direct identifiers are also covered under CCPA ● Under CCPA, consumers have the right to make two types of verifiable requests to businesses: ○ Request 1: The types of personal information collected by the business, and the entities with which the business shared or sold the personal information in the past 12 months ○ Request 2: Delete personal information ○ Consumers can make up to two requests within a 12-month period ● What are the penalties for non-compliance? ○ Maximum $2.5K fine per user request​ that was not fulfilled within 45 days ■ Companies will have 30 days to resolve the problem ■ If the issue is not resolved within the 30 day window, the California Attorney General will pursue legal action against the business and/or service provider ○ Maximum $7.5K fine per user request​ that was not fulfilled if the business is found to have intentionally violated the terms ■ Example​: If Facebook’s Cambridge Analytica data breach affected around 20MM California residents (hypothetical), they would be slapped with ​a maximum fee of $50B​. If Facebook was found to have deliberately shared California users’ data with Cambridge Analytics, they would be on the hook for ​a maximum penalty of $300B (Facebook’s 2018 revenue was around $55B) ● Businesses cannot refuse providing services to consumers who have opted out of data collection. No discrimination based on opt-ins/opt-outs is allowed. However, businesses can encourage user consent through financial incentives. CCPA’s impact on digital advertising ● When a consumer chooses to opt out on a brand website, personalized advertising based on past engagement will not be possible. The consumer will still have a chance to see the brand’s ad, but it won’t be a specific creative catered to the user based on audience rules or prior on-site behavior
  • 4. 4 ○ In this scenario, the brand is the ‘business’ and the Data Management Platform (DMP) or Dynamic Creative Optimization (DCO) platform that processes user data to inform retargeting is the ‘service provider’. The Demand Side Platform (DSP) and Supply Side Platform (SSP) involved in displaying the ad will also be categorized as ‘service providers’ unless a contract specifically identifies them as ‘third parties’ ○ The opt-out request must be processed between every service provider that is involved (up to 45 days to fulfill the request) ○ Google and Facebook could technically be both ‘business’ and ‘service provider’ (more on this later) ● Ad technologies that obtain and process third party data will be affected most by CCPA since none of the data they handle is explicitly shared by the user for any business purpose ○ Examples: Tapad, Drawbridge, LiveRamp, Acxiom, Lotame ○ Bad actors who exploit Programmatic supply chains for monetization (i.e. fraudulent traffic, ad farming) will face challenges, and in that regard, CCPA will have a positive effect Image credit: Adweek ● The Walled Gardens (Google, Facebook, Amazon)​ will not be affected as much since in most scenarios, they are the ‘business’ and ‘service provider’ ● Each Walled Garden is also gathering first-party user data for specific purposes (e.g. Google Maps, Instagram, Google Photos, Amazon Prime, etc.) and not much of it is shared externally so it is that much easier to control ● CCPA will encourage these companies to build taller walls and force advertisers to commit to respective ecosystems ● Even if a user opts out on a ​brand’s website​, if the brand wants to use the user’s ​Facebook behavior​ to target them with specific ​Facebook ads​, that will still be enabled unless the user opts out of Facebook’s personalized ads explicitly ● There are still changes that could be made to CCPA (e.g. The Senate Bill 753 was proposed earlier this year to exempt advertisers from CCPA) and TMK will modify this POV if the final version changes anything that is already stated here How will CCPA affect Ad Tech? ● What is difficult to anticipate is the ​opt-out rate ○ GDPR: According to Quantcast, ​over 90% of users opted in​ when visiting EU-based domains
  • 5. 5 ○ If CCPA’s consent management workflow is similar to GDPR, then we can expect ~10% opt-outs ○ However, if the consent management workflow is neutral and opting out is a clear choice, we expect the opt-out rate to hover around 30-40% ■ The reason we don’t believe many users will opt out is because the consent management platforms are cumbersome when the answer is not “accept” (more on this below) ○ For our POV on how Ad Tech will be affected, we will assume an opt-out rate of 10% ● Measurement and Attribution ○ How to gauge the impact on measurement: ■ How many visits/conversions (avg) are coming from California residents today? → this is essentially the maximum number of users that will be impacted by CCPA ■ How many unique visitors (avg) visit the site? → number of uniques will increase from California once users start opting out ■ How many conversions occur within the first 24 hrs of ad exposure? → more on this below in the browser privacy section ■ How many ad touchpoints (avg per user, avg per media partner) are users exposed to before converting? → if fractional attribution is part of your measurement solution today, this figure will help assess the amount of credit partners could potentially lose in California ● What types of first party targeting will be disabled if a user opts out? ○ Retargeting based on user’s prior site engagement ○ Site personalization based on user’s prior site engagement ○ Ad suppression based on user’s prior site engagement ○ Cross-device targeting by leveraging a unified device graph per user (by login or wifi access) ○ Dynamic creative / sequential creative messaging ● What about lookalike audience segments that leverage 1st/2nd/3rd party audience data? ○ Audience platforms that are not called Facebook, Google, and Amazon will need explicit consent from the user to continue their current practices ○ Since 3rd party audience platforms ​do not own ​any of the user data, they will need to work with publishers and brands’ consent management process/platforms to process audience data. CCPA alone will not cripple these platforms, but they are likely weary of browser-level privacy features along with future Federal Regulations ● Will a Data Management Platform (DMP) help in any way? ○ It could certainly help manage opt-out requests, especially if the DMP has direct integrations with consent management platforms (CMP) or has its own CMP ○ There is very little DMPs can do to minimize opt-outs otherwise
