A monumental change of privacy regulations will set in for US businesses on 1 January 2020 as the California Consumer Privacy Act (CCPA). CCPA will come into effect with a compliance deadline by the end of January 2020. Hence, this entire year, firms will face a gap in terms of knowledge, trying to modify their operation and privacy regulations as per the CCPA
The CCPA signifies a shift in mindset regarding the private sphere for the US – moving closer to global privacy norms, pushing away from the notion of personal data being a company asset. This “gap year” firms might struggle a little to comprehend the Act and implement necessary changes. But, surely, this will be beneficial in the long run.
CCPA is the result of a series of data disasters such as the massive Equifax breach and Facebook’s Cambridge Analytica scandal. Regulators have now stepped in to implement stricter compliance laws, realizing that there was little that U.S. consumers could do to protect their data. Under the CCPA, Americans will surely move a step closer to general privacy protection. However, the Act targets larger firms or those with prolific data use.
In October, the California Governor passed five bills to amend CCPA to provide some regulatory relief for businesses. 2020 will be like a gap where the industry will be forced to mature significantly for ensuring long-term success with technological advancements flushing in every day. The year-long gap will help firms to set in the mindset of balancing innovations and maintaining security and privacy. Followed by CCPA, the main goal for 2020 will remain to prepare firms for a cookieless future. The difference between the past and the upcoming year is that ad tech will focus more on innovating a real solution for identity.
As the cookie crumbles and device ID sharing services are discontinued, independent ad tech will finally get serious about replacing the cookie. After innovation comes activation. In 2020 and the following years, independent ad tech will focus on putting viable identity solutions into action. Post the launch of CCPA the road to success will consist of three major milestones:
First, firms need to solve the technical problem of storing identity in a way that is embedded in the user experience and can be utilized across publishers. Second, the ID companies need to shift to this ID solution from their current device ID and cookie frameworks. Today’s shared identity giants make big claims, but ultimately they rely heavily on cookies and IDs that are not future-proof. Finally, the solution and the associated data selling will need to be explicitly approved by lawmakers and tested in court. The court can review and debate the letter of the law ad nauseum, but it’s essential to create such a case and take it to court.
The government officials, along with the industry experts, agree that the first two steps will be primarily done in 2020. But, the final step will take almost five years to implement in the U.S. and perhaps slightly less time in Europe due to its head start with GDPR.
It will be interesting to see how ad tech will address a cookie-less future. Every company in the ecosystem needs to plan for the smooth adoption and implementation of the changes brought in by CCPA. Taking a gap year will help to figure things out for a better and more secure future.