• While GDPR compliance doesn’t equate to CCPA compliance, there are some aspects of successful GDPR strategies that companies can apply to their approach to the CCPA. Tim Geenen, General Manager of Faktor, a LiveRamp company, took the stage at RampUp NYC to discuss the collaborative models that worked best in managing GDPR compliance. 

    As regulation will only continue to be a fact of life—other states have followed California’s lead and a federal-level law is certainly on the horizon—Tim stressed the importance of internal alignment to handle growing complexity. 

    Watch the video of his session below or read our key takeaways:

    • Companies must balance privacy with personalization. “Privacy is now being considered a fundamental right in some countries,” Tim stated. “[Yet] the problem is, most people want personalization,” he continued. despite some harboring negative perceptions of marketing and advertising. They want to log in to their banking app, for example, and have all of their relevant data activated to enhance their experience.
      This presents an inherent tension between consumers and advertisers. To bridge the divide, it’s up to companies to be transparent and communicate what they use consumers’ data for, while still giving them control and choice over they want to share. If consumers don’t understand what their data is being used for, they won’t be willing to provide it for the enhanced experiences they want.
    • Every company and every consumer interprets the law and use cases differently. “This one was wildly irritating, but also the best learning that we had from a platform perspective,” Tim said. Consent, at least through the lens of privacy regulation, has a fairly ambiguous definition and can be interpreted in so many different ways once internal teams sit down and discuss it, especially when analyzing regulatory terminology like “legitimate interest,” and “implicit vs. explicit.” 
      As a result, the only fair way to design a consent management platform is to make it self-service and customizable. This enables users to adapt not only to the changing legislative landscape across states, countries, and regions, but also to their own evolving business needs.
    • Cross-collaboration has never been more important. While it is important for internal teams at companies to work together, it is equally pressing for leaders in the space to engage with external industry groups. From the GDPR, Tim shared that a major watershed moment in companies prioritizing and understanding the law was the creation of the IAB Transparency and Consent Framework (TCF).
      “At first, everyone was negative about an industry association that does all the tracking and now comes out with the solution,” he shared. Vendors and publishers were especially skeptical and incredibly vocal about what would and would not work for them at first. The IAB took this feedback into account with TCF 2.0. Initially introduced in August 2019, this evolved version of TCF is expected to roll out in Q1 of 2020. It is the largest industry initiative to-date for GDPR compliance. Under TCF 2.0, provisions include: “consumers can exercise a ‘right to object’ to data being processed; publishers gain greater control and flexibility with respect to how they integrate and collaborate with their technology partners; and new publisher functionality allows them to restrict the purposes for which personal data is processed by vendors on a publisher’s website on a per-vendor basis.” 

    Speaking of TCF 2.0, Tim concludes, “This is a very mature solution that is respected by all vendors and publishers. Everyone got their say. It was a huge effort by the industry.”

    Tim wrapped up his presentation with these four key takeaways: 

    1. Privacy. Know which laws apply to your business and whether or not you need to collect consent. If so, you should understand how to collect consent. Keep in mind, your privacy policy needs to be consumer friendly. 
    2. Interpretation. Expect to learn on the go. Try creating an internal working group with stakeholders from marketing, sales, legal, and IT to empower cross-organization visibility and alignment. Have processes in place for vetting vendors. 
    3. Optimize. There is a value exchange between consumers, brands, and publishers. To get the most out of these exchanges, give them options, but always make sure you communicate clearly about why you do what you do, and with whom. 
    4. Collaboration. The IAB has done a great job at aligning an industry that has traditionally resisted collaboration. Join their working groups or ensure your privacy technology partner does. 

    Curious to learn more about how technology and policy intersect? Register for RampUp SF 2020, taking place March 2-3, featuring an entire track dedicated to the new technologies being developed in tandem with policy. 

    Subscribe to RampUp