Eli Schwartz

CCPA (California Consumer Privacy Act) and how it impacts marketing – 📌Eli Schwartz

In mid-2018, the EU had the greatest impact on the tech industry EVER with the implementation of their overarching privacy law: GDPR. Since the EU doesn’t have the same lobbying culture that we do in the US, tech companies and the industry overall didn’t have enough influence on the wording of the law as they would have liked.

As a result the law was written with too much room for vague interpretations of what is allowed and what isn’t, so corporate legal departments needed to exercise extreme caution. May 25, 2018 the day that the law went into effect saw many companies turn off their retargeting campaigns in Europe, stop showing Google Analytics script, pausing CRM campaigns and even blocking their websites completely.

Companies that didn’t do business in the EU breathed a sigh of relief that they didn’t have to worry about GDPR, but that might have been a false sense of complacency.


Hiding in plain sight there was a law being worked on in California called the CCPA (the California Customer Privacy Act.) Ostensibly this law is only designed to protect California residents, but as companies don’t do business any differently between states, the law has national impact.

The initial goals of the proponents for this legislation was to have something similar to GDPR here in the US, but thanks to the power of corporate influence the final result is much lighter.

Rather than pass onerous restrictions on how companies can handle personal data and then exact large fines for breach, the actual law focuses on the right to know what data companies have and the right to delete said data.

  1. You will have the right to know what information large corporations are collecting about you…and you should. Businesses use your personal information for their own purposes, including targeting you with ads, discriminating against you based on price or service level, and compiling your information into an extensive electronic file on you.  You should be able to know what’s being collected about you.
  2. You will have the right to tell a business not to share or sell your personal information…and you should. California law has not kept pace with changing business practices. Businesses not only know where you live and how many children you have, but also how fast you drive, your personality, sleep habits, health and financial information, current location, web browsing history, to name just a few things.
  3. You will have the right to protections against businesses which do not uphold the value of your privacy…and you should. Businesses that collect your sensitive personal information should take basic steps to keep it safe. Right now there are no consequences if they don’t, and this law will introduce some consequences.

While this law might not be as scary as GDPR, it is only a first attempt. Many tools that companies have relied on for marketing like retargeting, data brokering, etc will become a thing of the past once full restrictions on trading data and allowing users to opt out become commonplace.

The real fallout from this legislation might not be known for some time as it does not come into effect until the beginning of 2020. There is still time for the trajectory of the law to become even more pro-tech company.

Retargeting and custom targeting based on brokered data has been an absolute boon for both the advertising industry as well as marketers since it enables precise targeting rather than the spray and pray objective of broad targeting. Without the ability to use this data, companies are once again going to have to fallback on advertising blindly or explore other channels.

How does CCPA effect current tools and processes?

The law is still in a to-be-decided state. How it will impact common uses of data such as retargeting, data-sharing and CRM practices is still up in the air as the attorney general of the state gathers feedback from interested parties.

One glaring area of concern is how it might effect data collection through analytics platforms like Google Analytics, Omniture and similar. Since data is collected in an aggregate form rather than personalized, it is likely that not much will need to change for analytics. To date, there has not been an EU lawsuit against the usage of Google Analytics as it relates to GDPR, so hopefully there is no issue with the far less stringent CCPA legislation.

SEO as the savior

Regardless, the existence of a law that tamps down on advertising based on personal data is a huge benefit for SEO. GDPR helped spike interest in SEO, and with the implementation of a privacy law in the US, interest in SEO will reach new highs.

SEO relies on no data whatsoever to be successful and therefore its success falls outside the purview of the CCPA. Yes, Google, a target of the CCPA, might use data to rank search results, but you don’t need to be logged into Google to conduct an effective search. Search is just as effective when the user is anonymous.

Additionally, companies can even use search to retarget churned users if they can develop content and an SEO strategy that will reach these users. Paid retargeting is useful, but there are certainly ways to recapture users without needing to pay and track users across the web.

As companies pivot towards a cleaner form of marketing, SEO will take center stage as companies that seek new channels to reach their customers.