Free Assessment: How does your inbound marketing measure up?

Get Started

Free Assessment:

How does your inbound marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.
Get Started

Free Assessment:

Data privacy update: How the CCPA affects you and your paid advertising

By Dan Baum

Data privacy update: How the CCPA affects you and your paid advertising

In October 2019, California passed a consumer privacy act that will impact U.S. companies even more than the European Union’s General Data Protection Regulation (GDPR) that went into effect last year.

While it doesn’t have some of the most repercussive requirements GDPR has, it does take the protection of California residents much further.

This act, called the California Consumer Privacy Act (CCPA), went into effect on January 1st, 2020, and largely affects U.S. companies conducting significant business with Californians. 

Simply put, the CCPA is a state-wide regulation that gives California consumers more rights in regards to how their data is used, stored, and sold by businesses.

There are four basic tenets to the CCPA regulations. At a high level, the CCPA gives consumers:

  • The right to know what information companies collect, use, share, and sell
  • The right to delete any and all personal information businesses have
  • The right to opt-out of their information being sold, and to stop businesses that sell their information already from doing so
  • The right to non-discrimination in prices or services if they choose to exercise any of the other privacy rights

While these regulations are unique to California (more on that below), other states have introduced similar legislation, and some companies are extending CCPA protection to the rest of the U.S.

What does the CCPA mean for my business?

Most likely there won’t be much you have to do differently in your day to day operations.

Most companies that are affected by the CCPA should be mostly (if not completely) compliant if they are already following the guidelines set by GDPR.

Even then, the only businesses affected by the CCPA are those that satisfy any of the following criteria:

  • Gross annual revenue exceeding $25 million
  • More than 50% of their annual revenue deriving from the sale of consumer’ personal information
  • Buying, receiving, or selling the personal information of more than 50,000 consumers, households, or devices in California.   

If your business meets any of those requirements, you must provide notice to consumers before data collection happens while providing a “do not sell my information” opt-out option for anyone who chooses to. 

You’ll also need to have contact information detailed on your website where consumers can contact you and ask questions about their data or request a deletion.

Requests of this type will also have to be processed within 45 days of receiving them, so you might want to consider having additional processes in place to make sure you comply.

It’s not yet clear how California will be enforcing this new law, but there are fines in place for businesses that fall into repeated noncompliance. 

Here is what you should do to be CCPA-compliant

  • Take another look at your privacy policies: Be sure they are compliant with all of CCPA’s required disclosures.
  • Be open and transparent about the specific purposes for data collection: Users need to be informed when providing personal information, so anything ambiguous is a no-go.
  • Take a look at how the data you collect is managed and stored: Make sure there are no holes in your data management; look for any potential vulnerabilities. 
  • Treat data requests from customers as urgent: Create processes to handle these requests quickly. Failing to respond within that 45 day period will result in fines — not to mention you’ll start losing trust with your customers. 

What about my advertising in California?

Unfortunately, just like with GDPR, this will have an effect not only on businesses in California, but also those who interact with Californian residents. 

What this means is that even if the CCPA doesn’t apply to you, you may still need to pay attention to it. 

We know that Facebook is being very aggressive, based on how they are treating ad accounts who are non-compliant.

Even companies who do not need to be compliant (i.e. they don’t satisfy any of the requirements outlined above) are seeing their ad performance negatively impacted within California since the law took effect earlier this year.

As of right now, it’s not clear if Facebook will ease its enforcement and let businesses not affected by the CCPA resume business as usual.

Facebook and CCPA

Regardless if businesses need to become compliant or not, it appears that those who are compliant are being rewarded heavily in California on Facebook. 

Our main suggestion would be if you are advertising in California and you are not CCPA-compliant, you’d be better off pausing those ads.

It appears that it really doesn’t matter if you are legally obligated to comply with CCPA or not. Facebook is still dinging performance in California.

California is a huge market and many businesses rely on its population to hit their revenue goals.

