July 5, 2020

Volume X, Number 187

July 03, 2020

Subscribe to Latest Legal News and Analysis

Will CCPA Kill Advertising as We Know It?

A war is coming.

The CCPA has driven a wedge into fissures in the information economy and companies are beginning to see how deeply they will be harmed by the new rules.  They are beginning to fight back.  We are seeing the first salvos, but I fully expect to witness multiple battles in this fight over the coming several years.

We have yet to hear publicly from the companies that have profited most from reaping consumer information, online giants like Google, Facebook and Amazon have kept their powder dry to this point.  But their proxies have started to form battle lines.

Clearly, the industry most affected by granting consumers rights over the capture, use and dissemination of personal information describing them is the advertising trade. Digitization, networking, analytics, and the surveillance state have combined to pull advertising out of the stone age, where marketers swing thick clubs hoping to hit anything within earshot, and into the information age, where laser scalpels carve messages into precisely the right pitch for a single person.

Data is the currency of this advertising world, and the CCPA if strictly enforced could cripple many of the advances made in the past 30 years. “Advances!” I hear you cry. “These advances simply lead to better manipulation for sinister purposes!” While I hear, and in some ways share, your concern, the advertising industry has some good points about this matter too.

Two weeks ago, the leading advertising and marketing trade associations in the U.S. wrote to the California Attorney General’s Office Privacy Regulations Coordinator, complaining about the most recent set of CCPA regulations. In particular, the writer’s concern was “the proposed regulation included in 999.315(d) of the March 11, 2020 release of the second set of modifications to the text of the proposed regulations” which allows consumers to effectuate a ‘global privacy control’ that will automatically override any conflicting choices the consumer has made with specific advertisers.

According to the advertising associations, “This requirement exceeds the scope of the OAG’s ability to regulate in conformance with the CCPA, runs afoul of free speech rights inherent in the United States Constitution, and impedes the ability of consumers to exercise granular choices in the marketplace.” They ask the California AG to strike this provision.

So where is the problem? According to Mediapost “The most recent proposed regulations, unveiled earlier this month, would require companies to honor do-not-sell requests that consumers send through browser-based tools. Most of the major browser companies currently offer a do-not-track setting, which could potentially function as a global do-not-sell request. That type of request could effectively prevent all online companies from selling consumers’ data — though consumers would retain the ability to grant exceptions to individual companies.” So this proposed regulation opens a path for legal enforcement of browser plug-ins that allow consumers to avoid nearly all targeting advertising.

The exact wording of the proposal is “If a business collects personal information from consumers online, the business shall treat user-enabled privacy controls, such as a browser plugin or privacy setting or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their personal information as a valid request … for that browser or device, or, if known, for the consumer.” Under this proposed regulation, a consumer’s interest in allowing targeted suggestions from a site like Amazon.com would be overridden by the global opt-out, unless the consumer made the effort to re-establish preferences with Amazon.

A different MediaPost article stated that Jules Polonetsky, CEO of the Future of Privacy Forum, believes “the proposed rule could also enable browser-based “do-not-sell” tools, similar to the current do-not-track headers. Years ago, major browser manufacturers began offering a tool that sends a “do-not-track” signal to publishers and ad networks. But users who activate those signals don’t necessarily communicate that they want their data “sold,” at least as that term is defined by the California law.”

Needless to say, the advertising coalition sees this interpretation of the CCPA as an existential threat. It would overturn the past 30 years of development in the ad business. An entire industry is based on capturing, analyzing, using and transferring consumer data, and the California AG’s new rules clearly set up a way to stunt those behaviors. The advertiser’s request to have “the option” to honor browser settings and global controls, which would also give them the option to ignore these settings and controls.

The advertising associations find no support in the CCPA for this specific interpretation by the California AG. Because the proposed regulation is not narrowly tailored to serve the interest of protecting consumer privacy, the advertisers also assert in their letter that the proposed regulation violates the First Amendment to the U.S. Constitution by improperly regulating commercial speech. They say that the regulations provide “no way for businesses to divine that a consumer wishes to keep personal information within the confines of a specific business relationship, and instead compels businesses to guess at consumers’ preferences from an indirect signal that may not accurately reflect a consumer’s wishes.”

In other words, the proposed regulations bring to a head the fight over complexity in consumer privacy preferences.  What exactly does a consumer mean when she checks a box that says “do not use this information to market to me”? Does it mean all information, across all platforms, for all methods of marketing, for all time? Or does it relate to something more targeted and specific.  The industry has thrived for years by offering limited opt-out boxes and by interpreting consumer refusal preference narrowly (when offered at all). The new regs take this discussion in the opposite direction by assuming the broadest possible interpretation and backing it up with law enforcement.

Does this impede consumer choice as the advertisers would have us believe.  Yes, in a way it does, but so does the current model of not offering consumers precise options.  So which is worse?

This is the first salvo in the war over larger privacy issues force to our attention by the CCPA. Americans have never addressed the practicalities of these issues before, and we should expect to see more explosions in this war as the ramifications of the new consumer protections hits home.

Copyright © 2020 Womble Bond Dickinson (US) LLP All Rights Reserved.National Law Review, Volume X, Number 105

TRENDING LEGAL ANALYSIS


About this Author

Theodore Claypoole, Intellectual Property Attorney, Womble Carlyle, private sector lawyer, data breach legal counsel, software development law
Senior Partner

As a Partner of the Firm’s Intellectual Property Practice Group, Ted leads the firm’s IP Transaction Team, as well as data breach incident response teams in the public and private sectors. Ted addressed information security risk management, and cross-border data transfer issue, including those involving the European Union and the Data Protection Safe Harbor. He also negotiates and prepares business process outsourcing, distribution, branding, software development, hosted application and electronic commerce agreements for all types of companies.

...

704-331-4910