Affiliate Marketing and the California Consumer Privacy Act (CCPA)
On January 1st, the nation’s most comprehensive privacy law goes into effect. The California Consumer Privacy Act (CCPA) promises to significantly change how personal information is collected and shared in the United States. While the law and its accompanying regulations are very complex, at a high level, the law (1) requires greater transparency and disclosures to consumers regarding the collection and use of their personal information, (2) obligations a business to provide a consumer the ability to opt-out of the sale of their personal information and (3) grants consumers the right to access and delete the personal information that a business may hold about them.
Personal information is defined very broadly under the law. It includes not only name and email address, but IP addresses, persistent identifiers, geolocation data and other information. Sale is also broadly defined to include not just transfers for monetary consideration, but also other valuable consideration. In connection with the sale opt-out, a publisher that does sell such information will be required to have a link on the homepage of their website that says “Do Not Sell My Personal Information.”
Earlier this year we wrote about 10 things you can do to ensure compliance with the CCPA – http://www.dglaw.com/images_user/newsalerts/Digital_Media_CCPA_Update_Preparing_For_The_CCPA.pdf. However, compliance is a challenge. In addition to the text of the law, the California Attorney General issued draft implementing regulations in October which clarify obligations, and in some instances, add new requirements. While the law goes into effect on January 1st, enforcement by the California Attorney General will not begin until later in 2020. Further, these important regulations have not yet been finalized. So compliance is a moving target. That said, a company ignores working on compliance measures at its peril. The California Attorney General has hired additional staff to enforce the law, which allows fines to be imposed of $2,500-$7,500 per violation.
As if this were not already confusing enough, the Interactive Advertising Bureau (IAB) is proposing a CCPA compliance framework for the industry to deal with retargeting and third party data collection on publisher websites that could qualify as a ‘sale’ under the CCPA.
For more information on the CCPA, see our latest alert at http://www.dglaw.com/images_user/newsalerts/Digital_Media_California_Attorney_General_Releases.pdf .
Latest posts by Gary Kibel (see all)
- Affiliate Marketing and the California Consumer Privacy Act (CCPA) - November 26, 2019