What Constitutes A Sale Under CCPA? Now That We Know, There’s No More Plausible DeniabilityWhat Constitutes A Sale Under CCPA? Now That We Know, There’s No More Plausible Deniability

This article appeared originally on AdExchanger and was Guest Authored by Permission’s Director Of Marketing Communications, Rachel Miller. Click Here For the original article.

“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Rachel Miller, director of marketing communications at Permission.io.

California Attorney General Rob Bonta recently sent enforcement letters that clarify the scope of what is considered a data sale under the California Consumer Privacy Act (CCPA).

The letters help clarify one of the CCPA’s most significant ambiguities, which is whether data tracking for the purposes of analytics and advertising, including cookie-based tracking, fall under the CCPA’s definition of a “sale.” The answer is: it does.

Up to this point, Big Tech companies have circumvented CCPA liability by claiming they do not “sell” data. They were able to capitalize on a gray area — but that gray area is now clear.

The enforcement letters further clarify that general third-party opt-outs will no longer be sufficient for compliance. This may finally help level the playing field for advertisers. The biggest tech companies have massive amounts of capital at their disposal, which they can use to employ top lawyers adept at circumventing loopholes. It’s not yet clear, though, how this will play out.

Implications for the data ecosystem

Now that all analytics activity can be classified as a sale and is thus subject to the CCPA, what could this mean for publishers, advertisers, DSPs, marketers and the data ecosystem as a whole?

One outcome is that third-party data could be completely annihilated as we know it, since most people will opt out if given the chance. After Apple released iOS 14.5, for example, Flurry found that 96% of users opted out when prompted. Coupled with the upcoming phaseout of third-party cookies in Chrome now scheduled for 2023, it’s clear that the landscape is shifting significantly.

Take LiveRamp, whose main business involves the buying and selling of personal data for analytics and advertising purposes. LiveRamp collects nearly all data about an individual, including name, driver’s license information, addresses, employment data, internet activity and geolocation data, and it obtains this data from a multitude of online and offline sources.

If so much information is flowing in from so many places, how is it possible to truly opt out?

The fact is, opting out is not possible, at least not in the current big data ecosystem, and if nothing changes, it will never be. That is why a clarification of the definition of the term “sales” to include analytics could trigger a change that will transform the entire ecosystem.

This should serve as an eye-opener. Businesses could potentially be subject to massive fines — up to $2,500 or $7,500 per violation, although it’s still unclear exactly what constitutes a violation. Is each individual cookie a violation? Does each user qualify as one violation? The answer is yet to emerge, but the fines could be record-breaking.

The solution

So, what can businesses and advertisers do?

For one, they must provide value to users for opting in or allowing their data to be collected and shared. Consumers are not stupid. They know that truly opting out is unrealistic or impossible, which is why they are keen to try to opt out if the choice is offered.

That said, 79% of consumers are willing to share their personal and preference data for a reward, meaning that the number of opt-outs would decrease to manageable levels. Consumers will accept compensation in return for not opting out. In fact, 75% of consumers say they want to be rewarded for engagement beyond making purchases.

Offering value also creates a more robust opt-in, because users will have actively chosen to give their consent. An investment in rewards is the most effective customer acquisition strategy, according to research from market intelligence and compliance solution provider Beroe, Inc.

There are several types of value that can be offered. Loyalty programs exist that offer points, cash, cryptocurrency or other incentives.

Cash is an easy option because it’s both tangible and of an immediate benefit to a user. But cryptocurrency presents a unique opportunity. More than 64% of American adults say they’re interested in cryptocurrency, with an even larger portion (some studies suggest over 90%) of younger generations showing interest.

With the right incentives, businesses can more easily prioritize first-party data over third-party data, meaning data they collect themselves, rather than data obtained from other sources.

Ninety-two percent of leading marketers say that first-party data is critical to growth, while 81% of marketers see strong ROI from using first-party data in campaigns. First-party data is also far less likely to run afoul of regulations, such as the CCPA, as long as the transference of data between processors and controllers is done appropriately.

For marketers, obtaining their own data from consumers — and rewarding consumers for opting in — is the best strategy going forward. It works for marketers, but it also works for consumers, and with their support.

Help consumers make a choice they can feel good about and that may even keep them returning to your brand. When a decision is freely made and compliant, it’s always the best choice.

Follow Permission.io (@PermissionIO) and AdExchanger (@AdExchanger) on Twitter.