It might seem odd that California passed the nation’s most sweeping data privacy legislation — the state is home to many companies in the tech industry, including heavyweights Facebook and Alphabet’s Google. But it turns out, Facebook and Google aren’t complaining.
Despite Facebook and Google’s ongoing scandals regarding user data, they don’t rely on selling data to advertisers. They sell advertising to their users. The privacy law has little impact when users freely give their information to Facebook or Google by using their services, according to Wired writer Antonio Garcia Martinez.
Both those companies already comply with the European Union’s General Data Protection Regulation, or GDPR. The California Consumer Privacy Act, which takes effect Jan. 1, 2020, is one step down from GDPR. It requires companies to give people a right to opt-out of sharing their personal information online (GDPR requires opting-in). The California law requires clear statements about a company’s collection of personal information and the right of individuals to delete that data. GDPR already does all that.
There also is a provision of the draft regulation that forbids companies from discriminating against individuals who don’t want their data to be collected or sold.
The companies most likely to be impacted by California’s privacy law are smaller actors in the online ad world. Companies such as Drawbridge or LiveRamp Holdings compete with Google and Facebook by offering advertisers other opportunities to target customers online, according to Garcia Martinez.
Drawbridge obtains information such as an individual’s IP address and GPS-derived location and sells it to advertisers to market across an individual’s devices. When an individual searches for a product on their work computer, they may suddenly find advertisements for the same products on their phone or tablet. “Such ‘cross-device targeting and attribution’ is one of the holy grails of modern digital advertising,” writes Garcia Martinez, who worked as advertising guru for Facebook.
LiveRamp, similarly, helps advertisers who already know their customers’ purchase history to market to them online. After all, consumers already give away a remarkable amount of information to retailers in exchange for loyalty cards, which helps retailers track their purchases and use personal information, such as emails and phone numbers, to market to them online.
These middlemen marketing companies may face a difficult time complying with the new law. Drawbridge announced it was leaving Europe shortly after the EU’s GDPR took effect. LiveRamp, which recently announced a compliance platform for its customers, has been losing money.
Of course, there are other companies impacted by the new law, including large retailers such as the Gap Inc. The California attorney general estimates the new law will cost companies with sites aimed at selling Californians products up to $55 billion to comply. It will definitely have an impact. Just not so much for Facebook or Google.