blog | 4 min read

CCPA Isn't Taking a COVID-19 Hiatus

June 29, 2020

Orange image displaying CCPA.

Since the reality of COVID-19 set in, every economic sector has been working tirelessly to adapt and survive. For B2C marketers, this has presented the urgent challenge of scaling back spend, of adjusting creative, of postponing campaigns, of doing more with less. It’s a full-time job – and one that’s only getting harder. In marketing as in other disciplines, the focus is on the essential, and the focus is short term. Everything else can wait.

And yet, the laws governing consumer data privacy are still on the books. The California Consumer Privacy Act (CCPA) went into effect on January 1st and, despite calls for postponement due to COVID-19, enforcement is still set to begin on July 1st. The General Data Protection Regulation (GDPR) remains the law of the land in the EU and (until the end of 2020) the UK. Privacy compliance still belongs on the list of “essential” concerns for today’s marketer – and meeting the spirit of these laws is just as urgent.

The Race to Compliance

Compliance with privacy regulation has been a core focus for marketers since the GDPR was signed into law in 2016, taking effect in May of 2018. The GDPR was quickly succeeded by similar laws in Japan, Brazil, South Korea, and states like California (CCPA) and Nevada. The penalties for violating these regulations are severe, enough to incur significant financial impact for any company found in violation.

Due to the urgency and immediacy of the problem, some brands have managed GDPR and CCPA separately from their overall approach to customer data. They have focused on meeting the minimum thresholds of legal compliance, doing their best to not trigger enforcement. For many, this has amounted to costly legal fees and the implementation of compliance frameworks like OneTrust, which has rapidly gained traction as the industry standard.

A Broader Perspective

Other brands recognize that GDPR and CCPA are manifestations of a more fundamental change in consumer preference and behavior. These regulations express in legal terms the desire of customers to have more consent and control over how their data is used and to have a more direct and accountable relationship with the companies that use it. This deeper shift in attitudes is also a force behind other major changes to the industry, manifesting as browsers shifting away from cookies, as the rise of “walled garden” closed ecosystems where personalization is standard, and in the success of the DTC model. Every one of these macro changes points toward an escalating imperative for companies to become more customer-centric, and more deliberate with customer data.

These brands have aligned their investment in compliance frameworks with a foundational architecture for customer data where they not only comply with GDPR and CCPA, but instead create a clear contract with customers on expectations, and deliver on their side of the bargain. This approach combines compliance frameworks with a system for gathering, storing, and deploying permissioned first-party data. This approach, which is only possible through advances in modern cloud computing platforms, uses the investments in GDPR and CCPA to bootstrap a broader platform.

A Foundation for Action. Build for the Future

Which brings us back full circle to the exigencies of the present moment where brands are forced to quickly adjust and do more with less. Any privacy solution will be understood through the lens of efficiency. Is there room to even consider doing more?

In a word – yes. A foundational architecture for customer data helps brands identify their most valuable customers, their best-performing channels, and their most indispensable investments in brick and mortar. As markets open back up, brands must know, understand, and serve their customers well. They’ll need to rapidly deploy new messaging and manage new customer behaviors. They’ll need to take advantage of depressed media costs to acquire valuable new customers and maximize their lifetime value. And it will be the same long-term solution for privacy compliance that will deliver the short-term results in marketing efficiency that brands are desperate for today.

Most brands have spent their energy with point solutions that address compliance workflows – this is understandable. But smart brands will do this in a way that bootstraps a holistic customer view and builds towards customer-centricity.


This article originally appeared in Advertising Week 360.