We live in a promising time of innovation. We are in the Fourth Industrial Revolution, also called the Machine Age or Digital Era. The fuel of this marvelous era is data. We are seeing revolutionary feats, proving that data—when used responsibly and ethically—can solve many of our pressing human challenges. The ethical use of data has proven beneficial for people, including creating relevant, meaningful experiences with brands.
However, instances of data misuse, negligent acts, and bad actors create a “trust deficit” in the digital ecosystem. Data privacy regulations like the California Consumer Privacy Act (CCPA) are aimed at these bad actors and reflect valid concerns about the responsible use and protection of data about people.
But the rapid onset of the CCPA presents two larger issues that must be addressed. First, the compliance window for companies to act is much too short to be prepared for its effective date of January 1, 2020. Large “technopolies” have near unlimited resources to prepare for the law, as well as navigate potential enforcement actions and associated costs and fines. But smaller companies and start-ups do not. The result: a CCPA barrier-to-entry moat forms for companies within a certain size. Start-ups with more brain power than purse power suffer, as does innovative growth.
Simultaneously, other states are working on CCPA-look-similars. This means that businesses face a potential future where they will have to process data differently on a state-by-state basis. The results are a legal construct that is not practical, and likely not workable, in the realities of a data-driven digital economy.
What We Need
Ready or not, CCPA is upon us. Many affected companies will not have enough runway or resources to get in compliance between the results of the California legislative process, the release of the California Attorney General’s implementing regulations projected sometime this fall, and the effective date of January 1, 2020. To give business a fair opportunity to comply, we need a 24-month delay of the CCPA effective date.
The best idea is a national standard that is effective and workable for all players in the business ecosystem. This means a federal law that protects people, enables the beneficial use of data, and enables competition and innovation. Rather than an organization complying with the possibility of 50 state-level regulations, a federal law that addresses these very real concerns of data privacy regulations is needed.
Until a federal standard for privacy regulations is established, we all must grapple with the challenges of CCPA. Many concerns about the implications of CCPA have not been addressed. We are hopeful that with the remaining time left in the California legislative process, CCPA-workability amendments will improve the CCPA and eliminate some of the unintended consequences.
Read more details in this update from LiveRamp, on the implications of CCPA, bills related to the law, and what businesses and our community can do to ensure we preserve trust in our ecosystem, while also protecting competition and innovation.
The information provided in this blog does not constitute legal advice. Please consult your legal counsel to obtain legal advice.