Today, if you can believe it, is the 14th annual international Data Privacy Day, and as the ad-tech industry marks off Jan. 28 on the calendar, companies are reflecting on the early impact of the California Consumer Privacy Act.
Public awareness about how personal data is used as a transactional currency is rising, and a survey released today by FormAssembly shows businesses are still grappling with how to move forward. Speaking recently with Adweek, one publisher spoke of how media companies were lately “operating in the dark” since CCPA—a law affecting companies around the world that possess data on the Golden State’s nearly 40 million residents—came into effect on Jan. 1, and that the challenges were likely to get steeper.
For ad-tech companies, foundational questions of existence are part of every conversation, but so is trying to navigate some of the unintended consequences of the legislation.
Eric Shih, vp of business development at Teads (an ad-tech company that helps publishers improve ad yield), recently told Adweek that while there has been “low but increasing” adoption of the IAB’s CCPA framework, lots of publishers still had to address their ad stack accordingly.
“There’s certain types of legwork that has to be done with certain types of integrations,” Shih said. “For instance, there are header bidding publishers that need to upgrade their wrapper because it’s not compliant, or in the app space there are SDK updates that need to be done—it’s all a significant integration challenge.”
Some early CCPA opt-out rate data
Shih explained that CCPA opt-out rates—how often California residents choose the Do Not Sell My Data option on a publisher’s website—were in the range of 0.3% of total traffic, according to Teads’ log data.
Unable to comment on the overall impact CCPA has had on average CPMs, Shih did note that there is an average 50% reduction in bidding activity when the buy-side of the industry sees an opt-out. But he attributes this to early caution, given the relatively short time demand-side platforms had to implement the CCPA consent framework before Jan. 1.
Still no firm direction from authorities
Speaking with Adweek before the enforcement of CCPA, Celine Guillou, a California-based partner at Silicon Valley law firm Hopkins & Barley, pointed out how many in the sector are adopting a comparatively relaxed attitude as “full enforcement” by the Office of the Attorney General is not expected until July 2020.
In contrast, further studies demonstrate that the public wants to know exactly which companies have access to their data, with Gary Kibel, an attorney at the law firm Davis & Gilbert, noting discernable caution, particularly in ad tech following CCPA enactment.
For example, 85% of businesses want data privacy regulation at a federal level, while less than half (49%) have a documented means of allowing customers to access and delete their information, a core principle of U.S. privacy statutes, as well as General Data Protection Regulations in the EU.
Both Guillou and Kibel argue that CCPA guidance from the California AG’s office has been muddled at best.
“When CCPA first came out, a lot of companies in the ad-tech ecosystem looked at them and said, ‘I don’t know how to avail consumers of these rights.’ … So the IAB framework has been a good attempt at establishing processes to do this,” Kibel said.
According to Kibel, many companies, both consumer-facing and business-to-business, have had to devise whole new processes for handling data, with outfits such as DSPs and supply-side platforms facing fundamental challenges.
Fundamental questions to be asked
“I am seeing companies have to redesign their bidding process to deal with IAB signals and opt-outs and the preferences of their publisher partners,” Kibel added. “It’s changing the way the retargeting market is working.”