  • 6. 6 Consent management is biased ● Consent management tools dissuade opt-outs (or opt-ins) by nature ● When you review NYT’s GDPR consent notification, it is very clear that the easiest choice is to accept​ because once you click something that is not “I Accept” or “X”, the user is met with a long list of privacy guidelines and a lot more clicks to customize privacy settings ● This is why we believe opt-out rates for CCPA won’t be high. However, it is contingent on the consent management experience The future of privacy There is an argument to be made that CCPA is not the biggest hurdle for advertisers to prepare for since the Federal version is still a big unknown and the opt-out rates may not be problematic. ​The more serious change is coming from web browsers​: every major browser is in a privacy race as we speak. This is a massive win for users who want more transparency over their personal data, and a headache to advertisers who want to accurately measure ad lift ● Browser privacy updates - below is a simplified list of how major browsers are shaking up cookie tracking by default ○ Safari​: The latest version does not allow cookie-tracking past a 24hr window ○ Chrome​: Google is giving users all of the tools to manage what types of information users want to share. It is a ​passive stance​ that requires a lot more input from the user ○ Edge​: Microsoft has a feature called “tracking prevention” that disables all third-party trackers on a website ○ FireFox​: Mozilla’s “Enhanced tracking prevention” disables all third-party tracking cookies, and they are also testing a ​VPN feature​ that could be part of a paid subscription in the future ● Monitoring site visitors’ browser types will be important since there could be a direct correlation to anomalies in site analytics and/or media reporting
  • 7. 7 ● CCPA will likely be used as a template for a ​Federal privacy bill​, and that will take at least a couple years to crystallize since there has not been much traction on this yet. Although every State is currently working on some form of a privacy bill, it does not make sense for each State to have its own version. That would mean companies would have to comply with 50 different bills - that is a nonsensical approach to privacy compliance ● Each browser’s privacy feature can already cripple cookie tracking regardless of CCPA. However, what separates CCPA from browser features is how negligence or non-compliance is treated. If someone finds a workaround to disarm browser features, it requires a patch and maybe an apology. If someone ignores CCPA, there could be immense financial consequences Preparing for a privacy-first future In short, we do ​not​ believe CCPA alone will disrupt how media campaigns are managed and measured. Browser-level privacy features will pose a bigger threat to media strategies, and how the browser privacy race shifts market share will be something to keep an eye on. Nobody can guarantee that Chrome will be the most widely used application in the next five years. This does not mean CCPA compliance can be taken lightly since users must have the ability to control how their data is being collected and used. The status quo is shifting and we must adapt to it and respect the changes not just as advertisers, but also as consumers. What can we do to prepare for 2020 and beyond? ● Review ​data security​ partners/solutions that are already in place and identify areas of improvement. CCPA is about data security as much as it is about data transparency ● Map out how user data is collected, how it is stored/secured, and how it is distributed to third parties for what purpose today ○ This will help with understanding which partners need to be surveyed for compliance and better organize how user data is managed internally ○ Confirm that every partner who has access to user data is compliant and how the partner is keeping the data secure ● Review current contracts and make sure user data security / liability / purpose are clearly stated ● Make sure to partner with a Consumer Management Platform ● Work with internal team to figure out how users’ data requests are received (website, email, and/or toll free number) and delivered - creating a repeatable process is key
  • 8. 8 TMK is working diligently with all of our partners to ensure and enforce CCPA compliance while keeping up with the latest on all privacy related updates. Please reach out to us with any questions and we will be more than happy to help. Thank you! Helpful sources: https://www.marketwatch.com/story/a-watered-down-version-of-californias-data-privacy-law-is-a-possibility- privacy-experts-warn-2019-06-27 https://www.adweek.com/programmatic/trade-bodies-prep-ad-tech-for-a-tougher-regulatory-climate/ https://www.lexology.com/library/detail.aspx?g=67b2af96-ef55-45ac-af23-26e8690c285d https://www.adweek.com/programmatic/these-companies-want-to-tighten-californias-privacy-laws-even-furth er/ https://www.mediapost.com/publications/article/337935/brands-begin-to-hit-roadblocks-with-real-time-ad-b.h tml https://www.adlawaccess.com/2019/07/articles/california-senate-committee-blesses-majority-of-ccpa-amend ments/ https://www.natlawreview.com/article/proposed-expansion-ccpa-s-private-right-action-defeated-state-senate https://www.emarketer.com/content/will-ccpa-have-gdpr-like-effects https://www.jdsupra.com/legalnews/verifying-the-verifiable-considering-a-29537/ https://www.mediapost.com/publications/article/339517/son-of-gdpr-are-you-ready-for-the-ccpa.html https://iapp.org/news/a/a-data-processing-addendum-for-the-ccpa/ https://www.exchangewire.com/blog/2019/06/20/browser-privacy-advertising-qa-with-jascha-kaykas-wolff-m ozilla/ https://www.adweek.com/programmatic/googles-planned-chrome-updates-will-enhance-privacy-but-cause-c omplications-for-ad-tech/