Data Governance & Privacy
April 1, 2024
If you’ve opened the Internet recently and noticed all of the CCPA opt-out banner ads, that means you’ve officially made it to 2020, nearly five years after the events of Back to the Future 2 which featured flying hoverboards. It may not be the future we dreamed of, but the CCPA will be just as transformative on society— even if it is far less fun than a hoverboard.
The California Consumer Privacy Act (CCPA) is officially the law of the land… even if state regulators aren’t ready for it. Companies subject to the CCPA are now required to comply with the law, but they’ve got until July 1 before enforcement and penalties kick in.
The next six months will be a critical time for companies to make sure they have the data infrastructure in place to be in compliance, ensuring they can respond to customer requests for opt-outs and deletions in a timely manner.
As companies ramp up their compliance efforts, I wanted to take the time to point out three critical, but underdeveloped, points about the changes that the CCPA opt-out will bring to your customer experience and data collection capabilities in the future (which is now!).
Surviving the CCPA Opt-In
The CCPA is much more than an opt-in button, but that little button holds the key to your ability to collect and use data about your customers. For the vast majority of companies who collect and use that data with the best intentions, the CCPA opt-in should be no big deal, another ritualistic hurdle for consumers to clear before getting to the “actual” experience.
However, unlike the GDPR, which asked consumers to accept cookies, the CCPA presents it as “Do Not Sell My Personal Information.” While they’re functionally very similar requests, would the average consumer rather accept a cookie or accept having their personal data sold?
Thus, the CCPA puts companies at a disadvantage already. Some estimates put CCPA opt-in as high as 87%, which would mean if you rely on selling customer data– which is broadly defined in the CCPA– you will lose the ability to do so on nine out of every ten consumers who visit your site. Many companies don’t sell data, so they’ll still be able to collect it. However, media and publishing companies, for example, will be particularly affected.
Of course, you want to avoid that level of data attrition. Here’s my thoughts on how brands should approach the CCPA opt-out to do just that.
1. Don’t Confuse Consent With Compliance
I’ll forgive you for thinking that providing a CCPA opt-out, where consumers can choose for companies not to “sell their personal information,” is simply a checkbox in a long list of compliance measures necessary with the new law. The GDPR, the closest corollary to the CCPA, set a bad precedent thanks to the complexity of requirements and the lack of stringent enforcement. That’s led to a button being the beginning…and end for many companies’ GDPR compliance efforts.
With CCPA’s more alarmist language (as discussed above), consumers are going to pay attention. However, if you only see the CCPA opt-out functionality as a compliance component, you’re missing out on the other half: the customer experience.
The CCPA opt-out will have the biggest impact on your customer experience because, in many instances, this is the first interaction a consumer will have with your site. How you present the CCPA opt-out will determine the success of your ability to capture crucial consumer information necessary for your personalization efforts.
On the back end, you also need to understand how CCPA opt-outs will affect the working experience of your marketing and data teams. How will your customer data management change? Who is responsible for managing requests for deletion, and how do you cleanse your entire tech stack of that data?
2. Consent Is Your New First Touch with Customers – Optimize It
As a critical part of the customer experience— and a determining factor in whether you’ll be able to turn that customer experience into usable customer data and profiles— the consent request will be a critical part of your funnel optimization.
By thinking of consent as the first part of your funnel, you’ll have to maximize the potential of that interaction instead of minimizing it. By doing the bare minimum required of the law, you’re taking away a key moment to establish trust and transparency as key parts of your brand.
With the right approach, brands can turn regulatory requirements into brand touchpoints. When airlines installed video screens in the 1980s, they began playing informative videos with legally required safety information. But in 2007, Virgin Airlines turned the boring video into a fun and creative way to promote the brand ethos— all while staying compliant. Now almost every airline company adds a dash of branding to these important brand touchpoints.
If your consent approach is resulting in too many opt-outs (and you haven’t had a major breach or incident that would drive people away), you may consider optimizing the experience to add more value and be integrated into the brand experience. Consumers need to understand why their data is important to their experience.
3. A Unified Approach to Data Orchestration and Consent Management
While the CCPA may be at the forefront of the customer data privacy conversation today, more regulations will continue to pop up. Rather than scrambling to maintain compliance with each new law, brands need to establish a real time data supply chain upon which data governance can be built to comply with local regulations. Here’s how Tealium sees the data supply chain alongside consent management.
Data Collection and Standardization:
During the collection and standardization stages of the data supply chain, Tealium’s capabilities allow brands to address customer opt-out (across the entire tech stack), ‘do not sell’ requirements of CCPA, and this is where the audit trail begins.
There are many ways to go about approaching consent collection with data collection, but not all are equal. Tealium has been thinking about governance and data privacy for years and as a result has built a consent manager natively into Tealium iQ Tag Management, something you won’t find with free or add-on tag management tools. This unified approach allows consent to be captured before tags are fired (i.e. data is collected). Once consent is captured it’s distributed to the proper tools and is managed throughout the lifetime of the data supply chain for that individual. This also enables brands to not only talk the data privacy talk, but also walk the walk. Brands can now provide transparency and management of data collection up front, and then follow through by immediately acting on it.
Transformation and Enrichment
During the transformation and enrichment stage of the data supply chain, Tealium’s Customer Data Platform, AudienceStream, enables brands to stage customer data prior to transmission downstream, transform data as it’s collected to speed activation and reduce any needs for expensive and inefficient post-processing, resolve identity to ensure accuracy dealing with user requests and centrally provide a hub for erasure of customer profiles when requested.
While CDPs can assist with data privacy requirements like the “right to be forgotten” or “right to deletion” only Tealium uniquely provides both the opt-in/opt-out from a built-in consent manager and follows through on user data management requirements in our CDP as well.
Integration and Activation:
In the integration and activation stages of the data supply chain Tealium capabilities allow you to manage all customer data centrally before integrating out across the tech stack, prevent or enable transmission based on your requirements and enable full visibility across the entire lifecycle of data.
Conclusion
It may feel like there’s a million things to do to meet the CCPA’s requirements, but starting by focusing on the customer experience of the “Do Not Sell My Personal Information” button and the way that your tag manager integrates with your consent management is a great place to start as the clock counts down to enforcement on July 1, 2020.
Looking for more info on how to balance the consumers’ demands for privacy and personalization? Check out our latest study, “Trust is Golden: How Brands Can Prioritize Privacy in the Age of Data,” today.
