CCPA Ushers in a New Era of Data Privacy
GDPR was a turning point in the world of data privacy. Not just due to the sheer magnitude of the regulation and how broad its effects were, but because of how it made data privacy a talking point in offices and at dinner tables around the world. It made privacy mainstream. The irritating inbox ambushes about “updated terms and services” from long-forgotten brands inspired everything from funny memes and tweets to a famous Spotify playlist. In the weeks leading up to May 25, 2018, everyone knew what GDPR was—whether they were in the affected area or not.
On the business side, GDPR also forced a shift in the global approach to data privacy. Many organizations that had barely been touched by previous regulations were forced to rethink how they collect and manage sensitive user data. In the year and a half since GDPR went into effect, some of the world’s largest corporations have been heavily fined, the number of in-house DPOs at European corporations has skyrocketed, but perhaps—most importantly—overall awareness among the public about data privacy and what their inherent rights are, has grown substantially.
GDPR was just the beginning
Aside from creating a global shift, GDPR served as one of the gateway regulations for data privacy laws in the digital marketing sphere. Similar bills and laws have since been proposed and accepted, one of the most recent and significant of which is the California Consumer Protection Act (CCPA).
Going into effect on January 1st of 2020, the CCPA will provide similar coverage for the residents of California, holding organizations accountable for collection and management of data from users in that region. While this is not the first data privacy protection law to be passed in the US, it covers a broad range of organizations, requiring many to take measures towards compliance that they may have not had to previously.
Many believe that while the GDPR marked the beginning of significant data privacy legislation, CCPA will mark the beginning of real compliance enforcement; it won’t just be the big players anymore that will be held accountable and fined for violation. This is one of the reasons CCPA and similar legislation have been causing a great deal of worry among management professionals across almost every industry.
A recent survey from Gartner shows that “accelerating privacy regulation” has become the #1 concern for senior executives worldwide, across industries and countries. It has surpassed many other topics, such as sourcing high-quality talent. Accelerating privacy regulation was furthermore named a risk of “very rapid velocity,” due to the severe negative impact it could have on an organization in a short matter of time.
Despite this concern, alarmingly, very few companies report being CCPA-ready. A survey by TrustArc found that in March of this year, only 14% of respondents reported that they are CCPA-compliant. Of those questioned, 83% replied that they believe they can leverage at least some of the preparations put in place for GDPR compliance, and they’re not wrong.
Organizations that have already taken the necessary steps to meet the GDPR standards are on the right path to CCPA compliance, but there are still differences between the two regulations that need to be addressed. One of these differences, for example, concerns the scope and frequency in which data subjects need to be updated about how their personal information is collected or disclosed to business partners. With that said, however, many of the processes put in place ahead of GDPR can be leveraged towards CCPA compliance, including steps taken in regards to:
1. Data mapping
2. Processes to receive and handle data subject requests
3. Methods to delete personal information
4. Methods to provide access to personal information in readily useable formats
5. Technical and organizational measures used to protect personal information
6. Privacy notices
Putting privacy at the forefront
CCPA is just a few short weeks away from taking effect, and other similar privacy regulations are expected to follow in 2020 and beyond. New bills have already been passed or proposed in Nevada, Washington and New York, some of which are more extensive and severe than the CCPA. The rest of the world is also well on its way.
At AppsFlyer, we’re beyond pleased at the increased awareness globally to the importance of user privacy. It is a critical piece of the evolving technology ecosystem, and failure to embrace this movement is a severe disservice to all players — from service providers to end users (and everyone in between). Privacy is a fundamental human right, and should be maintained and honored through every extension of your presence –mobile and digital devices included.
When data is your business, privacy needs to be embedded into the fiber of your technology. A fundamental piece of the privacy puzzle is keeping data, well, private. It is therefore our commitment to our customers and to ourselves that we will never make selling data our business. Each customer is in full ownership of their own data, it is never sold or shared with other customers; not via data collectives or shared persona graphs. Our extensive security and privacy program is the reason why we are trusted by some of the world’s most sensitive brands, which include financial and insurance institutions.
We have taken and will continue to take extensive measures to ensure that the company, products and services we offer are compliant with global and regional privacy regulations. We’ve spent the past several months working to finalize the organizational preparations for the CCPA. Under the CCPA, AppsFlyer is considered a service provider. The act of disclosing personal information to an entity that processes it on behalf of the business for business purposes (as defined by the CCPA) is permitted and will not be deemed as “selling” data. In addition, AppsFlyer is compliant with numerous global and regional privacy certifications, including:
Customers working with us and potential future customers can rest assured that working with AppsFlyer means working with a partner that is privacy-forward and compliant.
Putting privacy at the forefront does not just involve our own compliance, however. AppsFlyer is dedicated to assisting our customers in preparing for this (and other) regulations, through education, transparency and support.