Hosted by Julie F Bacchini, this week’s PPCChat discussion revolved around CCPA (California Consumer Privacy Act). Experts poured out their thoughts on the strategies which can deal with laws like CCPA, Any unforeseen consequences of this law, Any changes in the data because of CCPA, and more.
Q1: Are you familiar with the CCPA (California Consumer Privacy Act) that went into full effect on July 1, 2020?
I have not read the full text of the law, but I have been reading up on industry pieces and also info from law firms is helpful in understanding what it is and what you need to do about it. @NeptuneMoon
More familiar than I want to be already, lol. This stuff unfortunately makes us one part marketing and one part lawyer. You also have to keep telling clients you are not actually a lawyer and they should consult their legal counsel to go over specifics. @lchasse
I am not. but I am familiar with CASL and GDPR, so my hope is that it’s similar. @JuliaVyse
Yep, no real impact. @JonKagan
Yes, to me, it seems like California’s version of GDPR. It also seems like Facebook is trying to offload the responsibility to the advertisers but isn’t being clear on how to do so. @RyBen3
Yes, very well versed in most aspects. @SPoulton
What is the biggest thing you (@SPoulton) think advertisers need to know about CCPA?
The biggest thing is probably knowing if you’re required to be compliant based on the 3 criteria referenced in CCPA (in this article for reference: searchengineland.com/facebook-ccpa-… @SPoulton
Q2: Did you do anything in advance of CCPA to prepare your clients web sites or advertising strategies for it? If so, what did you do?
Not in my case. we’re still in the weird headspace of ‘sensitive topics’ ads, even though we’re in another country, advertising to another country. @JuliaVyse
I did not do anything in advance of CCPA going into effect on July 1st. @NeptuneMoon
We updated audience lists in many cases to exclude CA residents to be safe at launch. Most of the brands I work with wanted to err on the side of caution until things are more well defined (processes). @lchasse
If you ARE required to be compliant, then you need to speak with a lawyer and ensure you have an opt-out solution on-site for CA users. Remember “IP” counts as personal information, this is extremely broad and extends to remarketing functions in particular. @SPoulton
Aaaa I love CCPA and more importantly the larger implication! But even our large national ecommerce company doesn’t fall under the requirements. @ferkungamaboobo
Q3: Are you seeing any changes in your data that you think are a result of CCPA?
The real changed happened on Facebook with the limited data enforced right away @andreacruz92
I’ve seen FB advertisers report that California is underreporting and they’ve tested this by separating out California from the audience and the ad set with California in it has a lot of unreliable data. @RyBen3
The only big change I saw was in Facebook so far. @lchasse
Yes, one client had a big drop the day it was enforced. State of CA went from 1st in traffic to 10th. Their customer data’s clean so we turned full features back on. But stark contrast for sure. @timmhalloran
Q4: How, if at all, are you adjusting your strategies now that CCPA is being enforced?
Not much, we didn’t have much in market anyway due to other FB factors (cough, boycott, cough cough), so mostly I’m keeping an eye on other digital channels and how they can stay safe. @JuliaVyse
I think this all plays nicely into Facebook’s desire to have you “just target broadly and let them figure it out” (but not be legally responsible, that still falls on you, the advertiser, of course!). @NeptuneMoon
We have adjusted the building of audience lists for remarketing. Also making sure customer service is able to remove people from everything from abandoned cart emails and other types of marketing that is more personal. @lchasse
Recommending Facebook seems like a risk since they are basically trying to wash the hands – is that a phrase Americans / Canadians (@JuliaVyse) used? @andreacruz92
Q5: Do you think it is wise to start coming up with strategies to deal with laws like CCPA being enacted in more states or even federally here in the US? Are you doing so now or plan to?
