One of the most nuanced and complex topics for marketers today is the handling of customer data. Data is often necessary to market to customers in a nuanced way and drive sales and revenue, but it also must be treated with care due to the proliferation of modern privacy laws.
Laws like the European Union’s GDPR (General Data Protection Regulation), enacted in 2018, and the CCPA (California Consumer Privacy Act) of 2020 marked a turning point in the way corporations needed to think about customer data privacy. These laws forbade companies from selling customer data without proper consent and gave consumers more control over their information, even to the point of (in the case of the GDPR) giving them recourse to request details about what data a company possessed on them and request deletion of all data (“the right to be forgotten”).
These two laws—and the hefty violation fines that came along with them—rocked the business world in terms of data handling requirements, requiring many companies to quickly gain more control and knowledge of the data they collected than ever before. They also triggered a series of other data privacy laws across the U.S., with more being introduced even to this day.
This blog post covers the state of some recently introduced data privacy laws and other legislation coming down the line, plus what marketers should understand about the data privacy conversation. As a marketing tech company, Rockerbox would be remiss to not have a stance on the issue, and we’ll cover that as well.
Privacy Laws Taking Effect in 2023
Looking ahead into 2023, there are several privacy laws that will take effect this year, including legislation covering Colorado, California, Utah, Virginia and Connecticut. We’ll cover a few of these laws below.
California Privacy Rights Act
Effective Date: January 1, 2023
The California Privacy Rights Act (CPRA), sometimes called CCPA 2.0, expands the measures in the CCPA, giving more rights to California residents and also changing the definition of which companies the CCPA applies to. Some of the expanded rights include the right to:
- Opt out of having their personal information shared with a business (this can apply to third-party advertising)
- Make corrections to incorrect personal records
- Access more details on a companies data handling practices (such as how long they retain data)
Colorado Privacy Act
Effective Date: July 1, 2023
Similar to other data privacy legislation, this statewide legislation lets consumers opt out of targeted advertising and some profiling, and also have more say in what data a company retains on them. Like the GDPR, this act also grants consumers the right to data portability, which is “the right to have the personal data transmitted directly from one controller to another.”
The other proposed acts include:
- Virginia Consumer Data Protection Act — January 1, 2023
- Connecticut Data Privacy Act — July 1, 2023
- Utah Consumer Privacy Act — December 31, 2023
Progress Toward a Federal Privacy Law
With these new developments, five states now have sweeping data privacy regulations governing businesses’ activities. This progress naturally begs the question of whether a federal data privacy law is in the cards for the U.S. in the coming years. While many laws have been proposed, no one piece of legislation covers the whole country. However, the American Data Privacy Protection Act (ADPPA), which passed the House and has bipartisan support, is a promising candidate for a law that would offer Americans something similar to the far-reaching protections that the GDPR offers European Union citizens.
What Marketers Need to Know About Data Privacy Laws
While few marketers would say they want to infringe on data privacy, it’s a fact that personalized modern marketing often relies on having and using customer information to target messages and drive sales. That said, if a data privacy law doesn’t yet apply to your business, it likely will soon—meaning data privacy violations won’t just be distasteful to your customers, they’ll also be illegal.
To be ahead of the curve when it comes to data privacy, follow a few guidelines:
- Implement technology that can allow you to respond and act quickly in the event of customer data requests (such as a form solution that can pull up existing data and allow customers to make changes).
- Prepare for the end of third-party cookies (which are in direct conflict with the spirit of the GDPA, CCPA, and other privacy laws). Explore first-party data-based solutions instead.
- Tell your customers exactly how you’ll use their data in clear, plain language on your website.
The Rockerbox Approach to Data Privacy
We get a lot of questions about the impact of new and evolving privacy legislation, and rightly so. Many third-party advertising companies who sell or share consumer data, or profit off of it in other ways are directly impacted by these developments.
Amid the noise in the industry and fear-mongering from companies touting the false claim that "all marketing tracking is dead,” we have created Rockerbox to allow you to measure your marketing and also remain fully compliant with privacy legislation now and in the future.
We do not sell or share data and all PII data can be hashed when sent to us. Rockerbox is simply a processor of your data, and your data is owned by you.
Rockerbox has navigated multiple privacy changes in the past and will continue to help businesses get the best of both worlds: privacy law compliance plus robust analytics to grow their business.