At zeotap, privacy and security have always been at the core of what we do and part of our competitive advantage. We were the first global data company to obtain a GDPR-compliance certification 2 years before it even came into effect. Naturally, with CCPA, we adopted the same proactive approach and started working on it in much anticipation.
Even if CCPA only applies to California consumers, at zeotap we are not making any distinction and enforcing all of data partners to comply regardless of location. We have started by conducting thorough due diligence with each of our data partners from how they collect user data, notify them of such and the measures implemented to comply with users’ requests for information and deletion rights amongst others. Part of it includes making sure that the collection of any data that is not compliant –– such as data on users younger than 16 years of age –– was not only merely excluded from ingestion but also those data partners were specifically notified that data that is forbidden to be sent, has been in fact sent. We additionally requested a signed CCPA compliance addendum to their contracts.
We’ve also updated our privacy policies and included a “Do not sell my personal information” link to ensure consumers always have the option to opt-out for the collection and usage of their data. Users can also contact us and submit their requests via all channels available: our zeotap app (available on iOS and Android), our website “contact us” section, social media chats and email. Once the opt-out is processed, it would be passed onto our data partners as well as the distribution channels we work with.
Additionally, we also work with an external council of senior leaders in the areas of privacy and security, who have guided us through GDPR and who are now doing so for CCPA. Our membership to The Forum of Privacy Forum, IAB Consent Framework and IAPP keeps us in check with the latest privacy developments.
Zeotap is also fully ready to tackle CPREA if it ever takes effect. CPREA (California Privacy Rights and Enforcement Act) is the new law proposed by the man behind CCPA Alastair Mactaggart. If approved, CPREA would take effect on 01/01/2021. It takes a stricter stance compared to CCPA, but for a company like zeotap that follows the strictest privacy laws in the world to date –– GDPR –– it poses no major internal changes to zeotap’s already privacy-compliant processes.
As for developments in other states, Nevada has recently quietly passed an amendment to its online privacy law requiring businesses to offer Nevada-based consumers a right to opt-out of the sale of their personal information. The amendment became effective on 10/01/2019. Since CCPA is stricter than the Nevada law, zeotap is already compliant with it. Finally, both New York and Washington have also been making big efforts to pass stricter privacy laws, but unfortunately, they have failed so far due to a lack of support and lobbying efforts.