Under CCPA, when a consumer requests that personal data be deleted, companies have 45 days to comply. Penalties can be severe. Those who violate the law are subject to an injunction by the court and a civil penalty of $2,500 for each violation. If a violation is intentional, the penalty escalates to $7,500 for each infraction/violation. Businesses have 30 days to remedy any violations found.
Other states have similar laws, or intend to, but CCPA has widespread impact because of its size—the Golden State has 40 million residents—and because so many digital and tech companies are located there.
“So many brands are building direct-to-consumer relationships,” says Dennis Buchheim, president of the IAB Tech Lab. “That makes them a publisher. If brands are using vendors in any sort of ad tech and are operating in California, then CCPA also applies to them.”
Although most associate the term “publisher” with news providers, the term also applies to brands. And the COVID-19 pandemic has prompted many companies to move their businesses completely online.
The IAB Tech Lab plays a lead role in developing industry solutions, including the size of a display ad or the backend tech of a video player. These standards are widely adopted by the industry. Although other companies are developing CCPA compliance solutions, the IAB is the first proposed universal standard.
Publishers often have to talk to 15 different vendors, says Cone, each of which has a different process in handling deletion requests. “The end result is an increase in operations cost. You also open yourself up to error.”
Creating a standard saves the industry real money—the Tech Lab’s solution is free for everyone and can be accessed here—while also reducing the likelihood of an error, Cone says.
Some publishers work with consent management platforms, or CMPs, to manage consumer privacy regulation requirements. Cone says many CMP companies helped develop its data deletion solution and as a result, will apply it to their own platforms.
The IAB Tech Lab says its model is flexible enough that it can be applied to other states and countries in the near future.
“There isn’t something like this,” says Buchheim, the Tech Lab’s president. “This is the first effort to create a standard that could be adapted to other laws and jurisdictions.”