It’s A Rocky Road, But We’re Traveling It: The California Consumer Privacy Act & Beyond
Recently, the Internet Advertising Bureau (IAB) released a draft compliance framework for the California Consumer Privacy Act (CCPA). This is very positive news for our industry. Companies across the digital advertising landscape are looking for guidance regarding how to implement the CCPA in a straightforward manner, and the IAB has put some clear recommendations forward for how this can happen. In addition, the DAA (Digital Advertising Alliance) is developing CCPA implementation tools for publishers, in cooperation with the IAB.
It’s great to see these organizations coming together to support companies in our ecosystem. From brands to agencies, from bidding platforms to data providers, and from ad exchanges to publishers, we will all need help to navigate the rocky road ahead when it comes to consumer privacy legislation.
Why the rockiness? For starters, since the CCPA is the first comprehensive consumer privacy law of its kind in the United States, no one should expect it to be perfectly clear at the outset. As the IAB’s draft CCPA compliance framework states, “…there are provisions of the law that are ambiguous and leave room for interpretation.” Industry groups such as the IAB will, of course, work to resolve much of the ambiguity over time.
But ironing out the details of how to support California’s laws is just the beginning. After all, California is just one state out of fifty and other states are likely to follow with their own consumer privacy legislation. Industry leaders are concerned that as other states decide to enact privacy legislation, national companies will be forced to contend with a myriad of disparate and conflicting privacy laws. That’s why a group of 51 CEOs of major companies has asked the U.S. Congress to pass comprehensive national privacy legislation.
National privacy legislation makes sense on many fronts – consumers shouldn’t be expected to understand how their privacy rights change as they travel or do business from state to state, and businesses that capture consumer data would have to contend with massive technical complexity if each state implements unique legislation. As important as it is to protect consumer privacy, however, we are headed into an election year and there will be many more headline-grabbing topics for politicians to talk about – it could be quite a while before Congress does anything material in this arena.
In the meantime, here at EMX, we remain committed to protecting consumer privacy and to following the law. We are engaged with industry organizations like the IAB and the NAI (Network Advertising Alliance). On January 1, 2020, we expect to be fully compliant with CCPA, just as we did with Europe’s GDPR legislation. EMX’s onsite engineering team will be ready to adopt the IAB’s framework once it is finalized. As we get closer to that date, we will provide more detailed information regarding the specifics of EMX’s implementation.