Data privacy and consent in the age of CCPA, GDPR and impending federal privacy law [Q&A]
When it comes to consent and data privacy, the rise of regulations like the General Data Protection Regulation (GDPR), along with increased consumer awareness of data infractions and breaches, has raised the stakes.
When the California Consumer Privacy Act (CCPA) passed in 2018, many states began following California's lead. Currently, more than 30 states have comprehensive privacy bills that are close to passing or in early stages of being drafted.
But what are the odds something similar will be passed on a federal or global level? And how will this affect brands with regards to collecting consent? We spoke to Alan Brown, general manager North America, at consent management platform Usercentrics to find out.
BN: Is a federal privacy law next for the United States following GDPR and CCPA?
AB: In the United States today (and globally), there is no one broad federal law that solely governs data privacy. However, there are many laws at the state level that privacy experts believe could be made redundant by the creation of a federal law. Having one federal (or global) law could help in making things easier and more streamlined, but only if the federal law supersedes all other state laws. While more than half of the states in the US are in the process of drafting or passing their own privacy legislation, laws that have already passed will be influential in drafting a new comprehensive law.
Even though there are many privacy experts who are in favor of a federal law, others are wary as they believe it would only make data privacy legislation more confusing by adding to the already complex patchwork that currently exists. Seeing as states currently set much of their own legislation, this could make things more complicated in the long run as technology continues to change and opinions on privacy shift.
BN: How soon should brands expect a federal privacy law?
AB: This depends on various factors, with the major one being President Biden's administration. While a federal privacy law will not suddenly appear overnight (or even in a month), many claim it may happen during Biden’s presidency. The current administration consists of many members of Obama's administration, who worked on the 'Obama Consumer Privacy Bill of Rights.' With that said, if a federal data privacy law is to happen, it is likely to happen sometime in the next four to eight years, depending on if President Biden is re-elected.
BN: Why should companies prepare now for any upcoming federal or global privacy laws if they are still projected to be a few years out?
AB: Compliance aside, companies should understand that great customer experiences and trust in a brand start with baseline elements, like demonstrating data privacy in a way that is transparent to the user. Brands can consider running an audit on themselves to gain a better understanding of the data their organization collects. People will have more trust in a brand that gives them control over if and how their data is collected and used from the moment they step onto a website or app. So even if a federal privacy law is a few years out, it's still extremely beneficial for brands to present a strong first touchpoint to users who visit their website now, starting with the customer’s choice to decide how their own data is used.
Companies can look for the right technology to support their data privacy transparency and compliance efforts ahead of a federal privacy law. Using a consent management platform (CMP) that uses pop-up banners and walls to ask customers for their choice in how their data is used and explain to them how each choice alters their experience, can help brands build consumer trust and comply with the GDPR and CCPA today. Data privacy done responsibly and supported with the right technology can help brands win over consumer trust, which in turn makes consumers more likely to opt-in and give their loyalty. That's a positive business impact that brands will miss out on now if they only wait for a federal privacy law to implement change.
BN: Are brands ready to meet the next set of data compliance requirements?
AB: The GDPR and the CCPA were major catalysts in altering how brands think about collecting, managing and using customer data, but it's true the pandemic also acted as an accelerator for companies to lean further into data privacy fundamentals.
Digital interactions were put at the forefront of all industries, and with more people interacting with brands online, one of the top concerns has centered around ensuring those users feel cared for and engaged by brands in their digital experiences. After years of data breaches and misuse, consumers are no longer accepting a lack of transparency when it comes to their data and the brands they interact with.
Whether or not a federal law is implemented, companies shouldn't wait to act. By remaining diligent about how they are using user's data and staying on top of current state regulations, companies will be ready if a federal privacy law does come.
BN: How will companies obtain consumer data in a compliant way in the future, even after a federal privacy law exists?
AB: Global data compliance regulations are constantly evolving. This isn't going to go away even if a federal law is introduced, as attitudes and technologies are always changing. It's only going to become more important to harmonize any brand strategies with achieving consent for the data collected and managed. Consent Management Platforms (CMPs) will be viewed as an integral part of the martech stack to ensure that amidst any new and changing regulations and legislation, companies remain legally compliant. The risk of receiving a warning, fine, losing advertising revenues or developing a bad reputation is too big of a risk.
As long as companies pay attention to customers' privacy expectations and invest in technology that can adapt to any updates in privacy legislation, they will be headed in the right direction.