Consumer Online Privacy Rights Act (COPRA)

Consumers across the globe have heard new acronyms regarding privacy. From the General Data Protection Regulation (GDPR) to California Consumer Protection Act (CCPA). All of these regulations have a simple goal; create trust between brands and consumers. However, most of the regulations have been developed in silo’s at the state or regional level only. 

The latest US legislation is known as the Consumer Online Privacy Rights Act (COPRA). COPRA is designed to “provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement,” laudable goals and ones on which privacy advocates, consumers and industry are increasingly finding common ground as states around the countries craft disparate rules on privacy protection.

The quote above comes from a recent IAPP article entitled “US Senators Unveil New Federal Privacy Legislation” which can be found here. The article also highlights the penalty level included in COPRA which is between $100-1,000 per infraction per day.

One novelty or twist that COPRA brings to the table is the bill tackles algorithmic decision-making, requiring those engaged in the practice to facilitate advertising or eligibility determinations for housing, education, employment or credit to conduct an impact assessment annually for accuracy, fairness, bias and discrimination. Challenges related to “deep fakes” are also addressed.

Below is an excerpt from the article that highlights the six pillars of COPRA:

Consent: The bill requires individual consent for data processing, including express affirmative consent for processing sensitive data, which is very broadly defined but excludes “publicly-available information.” Much like the California Consumer Privacy Act, COPRA provides individuals the right to opt out of the transfer of their covered data for “valuable consideration” and would grant the FTC rulemaking in that area.

  1. Access: The act requires covered entities to provide individuals with their own covered data upon request, in a portable format, as well as the name of any third party to which it has been transferred for valuable consideration.
  2. Correction and deletion: Individuals are granted the right to correct and delete their own covered data.
  3. Transparency: Covered entities must publish a privacy policy that includes information commonly seen in such policies today. This includes contact information for the entity, the categories of data processed, and the categories of third parties and service providers to which information is transferred. Somewhat more novel requirements include retention timelines, and perhaps more contentious, the identity of each third party to which covered data is transferred. The policy must be made available in all languages in which the covered entity does business.
  4. Data minimization: Covered entities may only process covered data for specific purposes, subject to necessity and proportionality standards.
  5. Data security: Covered entities must provide reasonable security, assess vulnerabilities, implement corrective action when risks are identified and dispose of data that is no longer needed.

As noted in the third bullet point above consumer deletion request will continue to be a key part in almost all new privacy regulations. For digital marketers, finance, IT professionals and legal teams the greatest hurdle may be consent management and the “Right to Erasure/Deletion” itself. 

Contemporary organizations are searching for a module based solutions such as RIVN to step up to meet this need with an easy to use SaaS based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about regulations mentioned above please see the following links below:

The Power of Privacy

If you search the term “privacy” in Google you would see about 19 billions results in half a of second. The reality is people across the globe are interested in learning more about privacy and how they can protect themselves. More importantly the power of consumer privacy is on the rise. Recent news stories have highlighted the power of privacy in regards to big technology companies and political campaigns. 

Pew Research recently reported that “roughly six-in-ten U.S. adults say they do not think it is possible to go through daily life without having data collected about them by companies or the government.”

The team at Forbes recently published a great article found here. The article gives great background into how the rise of privacy has become a mainstream topic along with certain business vertices and technologies that are the most impacted.

Credit:https://www.enisa.europa.eu/news/enisa-news/security-for-privacy-on-data-protection-day

Below is an excerpt from the article:

Andrew Hawn, my former colleague and now founder of MetaForesight, is a technology, media and content expert. Andrew has been collaborating with my analytic startup, Metametrix, and we recently spoke about privacy and its far-reaching implications.

“We’re seeing a social shift in the long term effects of privacy…. As billions more in venture investing targets our personal data for resale in a multitude of ways, people are starting to more deeply question their growing lack of data privacy and control.”

Andrew went on to say:

“The truth is that there is only so much regular citizens can do without laws and policies that empower citizens to retake some personal data power. The EU’s GDPR was a blunt first instrument, and now California’s CCPA is trying to take a slightly smarter approach starting in 2020.”

“Just trying to turn things off by playing whack-a-mole won’t work; we need new innovations focused on protections that are more conversation driven and transparent.”

What these comments do give insight to is new technologies such as RIVN need to be in place so companies have the ability to respect user privacy preferences. All companies will need to adopt scalable technologies that lead to compliance.  

For digital marketers, finance, IT professionals and legal teams the greatest hurdle may be consent management and the “Right to Erasure/Deletion” itself. Contemporary organizations are searching for a module based solutions such as RIVN to step up to meet this need with an easy to use SaaS based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about regulations mentioned above please see the following links below: