Europe’s GDPR took effect in May 2018, but 2019 was the year privacy got real for marketers in the U.S. There was a convergence of legal, technological and cultural factors that forced brands, publishers and tech companies to confront privacy head-on in ways they’d been trying to avoid for years.
CCPA comes into sharp focusThe California Consumer Privacy Act (CCPA) was passed in 2018 and came into sharp focus this year, as January 1, 2020 has approached. As we draw closer to that implementation deadline, the IAB, DAA and a host of software companies have introduced “compliance frameworks” and tools to help marketers and publishers address the requirements of the act. However, there’s still considerable corporate foot dragging and uncertainty. That’s consistent with what happened with GDPR compliance. Indeed, many companies operating in Europe are still not fully compliant more than a year and a half later. With CCPA, there won’t be any enforcement actions before July 1, 2020, giving affected marketers some additional time to get in line. For much of 2018 and early 2019, big tech companies and industry trade groups criticized and fought CCPA — trying to weaken it with unsuccessful amendments – because of anticipated compliance costs and fear that more limited access to data would harm revenues or disrupt the ads ecosystem. That very much remains to be seen.
The war on third-party cookies and ‘bad ads’In September, Firefox launched Enhanced Tracking Protection, which included default third-party cookie blocking. Apple updated Safari’s Intelligent Tracking Prevention (ITP) to strength anti-tracking and cookie blocking capabilities and rules:
- ITP now downgrades all cross-site request referrer headers to just the page’s origin. Previously, this was only done for cross-site requests to classified domains.
- ITP will now block all third-party requests from seeing their cookies, regardless of the classification status of the third-party domain, unless the first-party website has already received user interaction.