How the CCPA can be good for ad tech
In tech, everything is a work in progress, and the beta version should never constrain future iterations. Recently, I explained why California’s new privacy law is a mistake. I stand by that critique, but as someone in the business of building audience-based marketing solutions, I want to offer some constructive feedback in hopes of discovering a sensible middle ground that strikes a balance between privacy and commerce.
One way the California Consumer Privacy Act (CCPA) could free consumers and marketers from being saddled with navigating a maze of legal opt-ins and opt-outs is to attack privacy from the buy side with a public registry for advertisers, agencies and ad tech vendors for individual campaigns. Such a solution builds upon an idea in the Honest Ads Act to assure the public that when they are targeted online by advertisers, it is being done with appropriate intent, and that intent has an audit trail.
In this registry, we could finally secure our data and take the steps necessary to publicly certify to the consumer that the use of any of their information is appropriate and secure. In select markets like finance and healthcare, this is a must for marketing to consumers. HIPAA requires security measures that can be certified by HITRUST compliance. The GLB Act requires that financial institutions document how they protect their customers' private information. Expanding on these themes, requiring similarly secure environments for all consumer data may go a long way toward creating a baseline of trust against hacking and bad actors.
We also need to demonstrate to consumers that marketers have a permissible and fair purpose for using data as a basis for communicating with them. Here, there is precedent in the Fair Credit Act’s concept of how sensitive data can be applied appropriately. FCRA was passed way back in 1970, but it framed the privacy conversation around what data is legitimately sensitive and how personal information can be protected against misuse or bias.
This brings us to the final tenant of this building block approach to privacy protection, namely that only de-identified and aggregated information can be used. A registry could expressly require advertisers and their supporting vendors to certify to this fact. Again, public policy on privacy doesn’t have to be reactive to political pressure, and it doesn’t have to start from scratch. Currently, de-identified and clustered audience targeting is done effectively in privacy sensitive markets all the time. By supporting and verifying to an appropriate level of consumer identity aggregation that guarantees anonymity, we build additional trust with the consumer.
The Honest Ads Act is intended to restore confidence in paid political speech. With a general registry for all commercial advertisers we could certainly help demonstrate to the public that there is a stark difference between the good and the bad actors. By taking the lead on this, hopefully advertisers and their data suppliers can put some daylight between fear of personal information being abused, and the data-driven personalization solutions they say they want.
If policy makers, ad tech and consumers are going to find a sensible middle ground that balances privacy with commerce, we have our work cut out for us; but, one way or another, it is going to happen. The challenge will be whether we can put a pause on the fearmongering and begin a real conversation about what we want a practical data-driven marketing solution to look like going forward.
Ray Kingman is the CEO of Semcasting Inc. and has been with the company since its inception, leading the company in the development and commercialization of its automated targeting and data offerings. As an experienced innovator in content management, analytics and data visualization fields, Ray directs the day-to-day operations of Semcasting, Inc.