US industry bodies call for delay in CCPA enforcement

data_10The US DMA has joined forces with a gaggle of other American marketing trade bodies to call for a six-month delay in California’s new GDPR-style data regulation, insisting companies must have more time to get in shape for the legislation.

Compared to GDPR, which took nearly seven years to come to fruition, the California Consumer Protection Act (CCPA) has been approved at lightning speed. First proposed in December 2017, the CCPA bill was passed in September 2018 and the most recent amendments were approved last October. The law came into effect on January 1 this year, although will not become enforceable until at least July 1.

Now, the IAB, the American Association of Advertising Agencies, the American Advertising Federation, the Network Advertising Initiative, and the Association of National Advertisers (which includes the US DMA) have rifled off a letter to California attorney general Xavier Becerra calling for a six-month delay.

They argue that their members and other businesses do not have sufficient time to implement the regulations before July 1, due to the “extraordinary complexity” of the law.

Quite why they have left it this late is not known, although given that there are five trade bodies it has perhaps been tricky to get a consensus.

The letter states: “Unfortunately, it is presently unclear when the rules will be finalised and whether they will be further amended. Just five months before enforcement is scheduled to begin, companies that are subject to the CCPA are faced with the likelihood that the draft rules could substantially change from their present form and impose entirely new requirements.

“Thus, in order to avoid consumer and business confusion with respect to the new rules, we request that you further delay the enforcement of the law to begin six months from the date the CCPA regulations become final.

“This short deferral will give businesses the time they need to understand and effectively operationalise the rules helping ensure consumers have access to the rights afforded under the new law.”

While CCPA and GDPR are similar, there are a number of key differences, including the fact that CCPA only covers businesses that reach a certain size who process a certain amount of data; CCPA fines have no ceiling and are assessed per violation; and under CCPA consumers must opt-out of data collection.

Meanwhile, under GDPR, businesses must have consent from customers before third-party processing or sales of data, while the CCPA requires businesses to simply notify the customer of a data sale or transfer and give them the opportunity to stop it.

In a recent blogpost, Reputation.com founder and chairman Michael Fertik wrote: “I believe the CCPA is a powerful law that will be a big win for both consumers and the businesses who market to them, and it’s helping to put America at the same table as Europe in the global privacy discussion.

“For the first time in American history, consumers get to know what a company knows about them, decide whether or not they can keep that information, and prevent them from selling it.”

Related stories
Marketers finally sit up and take notice of data privacy
Twitter opens up ‘privacy centre’ to boost transparency
Why first-party data is the gift that keeps on giving
2020 and beyond: Time to finally clean up your act?
2019 Review of the Year: Why it’s crunch time for GDPR
US DMA hits buffers as 101 year old trade body is sold