- Whilst it’s a step in the right direction, many consumers still don’t actually know what their rights are
- More needs to be done to tackle the widespread use of third-party data
- The legislation will be met with an initial “false panic” (like with GDPR), but nothing will change until businesses see it being readily enforced
- Given the costs of non-compliance, companies need to get it right first-time
- Those that get it right will build invaluable consumer trust for many years to come
We were lucky enough to speak with Peter Reinhardt, CEO and co-founder of Segment, about how businesses can successfully navigate the California Consumer Privacy Act (CCPA)—and the opportunities that await for those who get it right.
Segment’s comprehensive customer data infrastructure helps businesses leverage the power of their own data: providing unique customer experiences without ever compromising on privacy.
Amidst the flurry of recent data regulations, companies need to be smarter about not only what consumer data they use, but also how they use it. Segment does just this and more.
So without further ado, let’s dive right in.
Q) Why is data protection such a big issue nowadays?
Consumers are more privacy-conscious than ever, and the CCPA is just the latest example of how laws are finally catching up to the consumer privacy attitudes we see businesses already facing.
Q) What (if anything) will the CCPA change for the average consumer?
The average consumer in California is more likely to come across information about their new privacy rights in day-to-day interactions with businesses because CCPA requires consumers to be notified of both what personal information is being collected, as well as the purpose behind collecting it. We’re already seeing some friction for consumers as they pause to read privacy policies, despite often being unaware of what their rights actually are.
Q) Given the wealth of consumer information that’s already out there, is the CCPA just a case of “too little, too late”?
Is it too little? It’s a great start, but we still need more focus on eliminating third-party data. CCPA and GDPR are both making data brokers jump through higher hoops to gather questionable end-user consent, but third-party data gossip is largely still alive and well. We need stronger laws to tackle third-party data directly.
Is it too late? To some extent consumer data is “already out of the bag” via data brokers, but lots of third-party data has a short lifespan because identifiers like cookies age out, making the data useless within months or years after it’s been collected. That means lawmakers can still rein in the collection and use of third party data.
In summary, it’s not the be-all and end-all of consumer data regulations—but it’s a step in the right direction.
Q) Do you think other states are about to follow suit and introduce their own consumer data regulations?
Definitely. The CCPA is only one of several similar pieces of current legislation at the state level, and other privacy laws exist in various stages globally. It’s important to view this legislation in terms of the common substance—new consumer data rights—rather than multiple conflicting, or contradicting, laws that businesses may have to be ready for.
The way we look at it, and how we believe our customers look at it, is that CCPA and the legislative movements that have come from it are helping create a landmark advancement in how businesses handle customers’ data and honor their privacy preferences.
Q) Where do you think businesses themselves might slip up? What are some common pitfalls to be avoided?
- CCPA will be met with a false panic: Most companies will do the bare minimum until the government starts enforcing it. That won’t happen for at least six months, and when it does, we’ll see a mad dash to become compliant—which will cause more problems as companies rush around and inevitably make mistakes. This is the pattern we’ve previously seen with GDPR.
- Companies won’t stop using third-party data until enforcements start: CCPA gives data brokers new standards for how they collect and sell personal information. Companies will only stop relying on third-party data once there are concerted CCPA enforcement efforts, at which point they’ll have to switch to more inbound approaches that attract people based on adjacent content.
- Many tech companies will continue to be unapologetic about the use of third-party data: It will be business as usual for companies that rely on third-party data as they will continue to collect and use as much data as possible to improve their UX. In other words, the introduction of CCPA itself won’t necessarily spur an immediate reaction—however, once tech companies see that’s it’s readily being enforced, only then will they have to rethink their policies on third-party data.
Q) Introducing the CCPA has been reported to cost up to $55 billion in initial compliance costs—how can individual organizations lessen this financial outlay?
The stakes are high so it’s important they do it right the first time. This probably means hiring professionals. Privacy compliance has large upfront costs but it’s needed in order to properly navigate regulatory action. Unintentional violations of the CCPA are fined at $2,500 per violation so if a business fails compliance for one million of its users, that could mean a fine of $2.5 billion.
Q) How is Segment helping organizations combat the CCPA’s ramifications on the end-user experience? What’s the company’s long-term vision?
Segment is uniquely built for a privacy-focused world: We enable companies of all sizes to use their own first-party data to provide amazing customer experiences. We’re in the business of helping businesses better handle the data they have on their customers, so we believe the first and best step that companies can take to become prepared for CCPA and other similar laws is to put the infrastructure in place to leverage first-party data and put customers first.
As a result, by responding quickly and accurately to consumers’ data rights, these companies will undoubtedly also lead the way in gaining their customers’ trust.
Not only will CCPA and similar laws make it easy for end users to exercise their rights, but we’re also hopeful that the regulation will diminish usage of third-party data for marketing and acquisition, as these data sources are often obtained and processed with questionable user consent.