Back to Blog

Data Privacy Regulation from a Partner Perspective: What Comes after CCPA?

  • - Lisa Rapp
  • 3 min read

Marketers from companies of all sizes operating in California have spent the past year preparing for the California Consumer Privacy Act (CCPA). Now that CCPA has gone into effect and companies have updated their compliance strategies, many marketers may want to breathe a sigh of relief. But not so fast. CCPA is just the beginning of a new set of rules and regulations meant to protect consumers’ data. 

Shane Wiley, Chief Privacy Officer of consumer insights and measurement company Cuebiq, a LiveRamp partner, shares with us what marketers can do to safeguard themselves and remain compliant for future privacy regulations: 

Preparing for future privacy regulations

After January, marketers will continue to complete any remaining gap areas with CCPA compliance, California’s new privacy law now enforced, and start preparing for additional state laws expected to come in 2020. Given the upcoming presidential election cycle, federal privacy legislation isn’t expected in the United States until 2021.

To prepare for future privacy regulations, marketers must be proactive instead of reactive. Put your end user at the center of your privacy management policy. Once a company orients its data handling approach around this concept, it moves the company into a consent-based paradigm that naturally supports user privacy rights, such as access and erasure.

For marketers who don’t have the ability or bandwidth to shift their entire data strategy, it’s important to focus on these five things:

  • Focus for legal compliance at the federal level. Study the past 20 years of FTC Consent Decrees, COPPA, and other laws that may affect your specific business vertical.
  • Focus for legal compliance at the state level. In addition to California, Nevada and Vermont have regulations with which marketers should become familiar.
  • Look to self-regulation groups for guidance. Organizations such as the Network Advertising Initiative (NAI), Mobile Marketing Association (MMA), the Interactive Advertising Bureau (IAB), and Digital Advertising Alliance (DAA) provide both companies and consumers with additional information on data privacy compliance. 
  • Iterate and evolve approach as new laws come forward. Even the most future-looking program may require slight adjustments as new laws emerge with highly prescriptive elements. 
  • Require partners to not only prove compliance but also to maintain forward-looking privacy policies. Leverage third-party audits to help manage partner risk exposure.

Ensuring partners remain compliant in 2020 and beyond

Marketers seeking to maintain a high standard of data privacy compliance for their companies should also expect the same of its partners. In evaluating partner compliance, here are four key areas where marketers should be vigilant by asking these questions:

  • Consent: Does the partner have a digital consent and preference record on every single device they are collecting data from, along with the language for which consent and permissions were given? Does that language name all parties (or categories of parties) that may be receiving the user’s data, have clear directions on how to retract consent and/or change preferences, and allow the user to access the partner’s privacy policy prior to giving their consent and preferences?
  • Transparency. Does the partner have a privacy page that explains privacy concepts to end users in a clear and concise manner? Does the partner require its partners to be equally transparent through user interactions and their privacy policy?
  • Control. Does the partner provide users with an easy path to opt out? Do they honor not only direct opt-outs but also those communicated through the operating system or web browser? Do they allow access to, portability of, and erasure of user data upon request?
  • Accountability. Does the partner subject themselves to and successfully pass third-party audits? Do they require their partners to do the same? Are they members in good standing with vertically relevant self-regulatory groups?

At LiveRamp, maintaining data transparency and privacy compliance is in our DNA and is fundamental to everything we do. LiveRamp is a member of the DAA and abides by its principles. Additionally, as part of LiveRamp’s commitment to data transparency, we also played a key role in the development of the standards for IAB Tech Lab’s Data Transparency Standard and Compliance Program.

Disclaimer: The information in this blog post does not constitute legal advice. Companies should contact their attorney to obtain advice.