12 {{ upvoteCount | shortNum }}
12 {{ upvoteCount | shortNum }}

Steps marketers should take now in advance of California's CPRA

by WarriorForum.com Administrator
11 replies
Marketing Land reports that even though California Privacy Rights and Enforcement Act doesn't take effect for a couple more years, you should begin preparing for it to happen.

In case you hadn't heard already, California voters passed Proposition 24 last week, which is the California Privacy Rights and Enforcement Act (CPRA). The act builds upon the California Consumer Privacy Act (CCPA), which went live earlier this year. The new CPRA is scheduled to replace that in 2023.



The author here asked a number of digital marketers and technology companies to provide concrete advice for brands, publishers, and advertisers in terms of preparing for CPRA. This is just a brief summary of some of the advice, and you should definitely head over to the article to get the full lowdown on CPRA preparation:

This is Kristina Podnar, who is a digital policy consultant & author:

"Introduce/Increase transparency. CPRA introduces a slew of new requirements around data uses aimed at increased transparency. This will be a bit of a GDPR throwback for marketers who went through adaptation for that regulation. But for any marketer not yet subject to GDPR, this will be a tough hill to climb. Businesses should start paying attention to data privacy by design and governance practices. Specifically, pay attention to data minimization. In other words, only collect the information you need to do the things you say you will do for the user, tell the user how long you will keep their data, don't extend beyond that timeframe for your own marketing needs, and only do with the data what you told the user you will do with it. Marketers will need to start paying attention to what data they collect, why they collect it, and how they manage that data throughout its lifecycle."
There's more advice from Simon Poulton, who is VP of Digital Intelligence at Wpromote:

"Be CCPA compliant. Since CPRA will not take effect until 2023, focus on being CCPA compliant in the immediate future (if you're not already). In many cases, CPRA expands on what is covered by CCPA, so compliance here will still be a step in the right direction. It should be noted that all regulations covered within CPRA will be applied to all data collected from January 1st, 2022 onwards. Sharing = Selling. Under CCPA, some brands (e.g., Starbucks) explicitly stated that they did not view the sharing of data as selling. This is now clearly defined, and brands should be mindful of all data-sharing points."
Here's the take of Cillian Kieran, who is the founder and CEO of Ethyca:

"Review your ability to categorize data you collect, process or store. There's lots more nuance in CPRA about how user data is categorized, and processors -- including marketers -- need to be able to treat different categories of personal information discreetly. An obvious example is the introduction of sensitive personal information (SPI). CPRA allows users to designate that their SPI be used only for the essential delivery of a good or service. This requires finer-grained control for data flows in backend systems."
There's a heap of great advice from some very notable professionals in the original article, and I'd strongly advise you give it a read if it's relevant to your field.
#advance #california’s #cpra #marketers #steps
Avatar of Unregistered
  • Profile picture of the author dave_hermansen
    Well, more than likely, the ACT violates the Commerce Clause, making it a law that, legally speaking, will only apply to businesses that have a physical nexus within the state of California - https://aulawreview.org/blog/nice-th...l-privacy-law/
    Signature
    StoreCoach.com - FREE TRAINING - Learn How to Build Your Own eCommerce Website
    My PROVEN ecommerce process, as seen on: Fox Business News, the NY Times & Flippa
    {{ DiscussionBoard.errors[11736903].message }}
  • Profile picture of the author Kay King
    Good link. California can set the laws for businesses in their state but they can't change the federal laws that apply to other states.
    Signature
    Saving one dog will not change the world - but the world changes forever for that one dog
    ***
    One secret to happiness is to let every situation be
    what it is instead of what you think it should be.
    {{ DiscussionBoard.errors[11736906].message }}
  • Profile picture of the author dave_hermansen
    I should also add that even if somehow, California wins a Commerce Clause case, the Act would not affect the vast majority of online businesses.

    Per the Act, "A business that has any activity in California is subject to the CCPA if the business meets one of three statutory thresholds: (1) it has more than $25 million in annual gross revenue, (2) it buys, receives, sells, or shares the personal information of 50,000 or more consumers annually, or (3) it derives fifty percent or more of its annual revenue from selling consumers' personal information."
    Signature
    StoreCoach.com - FREE TRAINING - Learn How to Build Your Own eCommerce Website
    My PROVEN ecommerce process, as seen on: Fox Business News, the NY Times & Flippa
    {{ DiscussionBoard.errors[11737028].message }}
  • Profile picture of the author Kay King
    Seems to me California is doing everything possible to get people and businesses to move out of the state.
    Signature
    Saving one dog will not change the world - but the world changes forever for that one dog
    ***
    One secret to happiness is to let every situation be
    what it is instead of what you think it should be.
    {{ DiscussionBoard.errors[11737029].message }}
    • Profile picture of the author dave_hermansen
      Originally Posted by Kay King View Post

      Seems to me California is doing everything possible to get people and businesses to move out of the state.
      While that may be true, more important, they are trying to force the rest of the world's businesses to conform to their state's laws in order to alleviate the reason for businesses to leave the state.
      Signature
      StoreCoach.com - FREE TRAINING - Learn How to Build Your Own eCommerce Website
      My PROVEN ecommerce process, as seen on: Fox Business News, the NY Times & Flippa
      {{ DiscussionBoard.errors[11737034].message }}
  • Profile picture of the author DWolfe
    Originally Posted by WarriorForum.com View Post

    ....reports that even though California Privacy Rights and Enforcement Act doesn't take effect for a couple more years, ....... The new CPRA is scheduled to replace that in 2023.

