3 Publishers on Data Regulation, Cookie Blocking & the New Age of Consumer Privacy

Data protection laws and privacy-minded browser updates are forcing publishers to rethink their digital business strategies and communication with users. At Publishing Executive’s FUSE Media Summit in November – just weeks before the California Consumer Privacy Act (CCPA) took effect at the start of 2020 – we invited media execs on stage to discuss how their organizations are adapting for success in the new age of consumer privacy.

The panel on Nov. 20 included Roberta Muller, SVP of product development at Northstar Travel Group; Kyle Shay, director of digital media at Annex Business Media; and Tony Mamone, COO and co-founder of Granite Media. Below we recap key takeaways from the discussion, including their top CCPA concerns and what they believe cookie blocking will mean for publishers moving forward.

On Navigating New Data Regulation

At Northstar Travel Group, a B2B media company, the audience department handles email governance and data compliance. “We have one person within that department who handles policy and regulation, and we have a law firm that we work with that is our ‘data privacy officer,’” Muller says. “We recently hired a data technology security director, so he is now looking at all of our infrastructure and all of our security and how we transport and move data throughout the organization.”

In preparation for CCPA, Muller said Northstar was planning training sessions with its help desk to ensure employees know how to catalog incoming data inquiries and understand how they will be monitored. “It’s also important that we go back to all of our vendors and make sure they understand we’re documenting requests for deleting data,” she adds, “because I don’t think anybody ever deletes data, which you actually have to now.”

Shay described a similar process at Annex Business Media, a B2B publisher based in Canada. The organization has an internal compliance officer for Canada’s Anti-Spam Law (CASL), and it regularly educates employees on data privacy procedures through video training and PDF manuals.

At Granite Media, a consumer media startup with roughly a dozen full-time staff, Mamone handles most of the company’s data privacy efforts. “My general strategy has been to fast follow,” Mamone says. He talks to fellow publishers, attends training sessions, and works with vendors to respond to regulations such as CCPA, working with his team to implement compliance measures.

“In most cases, if you’re making best efforts at the beginning, you’re fairly protected – at least from government action,” he says. “As long as we’re making efforts up front and we’re in that zone where the legislation is still shaking out, we can follow others and use vendors to help us because we don’t want to be inventing this ourselves. We know California is next, but California is not last.”

On Key Differences between GDPR and CCPA

While both the EU’s General Data Protection Regulation (GDPR) and California’s privacy law aim to give individuals more control over their personal information, the laws have crucial differences, including their consent requirements. GDPR requires opt-in user consent for any personal data collection, while CCPA requires businesses to enable consumer opt-out of personal data sales.

“One of the hardest things for me to get my head wrapped around with the new California law is when someone opts out, they have the ability to ask you to delete their data, but they also have the ability to ask you to see their data,” says Mamone. He points out that if a user is on a mobile phone using an app that is supported by a software development kit (SDK), you collect an anonymized ID, such as a session ID or advertiser ID, that gets passed to programmatic ad buyers. If a user asks to see their data, and the request comes from an email address, you can’t match an email address to those anonymized IDs, says Mamone, “so beyond email it’s going to be very hard to pass any of that data back to a user who requests it.”

Leah Wynalek is editor-in-chief of BRAND United. She is passionate about creating content that engages audiences across channels – and delivering insights that help others do the same.