Think CCPA doesn’t apply to you? You should probably think again

doesn, Think
think-ccpa-doesn’t-apply-to-you?-you-should-probably-think-again

The California Consumer Privacy Act (CCPA) has many companies in the U.S. scrambling to figure out whether and how to comply when the law goes into effect on January 1. It explicitly covers for-profit companies doing business in California or with California residents.

The plain language of the statute says one or more of the following conditions must apply to companies for them to be covered by the privacy law:

  • Has
    annual gross revenues in excess of $25 million;
  • Possesses
    the personal information of 50,000 or more consumers, households, or devices;
    or
  • Earns
    more than half of its annual revenue from selling consumers’ personal
    information

This would appear to exempt companies that don’t fall into these relatively clear categories. However, that may not necessarily be the case. I asked several companies and experts for their responses to the question, “Which (types of) companies can confidently ignore CCPA?”

Some probably can but shouldn’t, was the consensus.

Questions for agencies

“One area where the verdict is still out is how CCPA will impact large agencies because of the issue of data ownership,” said Noah Jacobson, SVP of Corporate Development, TapClicks. “Does the responsibility rest on the shoulders of agencies themselves or their clients? For example, a brand might fall under the CCPA threshold and would not have to meet any of the new regulatory requirements, but if an agency has multiple accounts like this, the volume of customer data can quickly surpass the 50,000 threshold. Will that agency then, along with all the clients/brands it represents, have to take action in order to comply?”

CCPA is the beginning

“With CCPA looming in 2020, many companies large and small are evaluating if it applies to them and, if so, how they will be complying with the law,” said Justin Scarborough, programmatic media director, PMG. “The short answer is that any organization that collects any amount of personal data from California residents — be it as innocuous as a cookie or device ID or as robust as customer information — and does any business in the state of California or with California residents will almost assuredly be subject to the regulation.”

“Additionally, our point of view is that CCPA is only the first step in a journey toward more GDPR-style regulation at a national level. Nevada already enacted a similar measure and numerous other states will be addressing comparable legislation in 2020,” said Scarborough. “These state laws will likely pave the way for federal regulations that will apply to all US residents, not just those of a single state. This is why we are urging our partners and customers to have a long-term vision and strategy for handling and processing customer data beyond CCPA. We believe it is important to consider long-term, scalable solutions that address this issue beyond 2020 and across all markets.”

If your business is online at all, pay attention

“The only companies that can confidently ignore the CCPA are businesses with no online footprint whatsoever, no loyalty program, no email marketing, no system of digital record-keeping — nothing,” said Cillian Kieran, CEO and founder, Ethyca. “If you’re a dog walker that posts local flyers to reach clients, if you’re an independent mom and pop corner store that processes credit cards manually, maybe you can afford to completely ignore CCPA. Otherwise, even if you fall below certain threshold criteria, you have to look at how the wind is blowing.”

“The public frustration, the regulatory energy, and the proliferation of tools to help you comply all point to the same thing: the penalties for getting privacy wrong will grow and the equity gained from employing good privacy practice will also grow,” Kieran added. “In the end, I don’t believe that regulators will be the strongest enforcers of privacy compliance. I believe customers will vote with their feet.”

Massive cultural, regulatory shift

“I don’t think any companies should ‘ignore’ the CCPA because privacy is not a trend that is going away. As an experienced CMO, and as any experienced executive should see, I believe there has been a massive shift in the landscape around privacy and companies must pay careful attention to the law as well as to the overarching cultural climate,” said Norman Guadagno, CMO of Acoustic. “This is not a time for any business to ‘ignore’ this issue or the regulations emerging.”

“Instead, brand marketers – whether or not they’re currently doing business in California – should be putting their own systems in place that are transparent and respectful of customer privacy as opposed to taking a wait-and-see approach when it comes to privacy issues,” said Guadagno. “Trying to circumvent the CCPA now will ultimately be fruitless as future privacy regulations, many of which are already under review with other state legislatures, are inevitable.”

“As consumers become more educated on where their data lives, they will begin to, as they already have, invest in brands that respect their privacy and are transparent about how they use personally identifiable information,” Guadano predicts. “The brands that will succeed in a future where data and privacy are top-of-mind for customers are the ones that are already being proactive and updating outdated privacy policies, whether or not they’re legally required to do so.”

Marketers benefit

Guadano went on to say that, “Despite the air of uncertainty from the marketing and advertising industries, I actually believe the CCPA will benefit marketers by forcing them to find new ways to drive loyalty without jeopardizing customer privacy. According to Acoustic’s own research, privacy regulations are pushing brands to have an increased focus on list hygiene and higher-quality subscribers, thus improving email marketing campaign targeting and increasing success rates.”

He noted that Acoustic’s 2019 Benchmark Report found open rates climbed 14% and click-through rates increased by 19% between 2014 and 2018, “which indicates to me that privacy regulations are benefitting marketers already, even though the first U.S. privacy law has not even come into effect yet. I predict even more beneficial changes once these regulations begin to roll out, beginning with the CCPA in January 2020.”

Think “privacy forward”

Studies in Europe have shown that adherence to GDPR privacy rules has not hurt firms doing business in the EU. In fact, it appears to have had the opposite impact — helping them outperform their non-compliant peers. By extension there could be a similar benefit for CCPA-complaint companies in the U.S.

