CCPA Data Challenges

Data is the bloodline the fuels almost all aspects of the internet today.  Marketers, operations and legal teams all need to have solid data to rely on to make sound business decisions.  With the new regulations coming including California’s Consumer Privacy Act (CCPA). In a recent article by Hogan Lovells found here highlights the impact the CCPA will have on data-driven organizations.  

Here is a sample from the article that highlights the deletion portion of CCPA: 

“Right to Deletion: The CCPA also grants consumers the right to “request that a business delete any personal information about the consumer which the business has collected from the consumer.” In general, companies must comply with a verifiable consumer request. However, businesses may refuse deletion requests if the personal information is necessary for any of nine enumerated purposes. Among these exceptions are where information is necessary to comply with a legal obligation, to provide goods or services requested by the consumer, to detect security incidents, to protect against illegal activity, or to exercise free speech. In another particularly broad but ambiguous exception, businesses may refuse a deletion request if the information is necessary to use “internally, in a lawful manner that is compatible with the context in which the consumer provided the information.” It is possible that platforms with first-party relationships may have grounds to refuse a deletion request, even if they use the information for marketing purposes, so long as the use is internal and compatible with the context at the time of collection. Considering the breadth of potential exceptions, data-driven businesses should consider developing policies to assess and respond to deletion requests in a consistent fashion, ensuring consumers’ rights are respected while responsibly protecting their own data to the extent possible.”

For the deletion function, this is where RIVN is here to help companies get ready for CPPA.  For digital marketer and legal teams, the greatest hurdle may be the “Right to Erasure/Deletion” function itself.  Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about RIVN and RIVN Delete option please visit https://www.rivn.com/

CCPA vs CalOPPA

While members of Congress continue to right laws to protect citizens privacy one key area is getting extra attention: Children.  While Children’s Online Privacy Protection Act (COPPA) laws have been in place for a while as noted in a recent article here.  One thing to consider is California is always a little different than the rest of the country and now is a good time to evaluate California’s Consumer Protection Act (CCPA) and California’s version of COPPA.

Termsfeed has again done an excellent job of examining the differences and similarities between CCPA and CalOPPA which can be found here.

Below is a quick excerpt highlighting some of the different requirements for each law:
  • “CalOPPA requires websites and apps to identify:
    • The categories of personal information the website collects;
    • The categories of third parties that might receive the information;
    • Information about the Policy itself, including how changes to the Policy might be communicated;
    • How the website treats DNT requests and third-party cookies.
  • CCPA requires businesses to disclose:
    • Consumer rights under the CCPA and how they might be exercised;
    • The categories of personal information the business has collected, sold or shared in the past 12 months;
    • How the consumer can object to the selling of their data, via a “Do Not Sell My Personal Information” link.”

It is important to remember for the deletion function which is still required with CCPA is where RIVN is here to help companies get ready for CCPA. For digital marketer and legal teams the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about RIVN and RIVN Delete option please visit https://www.rivn.com/

To learn more about regulations mentioned above please see the following links below:

Detailed Differences Between CCPA and GDPR

If you are looking for a detailed review of the General Data Protection Regulation (GDPR) and the California Privacy Protection Act (CCPA) the report for you is here.  While meaning articles have been written to summarize differences between the laws, which is very helpful, this report by a team at Termsfeed gives a point by point analysis.

An example from the report below highlights the Right to Erasure/Forgotten aka Deletion under both laws:

“An individual can request that their personal information is deleted under either law. What differentiates the two laws is the conditions under which a deletion request can be refused.

The GDPR gives five such exemptions, and these are all shared by the CCPA with one exception – where maintaining the personal information is necessary for reasons of public health.

The GDPR’s exemptions for when a deletion request can be refused are:

  • When the right of freedom of expression and information is being exercised
  • If you’re legally obligated to process the data for the exercise of official authority or for public interest
  • If you’re processing the data for reasons of the public interest in public health
  • If you’re processing the data for archiving purposes related to the public interest, scientific or historical research, or statistical purposes
  • If processing the data is necessary for establishing, exercising or defending legal claims”

While this level of detail is more suited for legal teams it is good for marketers to have a working understanding of the limitations in the law.

When it comes to the digital deletion activity that is where RIVN is here to help companies get ready for CPPA and GDPR.  For digital marketer and legal teams the greatest hurdle may be the “Right to Erasure/Deletion” function itself.  Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about RIVN and RIVN Delete option please visit https://www.rivn.com/
To learn more about regulations mentioned above please see the following links below:

CCPA vs GDPR Interactive Guide

The team at Varonis recently wrote a great article here about how California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR) compare along with a fully interactive visual so visitors can click on each topic to learn more.  Here at RIVN we have done a lot of research on this topic and this is one of the best user friendly explanations we have found.

Here is the link to the interactive guide: https://www.varonis.com/blog/ccpa-vs-gdpr/

Their posts highlight the rights that are made available to California citizens. Which you can see here:

These data protections give Californians the right to:

  • Know what personal information is being collected
  • Access the personal information that is collected, and request it be deleted
  • Know whether their personal information is being shared, and if so, with whom
  • Opt-out of the sale of their personal information
  • Have equal service and price, whether or not they choose to exercise their privacy rights”
And here are some of the similarities they highlight for GDPR and CCPA

“Encourage transparency in businesses/related entities.

Require businesses/related entities to report data breaches to consumers/individuals.

Look to better secure and protect the personal information of an individual

Define data processing as “any operations performed on personal data, automated or otherwise”

At RIVN we feel it will take a community approach for solutions for all of the new regulations being developed.  But when it comes to the deletion activity that is where RIVN is here to help companies get ready for CPPA and GDPR.  For digital marketing and legal teams the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business need and be ready for what is next.

To learn more about RIVN and RIVN Delete option please visit https://www.rivn.com/

To learn more about regulations mentioned above please see the following links below:

GDPR and Mary Meeker Internet Trends

Annually Mary Meeker is an American venture capitalist and former Wall Street securities analyst that publishes key internet trends she and her team see in the space.  This can be thought of as annual State of the Union for the internet because Mary has been presenting it since 1995! It is really interesting to see the trends changing over the years of course.  But also the volume of the presentation, which this year was 333 slides. Topics included in the presentation range from geo based customer usage, online education trends, digital healthcare options, freemium business models and of course data security and compliance.

Credit: https://www.bondcap.com/report/itr19/

Starting on slide 167 Mary highlights the establishment of GDPR along with the role of CCPA and how social media companies like Facebook have been required to change/update their privacy management procedures.  Then on slide 192 she does into further detail in GDPR, but also highlights the regulator point of view from the USA, India and China.  

Finally and what I think the most interesting she points to the concept of a “Algorithmic Bill of Rights” here on slide 203 which Sigal Samuel @VOX has previously written about here.  This most certainly will be something that companies and countries establish to meet their needs while her article views those rights through the lens of AI.  One key component that will sure to be added will be the right to be forgotten.

This is where RIVN comes into play.  When it comes to the deletion activity that is where RIVN is here to help companies get ready for any new law such as CCPA and GDPR.  For digital marketer and legal teams the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about RIVN option please visit https://www.rivn.com/
To learn more about regulations mentioned above please see the following links below: