We’ve built a secure and seamless tool to collect and manage your website visitors’ consent and preferences. Cheers:- https://adzapier.com/resources/ebooks/

Personalization First: Identity Graphs for Publishers & Agencies

For agencies and publishers, few things are more important than creating an authentic, personalized experience for everyone in your audience. . . Successful brands have and utilize data that allow them to better understand their audience and meet them where they are in ways that feel more customized and authentic. #advertising #agencies #authenticateddata #HashedEmailData #HashedEmails #IdentityGraph #IDgraph #MAIDs #marketing #MobileAdvertising #publishers Read the full article

Privacy Compliance Made Simple

No doubt about it, customer data privacy and protection laws are a part of life and here to stay. . . The big question is, “how do you take charge of your organization’s data and be compliant with privacy regulations?” A proactive approach to privacy compliance is crucial if you are to keep the trust of your clients and avoid lawsuits. Now is the time to act. #CMP #CONSENTMANAGEMENTPLATFORM #cookiebanner #COOKIECONSENT #datasecurity #firstpartydata #manageprivacy #privacycompliance #privacyconsent #thirdpartydata Read the full article

The Importance of Authenticated Data

The demise of third-party cookies, the expanding data privacy statutes, and the growing superiority of walled gardens are all putting immense pressure on the long-entrenched relationships between advertisers, digital marketers, and consumers. . . Numerous studies now indicate that changes in the digital landscape and the COVID-19 outbreak will fundamentally alter how marketers and advertisers operate in the coming years in terms of growing revenue streams and optimizing yields. Currently, about 40 percent of browser inventory is cookieless, a trend that signals how publishers relying solely on third-party cookies are substantially reducing their yields for high-value audiences. This foundational change, however, provides publishers, advertisers, and their technology partners with an opportunity to create a new and better digital ecosystem through authenticated user data. #advertising #authenticateddata #CONSENTMANAGEMENTPLATFORM #datamapping #firstpartycookies #IdentityGraph #marketing #thirdpartycookies Read the full article

GDPR FAQs

Companies collecting first-party data be advised! Consumer data includes information otherwise used by advertisers and marketers to track, target, and retarget potential marketing audiences. The GDPR FAQ expands the definition of personal data to include: Cookie I.D.s I.P addresses. Device I.D.s Customer Data. Web Search History. Consumer Location Data and History. While GDPR is the first legislation of its kind (and most stringent yet)... There are 2 things we are certain of: > It has set the model for all current and upcoming legislation in the states and overseas. > It is already affecting businesses in organizations in America that have consumers in the EU. #CMP #CONSENTMANAGEMENTPLATFORM #ConsumerPrivacy #COOKIECONSENT #DataCompliance #FAQS #GDPR #privacycompliance Read the full article

CPRA: Why You Need to Know it!

The California Privacy Rights Act (CPRA) was passed as an initiative on the November 2020 ballot. The CPRA is an amendment to and expansion of the existing California Consumer Privacy Act (CCPA).   The CPRA aims to give Californians a greater ability to control how their personal data is collected, used, and shared by any business that operates within the state.   This year's new California law will clarify how the existing provision of the Californian Consumer Privacy Act must be implemented, and it creates a few other laws that affect businesses with consumers in California.  One aspect of the law is that Californians now have a few more rights while businesses are given some new obligations to comply with.    The California Privacy Protection Agency will also be created, whose main role will be to ensure all companies follow these rules about how Californians' personal information can or cannot be used.  

What’s New with CPRA?  