    This is Kristina Podnar, who is a digital policy consultant & author:.
    Originally Posted by dave_hermansen View Post

    Well, more than likely, the ACT violates the Commerce Clause, making it a law that, legally speaking, will only apply to businesses that have a physical nexus within the state of California -
    Originally Posted by dave_hermansen View Post

    I should also add that even if somehow, California wins a Commerce Clause case, the Act would not affect the vast majority of online businesses.

    Per the Act, "A business that has any activity in California is subject to the CCPA if the business meets one of three statutory thresholds: (1) it has more than $25 million in annual gross revenue, (2) it buys, receives, sells, or shares the personal information of 50,000 or more consumers annually, or (3) it derives fifty percent or more of its annual revenue from selling consumers' personal information."
    So the author Kristina Podnar says in a few years in one statement. Then she says in 2023 which begins in less than one month or did I miss interpret something? The article is about a law in CA which does not apply to the majority here. The few here that may conduct business, probably do not qualify as pointed out in #1-3.

    So tell me what does this have to do with the average Warrior Forum member? How does it help the 99% of the newbies who join the forum currently from Africa, Asia or elsewhere? Are then any Warriors here that are earning $25 million a year or qualify under the other criteria in #2-3?
    Signature


    You can earn 10% average annual returns on your investments - https://app.groundfloor.us/r/m2aa7b
    {{ DiscussionBoard.errors[11737045].message }}
    • Profile picture of the author savidge4
      Originally Posted by DWolfe View Post

      Are then any Warriors here that are earning $25 million a year or qualify under the other criteria in #2-3?
      I think... one could argue say an Amazon affiliate... being a subcontractor of Amazon, would fall under the umbrella of $25,000,000 a year.

      Get into this:

      "What does the CPRA consider to be "sensitive" personal information?

      The CPRA considers SSNs, driver's license numbers, state identification cards, passport numbers, account login information, financial account numbers and debit and credit card numbers to all be "sensitive personal information." In addition, geolocation, racial or ethnic origin, religious beliefs, genetic and biometric information are also considered sensitive personal information. This is not an exhaustive list.      "

      "Geolocation" could quickly become an issue as this is identifiable based on an IP address that is within any and every websites LOG file.

      As much as 50,000 website visitors per year seems like a lot to many... its slightly less than 1000 a week - so its really not an over the top crazy number.

      Think about eBay, Amazon, Etsy, Facebook market place reseller / retailor having the Address's ( geolocation ) for each and every product sold

      The law is uh very wide open, and the add of consumer data is concerning - to a degree Only time will tell what the legal parameters of all of this will be.
      Signature
      Success is an ACT not an idea
      {{ DiscussionBoard.errors[11737074].message }}
      • Profile picture of the author dave_hermansen
        Originally Posted by savidge4 View Post

        As much as 50,000 website visitors per year seems like a lot to many... its slightly less than 1000 a week - so its really not an over the top crazy number.
        Actually, the Act says "consumers", not "visitors" - another extremely vague, undefined term that puts the statute at risk.
        Signature
        StoreCoach.com - FREE TRAINING - Learn How to Build Your Own eCommerce Website
        My PROVEN ecommerce process, as seen on: Fox Business News, the NY Times & Flippa
        {{ DiscussionBoard.errors[11737157].message }}
        • Profile picture of the author savidge4
          Originally Posted by dave_hermansen View Post

          Actually, the Act says "consumers", not "visitors" - another extremely vague, undefined term that puts the statute at risk.
          https://cpra.gtlaw.com/definitions/

          Section 8 subsection i

          (i) "Consumer" means a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier.

          well defined... basically "A resident" not defined by action - so an IP address from a point of origin within the State of California... constitutes a "Consumer" as an example.

          Wide wide wide net
          Signature
          Success is an ACT not an idea
          {{ DiscussionBoard.errors[11737219].message }}
          • Profile picture of the author dave_hermansen
            Originally Posted by savidge4 View Post

            (i) "Consumer" means a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier.
            Good catch. I didn't see that; however, the Act will still be challenged and likely lose on Commerce Clause violations.
            Signature
            StoreCoach.com - FREE TRAINING - Learn How to Build Your Own eCommerce Website
            My PROVEN ecommerce process, as seen on: Fox Business News, the NY Times & Flippa
            {{ DiscussionBoard.errors[11737382].message }}
            • Profile picture of the author savidge4
              Originally Posted by dave_hermansen View Post

              Good catch. I didn't see that; however, the Act will still be challenged and likely lose on Commerce Clause violations.
              I hope so, because it is more and more becoming a pain in the tail end to try and minimize exposure / liability. I dont think it has happened yet, but I am not sure there is anything stopping them from going after someone out of state that has collected its ( California's ) consumer information - and any and EVERY website if you know it or not collects enough information in LOG files alone to by non-compliant. I have not seen even a whisper in groups that discuss information gathering - anything to do with LOG files
              Signature
              Success is an ACT not an idea
              {{ DiscussionBoard.errors[11737524].message }}
Avatar of Unregistered

Trending Topics