With CCPA looming and other state-led regulations in the works, companies must work together across divisions to prioritize ethical data use in a way that makes sense, for both businesses and consumers.
Neil Sweeney, CEO of Freckle IoT; Noga Rosenthal, Chief Privacy Officer and General Counsel of Ampersand; and Neil Tolbert, Privacy and Marketing Consultant at OneTrust, participated in a panel at RampUp NYC to discuss how the new data landscape—and corresponding data strategies—can be used to build campaigns in 2020 and beyond.
Couldn’t catch the panel live? Read on for the top three takeaways from the roundtable. Or you can check out the full clip here.
Standardized Consumer Rights Management Needs to Happen
When CCPA takes effect on Jan. 1, 2020, the floodgates will open and data access requests will come pouring in. “We don’t expect to see a steady trickle, and we need to reduce the risk a brand faces when there is an influx of requests,” said Tolbert. “There needs to be an internal process to manage liability from a notice and policy standpoint.” The remaining panelists agreed that such standardization is necessary to accommodate not only CCPA compliance but also other regulations on the horizon, too.
Rosenthal added, “We should be concerned, but not nervous.” And don’t undervalue the importance of preplanning and preparation. “Do a practice test. [Ask], ‘what data do I have and should I be concerned?’” You need to train your teams so they know how to route CCPA-related questions to those who can answer them.
And while each panelist certainly agreed that transparency should be prioritized through data access requests, Sweeney had a particularly impassioned perspective, stating, “The industry is underplaying how disruptive this will be. Operationally, it will be a gong show in 2020. We talk about CCPA, but we don’t talk about all the other states implementing privacy legislation … privacy law is like tax law in that it is fundamentally changing daily. It will be chaotic, but chaos creates opportunity, and the opportunity is for people, entrepreneurs, and businesses to create these frameworks to solve problems.”
The Amount of Data Available—Internally and Externally—Will Wane
The reality is that, due to stringent privacy laws like the CCPA and GDPR, there is going to be significantly less data available to marketers. The data sets they are accustomed to using may shrink or become unavailable, and after a data audit, they may find that they have less internal data to work with—which is not necessarily a bad thing.
“We saw lots of organizations [stop] doing business in the EU when GDPR came out. It was reactionary. But a lot of those businesses are finding they can’t run from what they have to do. And the onus is on brands to manage the optics,” said Tolbert. Regardless, he added, the amount of data is going to decrease. It may not be as noticeable in the first few months, but it’s inevitable.
Dissenting to a degree, Noga added that she struggles on a practical level with the fact that less data will be available to marketers for campaign building. “If I am a charity and I’m trying to find new donors, where do I go if I can’t license data to find new donors? I’m not saying that we’re not going to see a decrease [in data], but there is a valid reason to use data.” Perhaps, she said, the answer is to conduct a balancing test. Brands can ask themselves: do we really need this data? If the answer is no, they can delete it. But either way, it’s on the brand to think about privacy for the consumer.
“Consent-as-a-Service” Is Trending, But It’s Unclear How It Will Materialize
The complexities of remaining compliant with the CCPA and other relevant data regulations will be significant for all companies, especially smaller businesses that don’t have deep pockets or resources to draw on. One way to equalize is to shift from buying data to “buying consent,” as Sweeney phrased it. Each of the panelists had a different take on how “consent-as-a-service” might materialize.
“We are conditioned to buy data,” said Sweeney. “But instead, it will be about buying consent in 2020. We’ve got to figure out how to get compliant data.”
Not everyone agreed that a consent-based shift, like what is present in Europe, is in our best interest in the U.S.
“One critique we get in the U.S. is that privacy policies are too long, too legalese. If we go into the consent world, we go back to giving someone pages-long documents. Does a consumer really understand [what that means]?” questioned Rosenthal.
Sweeney conceded that moving to a framework where consumers have to give consent repeatedly won’t work. He acknowledged that consent is a good thing, but the methodology leaves something to be desired.
While there may not be a silver-bullet solution to earn consumers’ trust when it comes to data usage, overwhelmingly every panelist agreed that data—when balanced with transparency, choice, and privacy-safe controls—is a good thing. You just have to be up front about why you need that data and what the consumer will get in return.
Sweeny summarized this point nicely: “If you don’t put privacy at the front of your strategy, you’re asking for trouble.”
Want to join the conversation surrounding regulatory compliance and implications across adtech? We encourage you to register today for RampUp (March 2-3, 2020, in San Francisco) where we will have several panels and breakout sessions dedicated to this topic.