However, whether or not CCPA technically applies to your brand or agency, comprehensive federal privacy legislation is probably coming. As the perspectives above indicate, companies should be “privacy forward” in their thinking and recognize this will be critical for any company dealing with customer data, as well as potentially integral to their marketing, in the future.


About The Author

Greg Sterling is a Contributing Editor at Search Engine Land. He writes about the connections between digital and offline commerce. He previously held leadership roles at LSA, The Kelsey Group and TechTV. Follow him Twitter or find him on LinkedIn.



Google doesn?t have an ?ideal? page speed

doesn, Google
google-doesn?t-have-an-?ideal?-page-speed

“[Optimizing for site speed] will never go to a point where you just have a score that you optimize for and be done with it,” said Google Webmaster Trends Analyst Martin Splitt on the October 30 edition of #AskGoogleWebmasters. Splitt joined fellow webmaster trends analyst John Mueller to field four questions on the topic of site speed, tools and metrics.

Ideal page speed. “What is the ideal page speed of any content for better ranking on SERP?” asked Twitter user @rskthakur1988.

“Basically, we are categorizing pages more or less as ‘really good’ and ‘pretty bad,’ so there’s not really a threshold in between,” said Splitt, advising that site owners should just focus on making their sites fast for users instead of fixating on an ideal page speed.

In terms of actual speed metrics, Google tries to calculate the theoretical speed of a page using lab data as well as real field data from users (similar to Chrome User Experience Report data), Mueller explained.

The best speed tool. “I wonder, if a website’s mobile speed using the Test My Site tool is good and GTmetrix report scores are high, how important are high Google PageSpeed Insights scores for SEO?” asked Twitter user @olgatsimaraki.

“In general, these tools measure things in slightly different ways,” said Mueller. “So, what I usually recommend is taking these different tools, getting the data that you get back from that and using them to discover low-hanging fruit on your web pages — so, things you can easily improve to really give your page a speed bump.”

The aforementioned tools are also meant for different audiences. “Test My Site is pretty high-level, so everyone understands roughly what’s going on there, where as GTmetrix is a lot more technical and PageSpeed Insights is kind of in the middle of that, so depending on who you are catering to — who you are trying to give this report to, to get things fixed — you might use one or the other,” said Splitt.

The best page speed metric. “What is the best metric(s) to look at when deciding if page speed is ‘good’ or not? Why/why not should we focus on metrics like FCP/FMP instead of scores given by tools like PageSpeed Insights?” asked Twitter user @drewmarlier.

FCP, which stands for first contentful paint, measures the time from navigation to when the first text or image is painted. FMP, or first meaningful paint, measures the time it takes for the main content of a page to become visible.

“It’s the typical ‘it depends’ answer,” said Splitt. “If you have just a website where people are reading your content and not interacting as much, then I think first meaningful paint or first contentful paint is probably more important than first input delay or time to interactive. But if it’s a really interactive web application, where you really want people to immediately jump in and do something, then probably that metric is more important.”

“The problem with the scores is they are oversimplifying things,” said Splitt, advising that instead of focusing on a score, “use the specific insights that different tools give you to figure out where you have to improve or what isn’t going so well.”

Imperfect speed metrics. “I am testing an almost empty page on #devtools Audits (v5.1.0) it usually gives minimum results which 0.8ms for everything and 20ms for FID but sometimes it gives worse results in TTI, FCI and FID. Same page, same code. Why?” asked Twitter user @ocurcelik66.

The acronyms above refer to the following:

  • FID – First input delay; which measures the time between when a user first interacts with your site (i.e., when they click on something) to the time the browser is able to respond to the interaction.
  • TTI – Time to interactive; the amount of time it takes a page to become fully interactive.
  • FCI – First CPU idle; the amount of time before there’s no longer any JavaScript or other work that needs to be done by the CPU.

“First thing’s first, these measurements aren’t perfect,” Splitt prefaced, adding that there will always be some noise in the measurements.

“Don’t get too hung up on these metrics specifically. If you see that there’s a perceptible problem and there’s actually an issue that your site stays working on the main thread and doing CPU work for a minute or 20 seconds, that’s what you want to investigate. If it’s 20 milliseconds, it’s probably fine,” said Splitt.

There’s no simple answer. “You can’t break down speed into one simple number — it is a bunch of factors,” said Splitt.

“If I’m painting really quickly, but then my app is all about interaction — it’s a messenger — so I show everything, I show the message history, but if I try to answer the message I just got, and it takes me 20 seconds until I actually can tap on the input field and start typing, is that fast? Not really. But, is it so important that I can use the contact form on the bottom of a blog post within the first 10 seconds? Not necessarily, is it? So, how would you put that into a number? You don’t.”

In the example above, Splitt highlighted the importance of selecting the speed metric that most accurately reflects how speed influences your user experience. Naturally, different types of content will require varying levels of interaction by the user, which is why certain metrics are more relevant than others.

Why we should care. Overemphasizing a particular metric, or even a specific speed score, may not be the best use of your resources as Google itself does not categorize speed in such a specific manner.

Knowing what you’re measuring will allow you to select an appropriate metric to reference and tool to use so that you can improve your site’s speed in ways that will improve user experience, as opposed to pumping up a metric that doesn’t have meaningful implications for the way users interact with your pages. As with all metrics, context matters.

For the latest coverage on site speed, bookmark our SEO: Site Speed section.


About The Author

George Nguyen is an Associate Editor at Third Door Media. His background is in content marketing, journalism, and storytelling.