• by Bob Gaito , Columnist, July 19, 2018

On the heels of Europe’s GDPR, the recently passed California Consumer Privacy Act is the strictest privacy law in the country. And, as when California enacted auto emissions standards that were later adopted by the federal government, it could very well become a template for the rest of the nation.

The law requires that by 2020, companies collecting personal consumer information disclose the data they collect and what they use it for. In addition, they must provide a clear and conspicuous link on their homepage letting consumers prohibit the sale of their data to third parties, i.e. “Do Not Sell My Personal Information.”

This personal information includes web-browsing and search history — data that is routinely captured and sold to third parties to fuel the digital ad industry. It’s not surprising that the ad industry is preparing to lobby hard for changes before the law takes effect, but the reality is, third-party data has been under attack for some time and more limitations are inevitable. (Third-party cookie blocking by browsers, particularly Apple’s ITP, have also rattled the ad industry.)

Digital ads are already under scrutiny for targeting inaccuracies and performance measurement problems that lead retailers to question the effectiveness of their ad spends. Privacy legislation will only make matters worse, as third-party data becomes more watered-down and spread thin. To prepare, retailers should be shifting away from marketing strategies that rely on digital ads.

The best place to focus is on first-party data collection, storage and distribution — at the same time keeping a close eye on California as the law is tweaked for January 2020 implementation. In our experience, most retailers are not optimizing their identification technology or first-party data collection efforts. Even some very sophisticated companies (and vendors) are lacking in this area.

First and foremost, you should be using every strategy available to identify your website visitors. This enables the capture of first-party data that, when collected and used in compliance with privacy standards, enables direct marketing to consumers using website messaging, email, apps, direct mail and in-store strategies that are individualized to align with each customer’s interests. You can also use this data to create custom audiences for ads on social and web browser platforms, as well as measure performance against control groups to assess effectiveness.

The silver lining of privacy regulation is that it can help you become more customer-centric, demonstrating your commitment to customer privacy and preferences while simultaneously individualizing the customer experience. But beware, those who drag their feet are likely to feel it in the wallet, as “failure to respect customers’ data preferences will drive them to more customer-obsessed competitors,” says Forrester Research.

Like any law or regulation impacting business, privacy regulation can be viewed as a burden, an annoyance, or a step too far by governing agencies. Instead, try to think of it as a blueprint for earning and keeping your customers’ trust as well as acquiring new customers. Preparing for compliance now with a mindset of “how do I make the most of this opportunity” will strengthen your footing for the future, helping you personalize your marketing more effectively as you grow affinity to your brand.