Free Assessment: How does your sales & marketing measure up?

Get Started

Free Assessment:

How does your sales & marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.
Get Started
Reporting & Performance  |   News  |   Facebook Marketing  |   Data Security  |   Paid Media

Data privacy update: How the CCPA affects you and your paid advertising

Dan Baum

By Dan Baum

Jul 15, 2020

Data privacy update: How the CCPA affects you and your paid advertising

In October 2019, California passed a consumer privacy act that will impact U.S. companies even more than the European Union’s General Data Protection Regulation (GDPR) that went into effect last year.

While it doesn’t have some of the most repercussive requirements GDPR has, it does take the protection of California residents much further.

This act, called the California Consumer Privacy Act (CCPA), went into effect on January 1st, 2020, and largely affects U.S. companies conducting significant business with Californians. 

Simply put, the CCPA is a state-wide regulation that gives California consumers more rights in regards to how their data is used, stored, and sold by businesses.

There are four basic tenets to the CCPA regulations. At a high level, the CCPA gives consumers:

  • The right to know what information companies collect, use, share, and sell
  • The right to delete any and all personal information businesses have
  • The right to opt-out of their information being sold, and to stop businesses that sell their information already from doing so
  • The right to non-discrimination in prices or services if they choose to exercise any of the other privacy rights

While these regulations are unique to California (more on that below), other states have introduced similar legislation, and some companies are extending CCPA protection to the rest of the U.S.

What does the CCPA mean for my business?

Most likely there won’t be much you have to do differently in your day to day operations.

Most companies that are affected by the CCPA should be mostly (if not completely) compliant if they are already following the guidelines set by GDPR.

Even then, the only businesses affected by the CCPA are those that satisfy any of the following criteria:

  • Gross annual revenue exceeding $25 million
  • More than 50% of their annual revenue deriving from the sale of consumer’ personal information
  • Buying, receiving, or selling the personal information of more than 50,000 consumers, households, or devices in California.   

If your business meets any of those requirements, you must provide notice to consumers before data collection happens while providing a “do not sell my information” opt-out option for anyone who chooses to. 

You’ll also need to have contact information detailed on your website where consumers can contact you and ask questions about their data or request a deletion.

Requests of this type will also have to be processed within 45 days of receiving them, so you might want to consider having additional processes in place to make sure you comply.

It’s not yet clear how California will be enforcing this new law, but there are fines in place for businesses that fall into repeated noncompliance. 

Here is what you should do to be CCPA-compliant

  • Take another look at your privacy policies: Be sure they are compliant with all of CCPA’s required disclosures.
  • Be open and transparent about the specific purposes for data collection: Users need to be informed when providing personal information, so anything ambiguous is a no-go.
  • Take a look at how the data you collect is managed and stored: Make sure there are no holes in your data management; look for any potential vulnerabilities. 
  • Treat data requests from customers as urgent: Create processes to handle these requests quickly. Failing to respond within that 45 day period will result in fines — not to mention you’ll start losing trust with your customers. 

What about my advertising in California?

Unfortunately, just like with GDPR, this will have an effect not only on businesses in California, but also those who interact with Californian residents. 

What this means is that even if the CCPA doesn’t apply to you, you may still need to pay attention to it. 

We know that Facebook is being very aggressive, based on how they are treating ad accounts who are non-compliant.

Even companies who do not need to be compliant (i.e. they don’t satisfy any of the requirements outlined above) are seeing their ad performance negatively impacted within California since the law took effect earlier this year.

As of right now, it’s not clear if Facebook will ease its enforcement and let businesses not affected by the CCPA resume business as usual.

Facebook and CCPA

Regardless if businesses need to become compliant or not, it appears that those who are compliant are being rewarded heavily in California on Facebook. 

Our main suggestion would be if you are advertising in California and you are not CCPA-compliant, you’d be better off pausing those ads.

It appears that it really doesn’t matter if you are legally obligated to comply with CCPA or not. Facebook is still dinging performance in California.

California is a huge market and many businesses rely on its population to hit their revenue goals.

The current penalties in Facebook are too large to ignore and can affect other areas of your account, so we would still recommend pausing your California-based campaigns or excluding California from your targeting until you are compliant — or until Facebook eases the current enforcement of the laws.

