2020 ushered in a new era of digital advertising standards centered around consumer privacy and consent, otherwise known as the California Consumer Privacy Act of 2018 (“CCPA”). As the most comprehensive data privacy regulation in the United States to date, CCPA provides a broad range of rights to California consumers regarding how their data is collected, held, processed, and sold.
Brand marketers, particularly those in data-poor categories (e.g., CPG and Automotive) have historically been reliant on 3rd-party data providers to attempt to reach in-market consumers with personalized advertising. Unfortunately, due to the lack of visibility and poor regulation of the digital ecosystem, many “bad actors” profited. The rapid ascent of digital advertising compounded the problem by allowing cookies and other tracking tools to quietly collect and scrape consumer data across platforms with ease. Until recently, the vast majority of consumers were unaware that this level of data collection was prevalent.
Regulation (at least at the California state level) is finally catching up to the digital age. While CCPA is a major win for consumers, brands whose advertising strategies are centered around personalization and programmatic activation are left asking, “which data providers can I trust now?”
The answer is simple: place your trust in data providers who put the consumer first in everything they do. By this, we mean thoughtfully selecting partners who have a direct 1:1 relationship with the end consumer.
To help guide brands through this brave new world, we’ve prepared a simple four-step checklist and prudent questions to ask your data providers. All brands should ensure their data providers are taking the issue of consumer privacy seriously and are 100% CCPA compliant.
Fittingly, we’ve adopted the acronym of CCPA; Consent, Compliance, Privacy Controls, Accuracy.
Consent
Does the provider give a clear value exchange for the data being collected? Is the consumer compensated, rewarded, or given a better product/service in exchange for their data?
As a fully opt-in mobile shopping app, Ibotta’s value exchange couldn’t be any more clear. By registering and simply sharing a picture of a shopping receipt or linking a loyalty card, consumers earn cash back on their everyday purchases. The average Ibotta user earns over $140/year.
Compliance
On a go-forward basis, your provider should be able to prove that they have obtained data in accordance with all applicable laws and consent from the consumer to provide data for use in advertising campaigns. They should also guarantee that they will not include data relating to any consumer who has opted out of targeted advertising or exercised their right to be forgotten.
Can the consumer exercise all rights granted under CCPA? Does the provider exclusively grant these rights to California citizens, or have they taken a consumer-forward privacy stance and extended those rights to all U.S. citizens?
As leaders in consumer trust and transparency, Ibotta immediately took the stance that the rights granted under CCPA should be applied to citizens of all 50 states. Across 100 employees, we’ve invested 10,000 hours over a 14-month span to ensure we are CCPA compliant and operationally equipped to comply with (and automate!) any consumer right granted under CCPA at scale.
Privacy Controls
As a consumer, is accessing your privacy settings made clear and evident? Do you need to jump through several hoops to locate or manage your preferences?
Along with creating an accessible link on the footer of the Ibotta homepage, we’ve built out mobile web and in-app mechanisms to access, manage privacy controls, and exercise all rights granted under CCPA.
Accuracy
What is the methodology of data collection? How is it validated? What is the granularity of data? Is it deterministic or probabilistic? Is it declared or inferred? Is it modeled, imputed, or otherwise assumed? What is the identifier provided; are they sharing PII?
As a mobile-first shopping app, everything we do is deterministically matched to a Mobile Advertising ID (MAID), which consumers can turn off or reset at any time. The granularity of our data collection is down to specific SKU-level purchases tracked across every retailer in the USA (fully inclusive of Walmart, Target, Kroger, etc), allowing brands to personalize digital ads based on offline shopping activity. Ibotta does not sell consumer PII to third parties. When Ibotta users exercise their Right to Access, we provision all collected data points back to the consumer.
Coming to RampUp in San Francisco? Come listen to Ibotta’s Sean Stephens on our panel CCPA Two Months In: Where Are We Now? on Tuesday, March 3rd at 10:40am.