The current penalties in Facebook are too large to ignore and can affect other areas of your account, so we would still recommend pausing your California-based campaigns or excluding California from your targeting until you are compliant — or until Facebook eases the current enforcement of the laws.

In the meantime, if advertising in California is a large part of your business you should work hard to become compliant as soon as possible. Consult your legal counsel and development team to get these mandates up and running on your site.

For other platforms like Google, LinkedIn, and Microsoft, we aren’t seeing major effects just yet. This will change, however, as California amends and signs new additions to the law in the near future.

We don’t know when any changes will take place, especially now with California COVID-19 cases surging.

The future of data privacy

The CCPA is a sign of things to come. Personal information and privacy are becoming more and more protected, and more states and countries will follow in California’s footsteps. 

As business owners it is our duty to our customers to protect their information and treat it properly.

We can’t expect to build trust and loyalty if we don’t handle data in a responsible, transparent, and ethical way.

Regardless if the CCPA affects you or not, it will pay off to look at how your data is being managed and stored. Take the steps to protect your customers’ information now, before you are legally obligated to do so. 

Free Assessment:

How does your inbound marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.


Reporting & Performance
Facebook Marketing
Data Security
Paid Media
Published on July 15, 2020

Recent Articles

Vanity Metrics Are The Most Misunderstood Numbers in Marketing
December 26, 2022 • 4 min read
What Marketers Need To Know About Switching to GA4 [Google Analytics 4]
July 30, 2022 • 5 min read
13 Valuable Marketing KPI Dashboards To Track Every Metric That Matters
July 14, 2022 • 8 min read
Get More Out of HubSpot Reporting With a Third-party Tool
July 9, 2022 • 5 min read
Databox vs. Geckoboard: Choosing the Right Data Platform for You
July 2, 2022 • 7 min read
10 Marketing KPIs You Should Be Tracking
March 3, 2022 • 9 min read
Google Shares New Tools to Audit Website User Experience
August 12, 2021 • 3 min read
8 Best Digital Marketing Tools and Tech for Every Business (+ VIDEO)
March 31, 2021 • 7 min read
10 Google Analytics metrics you absolutely must track (updated)
March 29, 2021 • 5 min read
Google Analytics 4: Your business website analytics are now smarter
November 11, 2020 • 3 min read
Why a growth-driven design website will give you better traffic, leads, and sales
October 26, 2020 • 5 min read
Social Media KPIs: The 10 You Really Should Be Tracking and Monitoring
August 30, 2020 • 6 min read
Content ROI Examples: How to Nail Your Reporting Strategy with HubSpot
August 28, 2020 • 12 min read
How to Create a Powerful Monthly Content Marketing ROI Newsletter
August 7, 2020 • 6 min read
Google Analytics to offer 2 new probability metrics: purchase and churn
July 20, 2020 • 2 min read
Data privacy update: How the CCPA affects you and your paid advertising
July 15, 2020 • 4 min read
How attribution reporting helped iCIMS improve its Google Ads performance ft. Joel Maldonado of Path Interactive (Inbound Success, Ep. 150)
July 6, 2020 • 18 min read
What does Basecamp’s privacy-focused HEY email service mean for marketers? [IMPACT Toolbox June 2020]
June 25, 2020 • 5 min read
Google Ads now offers category reporting for your Search and Shopping ads
June 1, 2020 • 2 min read
How to Measure Content Marketing ROI, Celebrate Your Wins, and Keep Your Job
April 16, 2020 • 7 min read
Case study: Are you confident in the data behind your digital marketing strategy?
March 24, 2020 • 7 min read
Google makes it easier to hide content and check third-party reporting
February 4, 2020 • 3 min read
RIP HubSpot's 'links' tool: What you should use instead
January 8, 2020 • 3 min read
Why do regular backups of your website matter?
December 23, 2019 • 6 min read
What is Google Analytics? The pros, cons, and ugly missing link
December 17, 2019 • 10 min read