Californian Consumers Now Have the...   Right to Correct   Consumers can request that a business correct the information it has about them. Businesses should work to voluntarily disclose the right to request correction and should use their best efforts when trying to correct inaccuracies upon the consumer's request.    Right to Know   The Consumer Privacy Act removes the Customer Privacy Protection Act’s 12-month look-back period. Consumers are allowed to request information that extends beyond the 12 months preceding the CPRA request. Additionally, consumers can ask for personal information collected from January 1, 2022, onwards.    This is the driving force behind implementing parts of the California Privacy Rights Act one year early. Businesses should evaluate whether their systems can honor these requests or if changes must be made to their data retention policies and processes.   Right to Delete    This initiative ensures that your personal information is not kept around by companies and corporations just because they can. Instead, the law provides further control over one's privacy over a consumer's information.   It’s now a requirement that businesses that are covered by the CCPA, if a consumer requests personal information relating to them be deleted, the business must receive proper notice.   Upon receiving such notice, contractors, service providers, and any third parties who have been told to store this personal information must be notified immediately.   Right to Opt-Out of Sharing Personal Information   California law used to be that internet users had the right to opt-out of having their personal information being sold. Under the California Consumer Privacy Act, consumers are now given more rights.   So, if businesses share customers' personal information like many companies do, they should be aware of how this will affect their operations and should adapt their contracts moving forward.   Right to Restrict Sensitive Information Processing   The CPRA highlighted a new category of personal information, sensitive personal information, including social security numbers, passport numbers, racial or ethnic origin, and financial account and payment card information.   California consumers are granted the right to opt-out of a business’ use and disclosure of their sensitive personal information.  Businesses that include sensitive personal data in their database must comply and give consumers the right to opt-out from a business’ use and disclosure of their sensitive information.  What Does Your Business Need to Do?   The CPRA requires businesses to make efforts to reflect the new privacy policies that have been brought about by the introduction of recent technological advancements.   Not only must businesses provide notices about their privacy policies to Californians, but now they need to define & disclose the retention period for a particular data they have been collecting.   Privacy and security concerns are at the forefront of many consumers' minds. CPRA dictates that any business that collects consumer information must have a privacy policy in place. This policy should state the exact ways in which it will use its collected data, and how customers can make changes to personally identifiable information when they want to opt-out.   The "right to be forgotten" is now firmly embedded into law as well... Allowing users - even minors - to request the deletion of online accounts and content in some circumstances.   While some steps can wait, like an updated privacy policy, businesses would be wise to start becoming compliant with the new privacy law.   Even if they don't need a privacy policy right away, they should allocate longer working hours towards assessing their current state of compliance.  As businesses continue to grow and look at their budget in the future years ahead, they should begin planning how to become compliant with the new privacy laws and what additional features are needed to do so.   As of now, the deadline for businesses to be ready for the new California privacy regulations is July 1, 2022.   Larger corporations will have more time to comply with the law than their smaller SMBs. While there have been no changes yet, we expect the rules regarding consent and express opt-in to change prior to when each business line will need to comply with the legislation.   The key is ensuring your business is ready with a strategy for compliant data management, in ordinance with all relevant regulations, by the moment your business is mandated to register.  

Key Takeaway   

We hope this article has provided you with some helpful insights into the changes proposed by the CPRA and how their impact on your business. We encourage you to stay up to date on these changes as they continue to be debated and made into a bill.    If you would like to learn more about how the CPRA will impact your business, we are always happy to answer any questions you might have. If you enjoyed reading this article, check out more of our content by visiting our Resources Page.  Read the full article

Virginia Consumer Data Protection Act: But why?

On March 2, 2021, the governor of Virginia signed a bill that states companies must be transparent about collecting user data with regards to geographic location and that they cannot sell this data to third parties without the consent of the individual.  Virginia Consumer Data Protection Act (VaCDPA) will be taking effect on January 1, 2023. The second major user data privacy acts after California (CCPA).    Companies that collect or sell any customer data should consider taking steps now to determine whether they need to comply. In appraise compliance, organizations should review & audit internal policies, procedures, and agreements and update accordingly.   Virginia Consumer Data Protection Act (VaCDPA) has to do with disclosing what information is being collected, why it is being collected, how it will be used or sold, and whether users need to consent before data is shared.    The privacy act draws much from a proposed Washington Privacy Act that's meant to increase transparency around personal data collection while allowing consumers to control their digital footprint.   Much of the Virginia Consumer Data Protection Act also mirrors the California Consumer Privacy Act by focusing on facilitating individual rights over businesses that collect private information.  

