The California Consumer Privacy Act (CCPA)—and how exactly to comply to it—is a concern for marketers who collect personal data from California residents. Late last week, a second draft of the implementation regulations was released following a 45-day comment period in which feedback was submitted to the California attorney general’s office. Though enforcement will not technically begin until July 1, the law has been in effect since Jan. 1—which leaves marketers on the hook for compliance immediately. A piece in AdExchanger looks at what’s new in this second draft and the key takeaways for marketers.
The modified regulations offer some clarification for business that must comply with the legislation or be penalized. (Check out five overall CCPA takeaways for marketers, here). For instance, there was some initial confusion as to what constitutes the sharing of consumers’ “personal information.” The second draft reveals that businesses that collect IP addresses of visitors to its website are not in violation of the legislation if that IP address is not linked to a particular consumer or household.
The legislation also now includes what a voluntary opt-out button might look like. If used, it needs be around the same size of the company’s other buttons on their websites. However, since an opt-out provided through a link is sufficient, the button is optional and therefore may not necessarily be implemented by businesses.
Additional clarifications relate to global user-enabled privacy controls, like browser plug-ins or privacy settings, which need to be honored by businesses—but companies are allowed to alert consumers of such a conflict. And, apps that collect mobile data that consumers would “not reasonably expect” it to collect will need to provide an overview of the data that they’re collecting.
Read on in AdExchanger for additional regulations outlined in the second draft, including how service providers are allowed to treat personal data and how businesses must handle data that was collected before the CCPA went into effect.
Other articles you might enjoy:
- Consumer Privacy: Five Things Marketers Need to Know About CCPA
- Insights for Marketers on CCPA Compliance
- GDPR: Three Tips for Compliance