The Premise for Progress in a CCPA Era: Permission, Protection, and Privacy

Share this:

Twitter admits to misappropriating its security database of phone numbers and email addresses to serve up targeted advertisements. Cambridge Analytica is found guilty on the deceptive collection of consumer data for voter profiling and targeting, a scandal that implicates Facebook in dubious stewardship of consumer data. Google is allegedly responsible for the leakage of user information to hundreds of advertising partners in its ecosystem. In a digital world where a staggeringly few major corporations have eyeballs on the majority of user data and information, the professed sins of user privacy seem only to be increasing in depth and scale. 

Lawmakers have not been entirely ignorant of the implications. EU legislators took action last year with the launch of the General Data Protection Regulation, which impacted businesses and advertisers across the globe. With January rolling around, the incoming enactment of the California Consumer Privacy Act (CCPA) now proposes a more rigorous model stateside. As consumer sentiment continues to shift and privacy compliance frameworks around the world follow suit, is the advertising industry ready to embrace this wave of change?

To share or not to share

The culture of learned helplessness when it comes to accountability in the advertising estate has been called into question by a fresh wave of regulatory rigor. From the one-year anniversary of the EU’s General Data Protection Regulation to the recent implementation of Thailand’s Personal Data Protection Act earlier this year, developing regulatory frameworks are offering a glimpse of a new advertising landscape. As regulatory oversight intensifies, the rote model of data monetization to which the industry has long been accustomed is coming to an end. Already, this has spurred the efforts of data-rich companies such as Twitter, which is setting up a Privacy Centre to serve as an information portal for its efforts around privacy and data protection, including GDPR, CCPA, and its own Global Data Protection Addendum. 

In an industry where revenue streams have been built predominantly around the collection, aggregation, and distribution of data, the tradeoff between privacy and functionality is diametric. In the lead-up to the  rollout of CCPA, companies can no longer afford to leave the consumer at the opt-in consent box. With Californians now conferred the ability to review a list of third parties to which their personal data is sold, organizations are required to provide clarity on each touch point where data may be collected and shared. As consumers rally around their digital rights, the explicit opt-in laid out for consumers also gestures toward the outdated model that cookie-based tracking offers. The spiderweb of consequences that has resulted from such frameworks will only strengthen in time as regulations continue to take shape not just in California but across a global stage. 

Not all advertising is equal

While it is true that the industry’s long-practiced stance of authenticity is built on a foundation of enforced compliance, simply building better privacy laws around the digital world will not solve the broader issue of privacy. CCPA is neither unique nor first to push the red button across the advertising floor, and companies cannot be left scrambling when regulation comes knocking on the door. 

In the ensuing aftermath, disruptive technologies are beginning to emerge as a possible salvation to the existential challenge the advertising industry faces today. Blockchain, the distributed ledger technology celebrated for its structural logic of transparency and trust, has the profound potential to move the needle on some of the most opaque segments of the digital media supply chain. Data portability, a fundamental right of any subject under the view of data privacy laws, can facilitate the way individuals regain usage of their personal data without risking exposure to the underlying consumer data set. In another instance, blockchain can efficiently track, manage, and record consent among data subjects, processors, and controllers. 

Against the pervasive granularity of data in the 21st century, actors need to appreciate the ideological chasm that exists between companies and consumers: the former on privacy as a privilege and the latter on privacy as an unconditional right. The attempt to strike middle ground cannot be botched by good intentions, and the most enterprising businesses are raising their ambitions to tackle what soon might be a lost opportunity. When it comes to taking decisive action on the charter of purpose and progress, the trickling of the sand in the hourglass means it is only a matter of time before the deadline rings with an air of finality for all. 

Prateek Dayal is the Chief Strategy Officer of Aqilliz, a blockchain solutions provider that looks to restore trust, transparency, and efficiency to a fragmented digital marketing ecosystem. With over 15 years of international experience in the financial services sector, Prateek was previously the Senior Vice President of APAC Innovation and Client Solutions at HSBC Bank in both London and Singapore. There, he helped to spearhead client and regulatory initiatives in blockchain for payments, working on notable institutional projects such as the Monetary Authority of Singapore’s Project Ubin, as well as the Bank of Thailand’s Project Inthanon and the Hong Kong Monetary Authority’s Lionrock. With his expertise in building and leading cross-functional teams across the innovative sectors of payments, mobile, and digital, Prateek’s career spans across leading organisations such as the Royal Bank of Scotland, Barclays Bank, and McKinsey & Company.