If you’ve been following data privacy in the United States, you’re more than aware that major changes are to come with the California Privacy Rights Act (CPRA) and Virginia Consumer Data Protection Act (VCDPA) in effect as of January 1, 2023. In response, we’ll likely see a ripple effect occur with data privacy laws and see other states enact and consider more comprehensive legislation in the coming years. In order to better understand some changes and challenges surfacing, and how BeOp has been helping Publishers navigate privacy regulations and data privacy, read on!
Recently, legislatures in Virginia, Colorado, Connecticut, and Utah, and California have passed broad privacy laws that will be effective in 2023. Specifically:
The CPRA is an expansion of the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020 and granted California consumers the right to request that businesses disclose what personal information they have collected about them, and request that this information be deleted.
The CPRA builds on these protections and provides additional rights to California consumers, such as the right to correct inaccurate personal information, the right to opt out of the sale of their personal information, and the right to request that their personal information be deleted. The CPRA also imposes stricter requirements on businesses to protect the personal information of California consumers and imposes significant fines for violations.
In regards to the CPRA, Publishers need to be aware of a key provision; the creation of a new category of sensitive personal information which includes things like racial or ethnic origin, sexual orientation, and precise geolocation data. This information is subject to additional protection and publishers will need to be particularly careful when collecting, using, and disclosing this type of data. They’ll need to have systems in place to honor these requests in a timely/efficient manner, and comply with the requirements to avoid fines, reputational damage and loss of consumer trust.
Another expected repercussion is that user consent may drop further in the coming year. According to BeOp, consent for European Publishers dropped from nearly 100% to approximately 60% following the implementation of GDPR in the EU. The main consequence of this reduction in consent is the inability of many SSP’s to monetize this inventory since the vast majority of players in the market are still cookie driven or in other words, consent mandatory. Thanks to BeOp’s tech, Publishers are still able to effectively monetize this inventory through direct sold campaigns and contextual targeting.
It is important to note that the CPRA applies not only to publishers based in California, but also to any publisher that collects the personal data of California residents. This means that even if your business is located outside of California, you may still be subject to the requirements of the CPRA if you have readers or users in California.
One key difference between the CCPA and the CPRA is that the latter includes provisions for increased fines for certain violations. Under the CCPA, the maximum fine is $2,500 per violation or $7,500 per intentional violation. Under the CPRA, the maximum fine for intentional violations is unchanged, but the maximum fine for a violation of a consumer's "sensitive personal information" is $75,000 per violation or $750,000 per intentional violation. As revised fines will begin to be enforced in the US beginning July 1, 2023, responsible data collection is more important than ever.
For those new to these terms, first-party data refers to information that is collected directly from the publisher's own sources, such as website analytics and email subscription lists. Zero-party data, on the other hand, is information that is voluntarily provided by the user, such as preferences and demographics. With this data, publishers can gain a deeper understanding of their audience and create more relevant and personalized ad and content experiences for them. So, the question arises…
Companies that have been built for privacy and have proven to navigate privacy regulations unscathed are the partners who should be considered for Publishers. BeOp, 1plusX, and Permutive are great examples.
In 2015, BeOp’s co-founders Louis Prunel and Nicolas Sadki foresaw the pending loss of access to data and how this would decrease the already low performance and returns of programmatic, and developed and refined an entirely distinct and complete contextual and cookieless advertising ecosystem including DSP, SSP and an integrated Creative Platform which enables Publishers to easily create privacy compliant data capture units which include an added option for collecting user consent.
Furthermore, BeOp is built upon sophisticated, AI-driven contextual tools including semantic targeting, and data collection units are able to connect to any DMP such as 1plusX and Permutive.
1plusX offers real-time data management, data clean room, and CTV solutions to help publishers and advertisers engage their audiences.
Permutive empowers publishers and advertisers to activate audiences responsibly, to restore consumer trust. Their audience infrastructure connects publishers and advertisers, enabling them to address their full audience, in-the-moment, while protecting user privacy and respecting customer consent.
As all of these integrations are plug and play within BeOp, you’re enabled to collect some serious volumes of data without much setup. In addition, BeOp can also connect to your CRM via a direct integration or webhook. Take a look here for an example of how BeOp data is passed into Permutive.
Both first-party and zero-party data can be collected through BeOp units and can be used for sales teams, RFP responses, marketing/retargeting, or to inform editorial teams content. Since BeOp was built for privacy from the ground up, you can be assured of GDPR and CPRA compliance. The ways we support our partners, and provide peace of mind are as follows:
BeOp formats are “conversational units''. Built upon the premise of “story doing”, our units include polls, quizzes, forms, videos and more that enable publishers to engage with users in an automated fashion without needing to rely on user data. In addition to improving a Publishers UX and boosting overall engagement, these units are capable of producing unprecedented results; users spend an average 30 seconds on BeOp’s formats, and interaction rates for data collection units typically fall between 1% and 5%.
Leaf Group, Group Nine Media, Apartment Therapy Media, Network N, and Trusted Media Brands are already among the mutual partners of BeOp and Permutive for responsible first-party and zero-party data collection.
Be aware that depending on the legislation penalties for non-compliance differ. GDPR allows for fines of up to 4% of a company's global annual revenue or €20 million, while the CCPA allowed for fines of up to $7,500 per violation.
In 2020, the UK ICO fined the publisher Reach plc, which owns a number of national newspapers in the UK, £250,000 ($332,000) for violating the GDPR. The ICO found that Reach had failed to adequately protect the personal data of approximately 1 million individuals whose data had been accessed by unauthorized third parties.
In addition, the Italian data protection authority fined the publisher RCS MediaGroup $1.4 million for violating the GDPR. The company, which owns a number of Italian newspapers and magazines, was found to have unlawfully processed the personal data of approximately 3.5 million individuals.
In 2020, the California Attorney General's office reached a settlement with the publisher Bonnier Corporation over allegations that the company had violated the CCPA by collecting and sharing personal information from California consumers without their knowledge or consent. As part of the settlement, Bonnier agreed to pay a fine of $50,000 and implement a comprehensive data privacy program.
After learning all this, one question remains…
If interested in learning more, contact us at email@example.com before Data Privacy Day on January 28th to see how we can help, and talk about your data strategy for 2023!