The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Ad Industry Still Wary of CCPA

by Chris Brook on Thursday June 11, 2020

Contact Us
Free Demo
Chat

A handful of advertising trade groups are voicing their dissatisfaction with the CCPA's final proposed regulations, which were sent for review last week.

It should probably shouldn't come as a surprise but not everyone in California is thrilled about the state's forthcoming landmark privacy law.

With its enforcement date set for just under three weeks from now, the California Consumer Privacy Act (CCPA) has been in the works for quite some time; the regulation has gone through three different versions, incorporating new regulations based on feedback from seven public forums held around the state. Just last week, California's Attorney General, Xavier Becerra, submitted his office's final proposed regulations for the law for review.

While the law, which went into effect in January, has been hailed as a high-water mark by privacy advocates and is already considered the country's most far-reaching online privacy law - not to mention a model for other states - the ad industry is still trying to derail some of the AG's proposed regulations before enforcement sets in.

A handful of groups, including the American Association of Advertising Agencies, American Advertising Federation, Association of National Advertisers, Digital Advertising Alliance, and Interactive Advertising Bureau, are voicing their concern with language in the regulations that the groups claim "goes beyond the CCPA’s intent and scope." Specifically the groups don't see eye to eye on part of the CCPA that permits consumers to opt out of the sale of their data on a global basis.

The groups are arguing that companies should only be able to honor opt-outs on a company-by-company basis, not via a user-enabled global method, like a browser plugin or privacy setting.

According to MediaPost, the organizations are planning to ask the California Office of Administrative Law - which is currently reviewing the regulations -  to reject the proposed rule.

The CCPA of course, allows consumers to learn what sort of data companies have on them and request to have that information deleted and any sale of it to third parties halted. The regulation in question, would rely on browser-based do-not-track commands by consumers to opt out of the sale of their data on a global basis.

A sticking point for the groups is that the CCPA doesn't explicitly say anything about browser controls.

Network Advertising Initiative, a trade group representing online advertising interests, also spoke out this week, claiming the companies it represents are ready to comply with the CCPA but aren't happy with it.

The aforementioned rule, the group claims, doesn't make it clear that controls, in a browser or device settings, reflect a user's desire to opt out of the sale of personal information, "instead of default settings established by intermediaries that do not express an actual user preference."

"This lack of clarity in the Regulations will lead to confusion in the marketplace about which signals that purport to convey user-enabled privacy preferences should be treated as authentic consumer requests to opt out of sales.  This is likely to frustrate both business efforts to respect authentic consumer choices and a consumer’s ability to clearly signal those choices," Leigh Frelund, NAI's President and CEO wrote this week.

The groups are also taking issue with how quickly the AG's office is putting CCPA into motion. Becerra has remained firm in his stance that enforcement will begin on July 1 but the groups claim the timetable is "truly impractical."

"This request for a compressed timeline for enforcement deprives both businesses and regulators of desperately needed time to understand and evaluate the provisions of complex Regulations that have been evolving for months," Frelund wrote.

The ANA and other groups pleaded to Becerra to bump the CCPA's enforcement data back in March to no avail.

This isn't the first time the CCPA has ruffled the advertising industry's feathers. Last month, Dan Jaffe, the head of ANA's Government Relations office, took issue with the state's competing privacy statutes (The California Privacy Rights Act - CPRA looks like a lock to make it on the ballot this November) and said consumers there would instead be better served by a single national data privacy law. That's the same beat the group - and other advertising associations - have been drumming for some time now. The ANA said last year around this time that a nationwide data protection standard would "preserve the benefits of the ad-supported economy and maintain healthy business competition.”

Tags: Privacy, Data Privacy

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.