It’s an individualized digital opt-out token that may defuse changes wrought by the CCPA


Remember Y2K? (Please say you do.) Remember the anxiety, the fear, the uncertainty?

Well, 20 years to the day the advertising world will be facing its own mini-version of the famed millennial panic. No, no one’s worried that gas will stop pumping or the Eastern Seaboard will lose electricity.

But still: The technological structure of “The Way Things Are” will shift beneath us at midnight on Dec. 31, 2019. Because that’s when the California Consumer Privacy Act of 2018 kicks in.

Ripple Effects

We’re so fond of calling California the 800-pound gorilla of the national economy that we ought to come up with a different metaphor already. But even clichés are sometimes true: Decisions made in California loom large for citizens of every other state. And the CCPA is unprecedented legislation in the United States. Once it is in place, California residents will be granted European-style rights regarding their personal information. That will affect everyone doing business in the Golden State – which means everyone. The overall effect of the law will be nothing short of a sea change.

For a comprehensive review, see our resources here, but the main thrust of the CCPA is that Californians will have the right to prohibit businesses from selling their personal information and the right to have it deleted. They can ask for detailed information about their personal data, including purposes for which it is being used and specific personal information held on file.

Because the CCPA demands a radical departure from the current ad infrastructure, businesses are becoming concerned – especially since the enforcement penalties are robust, carrying civil penalties of $2,500 per violation, or up to $7,500 per intentional violation.

The Takeaway

Luckily, the folks at the IAB Tech Lab, a partner to the Interactive Advertising Bureau, are taking charge with a new proposed privacy architecture that will help address the requirements of the CCPA in a new, digital token format.

Unlike the mounds of cookies that exist on the devices of everyone who doesn’t block them or regularly clean them out, the token will be a single identifier that will be used by online publishers and advertisers. This centralized point of control will allow the user to set data preferences in one fell swoop, and those preferences will cascade outward to the publishers, the ad companies and the data companies that undergird the system.

Although details are forthcoming – the technology will be shared at the World Wide Web Consortium’s Improving Web Advertising Business Group – it sounds like a win-win. Consumers can simply walk away from tracking if they wish, while companies will have one simple-to-manage gateway to identify those who want to stay. This will allow companies to demonstrate compliance as well.

New Developments

Since the passage of the initial law, there have also been legislative amendments, which the Governor has until Oct. 13 to veto or sign. You can find more information on these amendments at our blog post here, but in short, here are the areas covered by the changes:

• Scope of Coverage Delayed (transactional communications and employee request rights delayed one year).

• Exceptions to Statutory Coverage (Fair Credit Reporting Act information and vehicle recall and warranty information).

• Exceptions to Scope of Personal Information (publicly available government records, aggregate consumer information and deidentified information clarified or expanded).

• Scope of Non-Discrimination (value to be based on value to business, not consumer, plus a limited exception for loyalty programs).

• Consumer Rights Notices and Requests (changes to how rights are to be noticed and exercised).

We’ll keep you posted on how this solution develops.