Will Your Organization be affected?   

- VaCDPA applies to for-profit companies that conduct business in Virginia, or that produce products or services that are targeted towards Virginia residents and have at least 100,000 online users residing in VA.   - VaCDPA also applies to companies based outside of the state that derives greater than 50% of their gross revenue from selling data about Virginian consumers.   The act does not apply to nonprofits, any company that falls under the provisions of Gramm-Leach-Bliley Act or HIPAA, or to institutions of higher education.    VaCDPA prohibits the sale of personal data obtained from a database by a third party as it relates to employees, job applicants, and people involved with the contractor's business.    It is limited in scope to companies that have a physical business presence in Virginia. However, unlike CCPA which requires certain businesses to disclose what kind of information has been sold about customers if requested by them.    The Virginia Act for Consumer Rights has fewer requirements than the California Consumer Privacy Act (CCPA). Because it is narrower in scope, fewer companies will have to comply with this law than they would if they were subject to CCPA. 

Data Covered under Act  

“Personal data” refers to any information that can be associated with a specific person or entity such as a business or company, for example. This includes information such as a name, ID number, address, or any other piece of information that could identify someone either directly or indirectly.   What “If” You don’t comply with (VacDPA) the Virginia Consumer Data Protection Act!   If a business doesn't get back to you about an issue it's facing within the 30 days, notice period from the Virginia attorney general, fines of up to $7,500 for each uncured violation, plus expenses, can be imposed. No private right of action whatsoever.  

What You Need to Do?   

How to Prepare for the Virginia Consumer Data Protection Act... An important aspect of conducting business within Virginia is staying abreast of new and upcoming legislation. So, here are a few important tips on how to prepare for this pivotal time in business.   Here is the list of action organizations that need to get checked:    - Create a data processing agreement with any companies that handle, or process personal data also ensure to update your current data-processing agreement to be compliant with the Virginia Consumer Data Protection Act.    - The immediate task you can implement is to update your website privacy policy to be compliant with (VaCDPA) Virginia Consumer Data Protection Act.    - Review what data your organization collects; for what purpose(s), to whom it is disclosed, if it’s “sold” and to whom. Consider putting in place procedures for encrypting sensitive or privileged data, as well as encrypting communication channels.   - In the wake of recent news regarding requests from authorities concerned with consumer data, product managers must have a written policy and procedure established to handle (DSAR) requests effectively.   - Perform a risk assessment and outline data protection procedures/ processes that are appropriate to the business, if required.   - Review cyber insurance policies and coverage liabilities to see whether new developments have introduced any new requirements or exclusions, for example under the (VacDPA or even CCPA).   

Takeaway  

While most businesses should already be performing a data inventory, the Virginia Consumer Data Protection Act requires companies to perform a more granular inventory, including documenting the purpose for which personal data is collected and processed.    Organizations will also need to update their external policies, such as their website privacy policy and terms of use, and internal procedures to ensure their employees are trained and following data protection la  The Consumer's Data Protection Act requires that all businesses perform a privacy assessment check before carrying out their processing activities and put measures in place to uphold the consumer's right of appeal just in case there are any concerns.    Read the full article

The Importance of The Open Web for Publishers

Digital publishers continue to feel increased pressure to manage consumer privacy choices and consent with new CCPA requirements in the U.S. and GDPR in the EU. Couple this with the impending deprecation of third-party cookies and monetizing their platforms are becoming increasingly more complicated. In these industry shifts, the value of publishers’ first-party data will give publishers both more control and more accountability. It also offers more opportunity for publishers to leverage and monetize their audience data, their platforms, and content.

