Today’s consumers are becoming increasingly concerned about their data privacy online. The data breach is becoming more prevalent, and we’ve all heard about companies selling our data in less than desirable ways. And with the widespread use of wireless connections and portable devices, we are often transmitting our data without our knowledge.
In 2018, internet marketers were globally affected by the European privacy law known as the GDPR (General Data Protection Regulation). The GDPR brought with it the now ubiquitous footer popup to “accept cookies” on websites across the internet. When we accept cookies, we are “opting-in” to allow a business to use the data collected while we’re using the site.
On January 1, 2020, the state of California followed Europe’s lead by enacting its own consumer privacy law--the California Consumer Privacy Act (CCPA). When CCPA was born, marketers hurried to learn how it would affect online businesses subject to the law. In this article, we’re looking at the CCPA, what it means for marketers, and how it affects influencer marketing strategies.
The California Consumer Privacy Act (CCPA) is a law created to help consumers protect their personal information. The California Attorney General’s CCPA’s regulations require more transparency from businesses regarding what part of consumer data it collects, shares, or sells to third parties. The law also gives consumers more control over their personal data.
The CCPA defines personal information as any info that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In practical terms, this includes basic categories of personal information like:
In addition to these primary identifiers, California’s new privacy law also defines personal data to include biometric information, internet activity, browsing history, ad engagement, job, or employment information. Any records of someone’s preferences, predispositions, behaviors, attitudes, or psychological traits are also off-limits.
While GDPR requires users to opt-in to share data, the California Consumer Privacy Act allows users to opt-out of sharing their data instead. Businesses must make sure there are two simple and obvious ways on the homepage for users to easily opt-out of sharing data. The law also requires businesses to publish in clear terms how the brand will use their personal data.
Many businesses are left wondering whether CCPA affects their brand. The answer depends on the size, revenue and purpose of your company. The new data privacy law applies to organizations that do business in California and have annual revenue of over $25M. It also applies to those that buy, receive, sell, or share the consumer’s personal information of at least 50,000 California residents each year, or make at least 50% of annual revenue from selling California residents’ personal information.
The first question most business owners ask is whether CCPA will affect their brand. The short answer is, “it depends.” The statute applies to businesses that:
And though the CCPA is only the law of the land in California, it affects businesses worldwide because some California residents likely use their websites. It’s also possible that other states will follow California’s lead in the next decade, making similar laws applicable to more Americans.
The short answer is that advertisers can no longer use email lists for creating audiences for influencer content and paid ad campaigns. The personal information like names, email addresses, and any other basic usage information for those who opt-out is off-limits under the law.
But the good news is that there will likely be very few consumer requests to opt-out. “Even when there’s the option to say no, maybe 10% of the people say no” to having their data sold to third parties, says Ben Barokas, CEO of SourcePoint. If we use GDPR as a guide, about only 5% of users will choose to opt-out under CCPA. And for all of society’s privacy concerns, studies report that consumers are happy with seeing personalized ads.
Even with increasing personal privacy regulations, influencer marketing is still a safe way for brands to reach their potential customers in a targeted and compliant manner. Because users have voluntarily followed an influencer, they have organically opted to engage with that influencer’s content--making them fair game for social media audience targeting.
If you’re already GDPR compliant, you’re probably in good shape for CCPA. Here are a few essential things to remember:
One of the most savvy ways to reach safe audiences in California is through influencer audience targeting by whitelisting. These audiences are compiled of users who have liked, commented or saved an influencer ad or post which means you’re reaching a safe audience who has already shown their interest in influencer content. Lookalike audiences are also great tools for retargeting ad strategies that don’t misuse prohibited Facebook pixel data. It’s also a good idea to leverage lookalike audiences based on interests, or even your competitor’s audiences. This approach could give you access to even more ideal customers who are safe to target. Recommended reading: Maximizing influencer ads with influencer audience targeting.
If you’re using influencer content in your paid media, like Facebook Ads, a whitelisting tool like Lumanu will allow you to easily gain access to dozens of influencer audiences in minutes. If you’d like more information about how whitelisting can help you stay California Privacy Act compliant, get in touch today.