Everything Merchants Must Know About the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) officially took effect January 1, and it represents the most far-reaching U.S. law giving consumers rights to know what companies know about them.

While your company might not be based in California, there’s a strong likelihood you’ll still be affected. I’ll get into that below.

Of course, companies have had access to droves of consumer data for a long time, but in many cases people shopping online have been a bit left in the dark about exactly how much of their data was not private.

In the affiliate world, we utilize consumer data to sell products for the brands we work with. Here is what those brands or prospective brands looking to develop an affiliate program need to know about this new law.

Why this matters and what should you should do as a merchant selling in California

Before the CCPA, there was the European Union’s General Data Protection Regulation (GDPR), which took effect in May 2018. The GDPR helped inform the CCPA, and many of the same core tenets apply in both pieces of legislation.

Essentially, what we’ve learned in Europe and are beginning to see in CA is there’s nothing to fear here as long as you take the following steps:

• Rework data strategies to comply with the new law
• Be as transparent as possible when using consumer data to sell products
• Maintain a consumer-first approach

There’s nothing more to it than being as honest and clear as possible about anything you may know about a consumer, when selling them a product or service.

The law is in place and it will affect more than just Californian companies

Since many of the world’s leading tech companies and data brokers are based in California, the implications of the regulation reach across the globe.

The best thing you can do is understand what part of your business might be affected and see if you are compliant. In most cases, since the law is new, there is not too much known about how it will be implemented, though.

Which leads me to my next point.

They’re still working out the kinks on the new regulations

As mentioned in an article from The Verge, it’s become clear that data compliance lacks definition, making it very difficult for organizations to know what they need to do when it comes to capturing and storing consumer data.

What we do know, though, is that it will affect the highly personalized experiences we’ve come to expect from those who market to us online. It will be important to strike a balance between using personal data to seek out customers and respecting that data or being compliant with the new laws.

Being specific and pragmatic when it comes to reworking a data strategy will make it easier to keep that consumer-first approach and act lawfully. It’s not likely that fines or punishments will come down on those who act in good faith.

Action you can take to crystalize customer communication

Here’s what you can do to help empower your customer and make them feel safe when shopping with you online:

• Use clear language in your privacy policies and marketing opt-in messages that consumers can understand
• Add a visible footer link on your website that connects to a marketing opt-out/preference center
• Create internal structures to handle consumer data inquiries within legal deadlines
• Define and enforce clear access rights to private consumer data within your organization.

Be proactive and you will be fine

The law isn’t meant to destroy the economy of California or to make things insurmountably difficult for merchants to seek out customers online. Rather, it’s just another way to help the constituents of the state maintain privacy through data transparency.

This could end up being legislation that affects the whole country or possibly even parts of the world. I hope you took what you needed from this piece and can apply it to your sales approach going forward!