Opportunities and Challenges

Publishing and the digital marketing ecosystem with user privacy restrictions and the extinction of third-party cookies will bring both new opportunities and challenges for todays publishers. The obvious winners will be those companies that own and control large amounts of authenticated data and the bigger publishers that manage that user data, make alliances, and access actionable data in scale.  Many small- and mid-sized publishers will struggle to remain relevant and profitable. Content is not free to produce and without the means to monetize their platforms, many publishers will not be able to continue be relevant in today's ecosystem. In this shifting environment, publishers should actively advocate for an open web. The shared goal should be preserving the internet as an open web for rich, diverse experiences provided by multiple platforms. Now more than ever, the open web has become essential to support the free flow of content, communication, commerce, and competition. With the unique voices of individual publishers ensure that all points of view are available.

Preserving the Web as An Open Platform

Today consumers depend on the open web as a primary means of accessing news, communicating with each other, engaging with politics, conducting business, and consuming entertainment. Any individual, business, or charitable organization can participate in global conversations regardless of their wealth, background, or geographical location. What Is the Open Web? An open web is by and for all its users, not select gatekeepers. An open web means positive progress for: - A more informed public - Better tools for publishers to respect privacy choices - More opportunities to learn and connect with others - The ability to all publishers who want to participate to monetize their platforms The open web supports diverse publishers, audiences, and the relevant content audiences are looking for.  The open web also allows those unique publishers a way to be paid for the platforms and content they contribute. Who Pays for The Open Web? Marketers depend on cross-publisher IDs to quantify and optimize the performance of their ads across the open web. With the end of third-party cookies, marketers will not be able to get these identifiers. Marketers will receive a lower return from their advertising, which translates to lower CPMs and revenue for publishers. Publishers need alternative ways to get actionable user data in scale without contravening the prevailing regulations. Marketers and publishers need to find new ways to work together so consumers have their rights protected and receive better products, content, and services through free-market competition. Monetization Avenues Through the Open Web The absence of third-party cookies could benefit publishers who enjoy large, engaged audiences. Moving forward, publishers should focus on authenticating their audiences by offering a clear value exchange for registration in a privacy complaint environment. Smaller players who do not collect authenticated first-party data will most likely struggle as their user experience becomes less personalized and their ad revenue further declines. Alliances and Partnerships Have Become Critical For small- and medium-sized publishers, forming helpful partnerships, alliances, and shared solutions will be critical. Actionable and discoverable audience data is the key to staying relevant. What is clear is that there is a need to develop smart partnerships and come to the market with some scale. So far, there is no clear winner in sight in the race to replace third-party cookies although there are many potential solutions in the race. As a publisher, your only sustainable approach is to authenticate your first-party data in a privacy-compliant environment to make it actionable and discoverable. Also working with other stakeholders in the digital ad ecosystem and promoting the OPEN WEB.  Otherwise, ad-spends will simply be pushed toward premium publishers as ad campaigns that target huge chunks of the market become difficult to measure and attribute.

The Bottom Line

Ultimately, fueling the open web by bringing together in scale allows all publishers to display more relevant, personalized, and at-scale ads to their unique audiences. Without fueling the open web, publishers’ CPMs will decrease significantly while allowing the larger publishers and wall gardens control over ad tech dollars. Do you have any questions about open web and content monetization?  Schedule a meeting with our Adzapier team today. We can help you leverage your data while respecting user privacy preferences in a post-cookie world!   Read the full article

California Consumer Privacy Act (CCPA) FAQs

Follow my blog with Bloglovin

What is CCPA?

The California Consumer Protection Act is a law meant to give Californians enhanced rights over the use and sale of their personal information. Once a company collects your personal data, you have these rights:   - Access: you can access the data collected and ask how they will use the data.  - Deletion: to request they delete your data, unless it is vital for security purposes, legal compliance, or providing an essential service.   - Opt-out of “sales”: gives you the right to opt-out of having your data being “sold” to a third party. 