In the meantime, if advertising in California is a large part of your business you should work hard to become compliant as soon as possible. Consult your legal counsel and development team to get these mandates up and running on your site.

For other platforms like Google, LinkedIn, and Microsoft, we aren’t seeing major effects just yet. This will change, however, as California amends and signs new additions to the law in the near future.

We don’t know when any changes will take place, especially now with California COVID-19 cases surging.

The future of data privacy

The CCPA is a sign of things to come. Personal information and privacy are becoming more and more protected, and more states and countries will follow in California’s footsteps. 

As business owners it is our duty to our customers to protect their information and treat it properly.

We can’t expect to build trust and loyalty if we don’t handle data in a responsible, transparent, and ethical way.

Regardless if the CCPA affects you or not, it will pay off to look at how your data is being managed and stored. Take the steps to protect your customers’ information now, before you are legally obligated to do so. 

Free Assessment:

How does your sales & marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.

Related Articles

10 Marketing KPIs You Should Be Tracking

August 3, 2023
Carolyn Edgecomb Carolyn Edgecomb

Vanity Metrics Are The Most Misunderstood Numbers in Marketing

December 26, 2022
Ramona Sukhraj Ramona Sukhraj

What Marketers Need To Know About Switching to GA4 [Google Analytics 4]

July 30, 2022
John Becker John Becker

13 Valuable Marketing KPI Dashboards To Track Every Metric That Matters

July 14, 2022
Ramona Sukhraj Ramona Sukhraj

Get More Out of HubSpot Reporting With a Third-party Tool

July 9, 2022
John Becker John Becker

Databox vs. Geckoboard: Choosing the Right Data Platform for You

July 2, 2022
Ramona Sukhraj Ramona Sukhraj

Google Shares New Tools to Audit Website User Experience

August 12, 2021
Paul D. Grant Paul D. Grant

8 Best Digital Marketing Tools and Tech for Every Business (+ VIDEO)

March 31, 2021
John Becker John Becker

10 Google Analytics metrics you absolutely must track (updated)

March 29, 2021
Magdalena Day Magdalena Day

Google Analytics 4: Your business website analytics are now smarter

November 11, 2020
Vin Gaeta Vin Gaeta

Why a growth-driven design website will give you better traffic, leads, and sales

October 26, 2020
John Becker John Becker

Social Media KPIs: The 10 You Really Should Be Tracking and Monitoring

August 30, 2020
Ramona Sukhraj Ramona Sukhraj

Content ROI Examples: How to Nail Your Reporting Strategy with HubSpot

August 28, 2020
Liz Murphy Liz Murphy

How to Create a Powerful Monthly Content Marketing ROI Newsletter

August 7, 2020
Liz Murphy Liz Murphy

Google Analytics to offer 2 new probability metrics: purchase and churn

July 20, 2020
Vin Gaeta Vin Gaeta

Data privacy update: How the CCPA affects you and your paid advertising

July 15, 2020
Dan Baum Dan Baum

How attribution reporting helped iCIMS improve its Google Ads performance ft. Joel Maldonado of Path Interactive (Inbound Success, Ep. 150)

July 6, 2020
Kathleen Booth Kathleen Booth

What does Basecamp’s privacy-focused HEY email service mean for marketers? [IMPACT Toolbox June 2020]

June 25, 2020
Morgan VanDerLeest Morgan VanDerLeest

Google Ads now offers category reporting for your Search and Shopping ads

June 1, 2020
Vin Gaeta Vin Gaeta

How to Measure Content Marketing ROI, Celebrate Your Wins, and Keep Your Job

April 16, 2020
Jen Barrell Jen Barrell

Case study: Are you confident in the data behind your digital marketing strategy?

March 24, 2020
Dan Baum Dan Baum

Google makes it easier to hide content and check third-party reporting

February 4, 2020
Dylan Lepak Dylan Lepak

RIP HubSpot's 'links' tool: What you should use instead

January 8, 2020
Jessica Palmeri Jessica Palmeri

Why do regular backups of your website matter?

December 23, 2019
Daniel Escardo Daniel Escardo

What is Google Analytics? The pros, cons, and ugly missing link

December 17, 2019
Angela Bowman Angela Bowman