Still trying to figure out the specific details on what’s relevant for each client, but yes, good to be proactive in sharing strategies to make sure we’re compliant. @timothyjjensen
Not a novel concept but 1st party data is king. Find ways to retain all the demand gen traffic in the form of creative “opt-ins” like newsletters, ebooks, webinars, etc. Don’t let it go to waste. Especially now with the demise of the 3rd party. @timmhalloran
I think we should, but again, my experience is with cross-border privacy rules. Our north star should always be ‘how are my customers safest and most supported’ that’s how you build long-term loyalty and sales. adjust accordingly. @JuliaVyse
Absolutely. We don’t do a ton of business on the West Coast, so I haven’t been terribly concerned, but I know NJ, where we are based, and I think MA both have bills working their way through that are going to be similar. Only a matter of time before it’s Federal. @seo_sitch
We’re definitely thinking about additional privacy laws & different ways we can balance data capture & deployment with existing (and potential) new laws. Better to be thinking ahead vs getting caught flat-footed. @DigitalSamIAm
It would be smart to be thinking about how you would do your job without some of the data we now take for granted. For example, what if you could no longer remarket? What would you do instead? @NeptuneMoon
Brands need to be thinking about it now. If brands are developing systems, they need to build in controls they can easily change up. You can also move from default opt-ins to default opt-outs and ask them to opt-in. Provide value and they will opt-in. @lchasse
And for crying out loud, don’t use prospecting campaigns to get hard leads with 7 form fills for long sales cycles. That’s a great way to get a 0.02% CVR. Another component to this is teaching clients. If they’re last-click gung-ho, you’re gonna have a bad time. @timmhalloran
Not to downplay CCPA, but I think we all need to start game plans. Bc once Chrome goes no 3rd party cookies, the game will be changed. @JonKagan
Yes, we are because typically CA passes laws first that then go into effect or are considered across other states later. We discuss back up plans with our clients so we can pivot faster if necessary down the line. @AkvileDeFazio
I also think it’s wise to start having these conversations w/ clients, even if it is along the lines of “what is allowed in the digital space is always fluid and we will keep you informed as things change and advise you on ways our strategies will need to adapt.” @NeptuneMoon
YES. 5 somewhat easy steps: 1) Do a data inventory – what are you collecting, what do your vendors collect 2) Do spring cleaning – do you need that data? Do you REALLY need that data? When can you destroy that data 3) Write your privacy policy in plain English. 4) Now that you’ve rewritten your privacy policy, what seems icky? What wouldn’t you want to have done to you? Remove that tracking, destroy the data, & remove it from your privacy policy. 5) Tell your clients that you’ve updated your privacy policy & get feedback! @ferkungamaboobo
Q6: Do you foresee any “unforeseen consequences” of this law or others like it that may follow suit to CCPA?
I know one of the big fallouts from GDPR was bigger companies winning because they had the resources to comply while smaller companies scrambled. Looks like with the biz size guidelines for CCPA this might not be so much an issue though? @timothyjjensen
There are ALWAYS unforeseen consequences of every new law. We live in a very complex society. Still dealing with AB5 “unforeseen consequences” in California. @ynotweb
I am very curious how much of this will end up impacting analytics. That data is anonymized, so it should not be impacted, but I suspect it probably will be. Think of everything you do that would be completely disrupted if analytics as we know it is gone? @NeptuneMoon
Every so often there are new regulations in business we have to pivot to. Remember Sarbanes–Oxley? As a society, we are constantly going to have new laws and regulations we have to comply with. Just a fact of life and we will have more. @lchasse
Q7: What, if anything, do you think will happen relative to user privacy in the coming year?
I am betting more states pick up on CA’s new law, so we will see it expand to some other states. How quickly or with any adjustments will be the question. @lchasse
Predicting a continued trend toward stronger privacy and continued loss of targeting/analytics on our end. @timothyjjensen
I don’t think the sea change I expected/hoped for is actually coming. Momentum has stalled, for some obvious reasons. Terrified to think what delivery startups are doing with data. @ferkungamaboobo
I predict that privacy will continue to get lip service. Will any real action be taken? Hard to say, we have, right now, a lot bigger fish to fry on a lot of fronts… @NeptuneMoon
I think the next shoe to drop is federal guidelines similar to GDPR in the next 4-8 yrs. Till then, I hope other states adopt CCPA and don’t make their own. @timmhalloran
PPCChat Participants:
- Julie F Bacchini @NeptuneMoon
- lchasse @lchasse
- Julia Vyse @JuliaVyse
- Jon Kagan @JonKagan
- Ryan Bennion @RyBen3
- Simon Poulton @SPoulton
- Doug R Thomas, Esq. @ferkungamaboobo
- Andrea Cruz @andreacruz92
- Tim Halloran @timmhalloran
- Tim Jensen @timothyjjensen
- Sam @DigitalSamIAm
- Mike M. @seo_sitch
- Akvile DeFazio @AkvileDeFazio
- Kammy Caruss @ynotweb
Related Links
Stop the wasted ad spend. Get more conversions from the same ad budget.
Our customers save over $16 Million per year on Google and Amazon Ads.