When did CCPA go into effect? 

January 1, 2020, but there was a six-month grace period on enforcement for brands up to July 1, 2020. 

Who is impacted by CCPA? 

Any brand categorized as “business,” “service provider,” or “third-party” doing business in California and sells, buys, or collects personal information from online consumers.  

How do brands and publishers know their category?  

- Business: is a for-profit entity conducting significant business in California collecting consumers’ personal information, with more than $25 million gross revenue annually; or buys, sells, shares, or receives personal information of more than 50,000 consumers, devices, or households for commercial purposes; or derives more than 50% of its annual revenue from personal information sales.  - Service Provider: are entities that process information on behalf of other businesses for profit.   - Third-Party: is neither a business nor service provider collecting consumers’ personal information. 

What additional rights will California residents get under the CCPA?  

If you are in California, you can request a business to disclose:   - Categories and specific pieces of your personal information it has collected.   - The commercial purpose for selling or collecting your personal information.   - Third-parties the business shares your personal information.   Additionally, you can request collected personal information be deleted, subject to certain exceptions. Alternatively, you can opt-out of selling your personal information.   Businesses must provide an accessible and cost-free way of exercising these rights and respond to such requests within 45 days of receipt. The timings for deleting and ‘Do-Not-Sell’ requests are hazy. 

Does it mean our company has to amend its online privacy policy?  

Yes. The bare minimum is providing a California-specific form of privacy notice incorporating substantive elements linked to disclosures as provided by the CCPA. In short, online privacy policy or any California-specific notice must include information such as:   - Description of consumers’ rights.   - The categories of personal information sold or disclosed for business purposes in the preceding 12 months.   - A description of any financial incentives for providing data.  

What are the potential penalties for violations of the CCPA?  

Each violation can attract up to $2,500 in civil penalties, while failure to make good a 30-day opportunity to cure and each intentional violation after notice may attract a $7,500 fine. 

Will this negatively impact digital advertising efforts? 

It’s more nuanced than that. Sure, businesses use this personal data collection to gauge consumers’ shopping habits. Without this data, businesses cannot offer targeted advertising, reducing their chances of engaging and converting.  Ultimately, CCPA can improve the advertising ecosystem for both the consumer and business. Brands will know which consumers are open to personalized advertising or offers while enhancing transparency and rights in using and selling consumers’ personal information. 

What can a business do/not do with a user’s personal information who has opted out of sales? 

It means the company can still use the information to complete that transaction and pay the ad commission, but not beyond that transaction. 

What are the impacts of non-compliance? 

That will depend on the severity of the infraction:   - Private enforcement: you can file a lawsuit in the event of a data breach to recover up to $750 per actual incident or damage, whichever is greater.  - Governmental enforcement: The State’s AG can file a civil case, giving businesses up to 30 days to fix non-compliance or they will be liable for up to $7,500 in fines per violation. 

What is required to fulfill the CCPA requirements? 

Brands, publishers, and advertisers will need to provide explicit notice and an opportunity to opt-out to consumers before collecting and sharing consumer data. 

What is required for publishers to fulfill the CCPA requirements? 

Publishers must disclose privacy rights through a link on their site. Alternatively, businesses can block traffic via the IP addresses of Californians.  Publishers should implement a Consent Management Platform that collects and passes consumer’ opt-out requests and consent information to partners.  Publishers can include a ‘Your Privacy Rights’ link, leading users to a page disclosing what personal information the company may collect. 

The effect of the CCPA on brands based outside the US? 

Any brand that buys, sells, receives, or shares personal information of at least fifty thousand California residents annually, must comply with CCPA regardless of location.  

Is there a chance of this privacy policy advancing to a federal level?  

Many states and other countries worldwide have adopted similar privacy regulations, so there is a good chance it could go federal.  Read the full article