Navigating the New Privacy Regulations

What Web and Marketing Teams Need to Know

John Doyle
John Doyle
CEO, Technical Architect, Drupal SME, Open Source Champion
blog image

Privacy regulations are changing rapidly and businesses need to be ready. Online privacy laws were first introduced in Europe with the introduction of GDPR, but now they are being rolled out around the world. Marketing teams will need to learn how to navigate these new regulations and make sure that their web properties comply with them. In this article, we'll talk about what privacy regulations do, why marketers should care, and what you can do as a marketer to ensure your website complies with these new rules.

What are Some of the New Privacy Laws Impacting Marketing Teams in the United States?

Let's take a look at the 3 laws that have been passed in the United States as of September 2021.

  1. California Consumer Privacy Act (CCPA) - CCPA was the first web-focused privacy regulation released and enforced in the United States. CCPA was signed into law on October 11, 2019 and was effective as of January 1 2020.
  2. Virginia Consumer Protection Data Act (CDPA) - CDPA was released earlier this year on March 2nd, 2021 and will be effective January 1st, 2023.
  3. Colorado Privacy Act (CPA) - CPA was released earlier this year on July 8th, 2021 and will be effective July 1st 2023.

For a more wholistic review of all of the Privacy Laws, we highly recommend you check out WireWheel's Privacy Laws Comparison table. WireWheel is a leader in the privacy compliance solutions space and has some amazing resources and tools to help web and marketing teams get compliant.

What is the difference between an opt-in privacy regulation and an opt-out privacy regulation?

Privacy laws can be split up into two categories; opt-in (requiring users to explicitly give consent) or opt-out (allowing users to withhold their information from marketers). This is why we see such a variety of new privacy regulations and there's no one-size-fits-all solution for web teams to follow.

Opt-In Privacy Regulations - Privacy laws that require consumers to give explicit consent before their information is shared with third parties are considered opt-in. GDPR is an example of an Opt-In Privacy regulation.

Opt-Out Privacy Regulations - Privacy laws that require consumers to explicitly opt-out of sharing their information are considered opt-out. The California Consumer Privacy Act (CCPA), Virginia Consumer Protection Data Act (CDPA), and the Colorado Privacy Act (CPA) are all examples of Opt-Out privacy regulations.

Does my Business Need to Comply with all of these Privacy Regulations?

The answer: it depends. Each of these privacy regulations has minimum requirements to be enforced. For example, CCPA likely does not apply to any business if all 3 of these criteria are met:

  1. Annual Revenue is under $25M
  2. Collects information from less than 50,000 California consumers, householders or devices for commercial purposes
  3. Less than 50% of annual revenue is driven by the sale of personal information

We recommend consulting your legal team to determine your business's stance on these privacy laws.

How Will These Regulations Impact my Web and Marketing Team?

Web and Marketing teams are typically the ones responsible for setting up and managing the interaction between a business and its consumers as it relates to data privacy. There are several key interaction points that web and marketing teams are responsible for supporting as it relates to privacy regulations.

  1. Consent Management - Allowing consumers to opt-out (or opt-in depending on the regulation) to being tracked and marketed to. Consent Management Platforms are growing more sophisticated and powerful as the privacy landscape evolves. They are a key tool for marketing teams looking to become complaint and any good CMP solution will include features such as Geolocation, Translations, and Regulation Specific configurations.
  2. Data Subject Access Requests (DSAR) - Allowing consumers to request to access or delete the data that your organization has on them is an important part of these regulations. Some organizations handle this via a manual process through a dedicated email account, other organizations automate this through tools such as WireWheel's DSAR solution. Whichever route you choose - your marketing team is likely responsible for setting up and maintaining the entry point.
  3. Privacy Notices - Providing consumers with information about your website, what data it collects, and how that data is used is an important part of these regulations. This is typically handled by a Privacy Policy page hosted on your website.

Privacy regulations are changing the way web and marketing teams interact with consumers. Marketing teams need to be up-to-date on the latest privacy laws, how they impact their business, and what tools/resources to use for compliance management. If your web and marketing team is looking for help implementing these tools and technologies - contact us today!