It will cause the biggest disruption to digital advertising since the launch of the iPhone.
Brands are preparing. Campaigns, well, not so much.
At least that’s an early indication from a recent audit of websites for 23 active 2020 presidential candidates ranging from President Trump to Andrew Yang.
California’s EU-style digital privacy protections are set to go into effect in January 2020 — only a few months before the state hosts what could be its first competitive presidential primary in more than a decade.
At its core, the California Consumer Privacy Act (CCPA), which is the closest thing in America to the EU’s General Data Protection Regulation (GDPR), is meant to increase transparency by requiring greater disclosure of who is behind paid online marketing for campaigns and groups.
It is also meant to empower consumers who want to know what data companies and organizations have on them and requires a clear opt-out option on “on every page of every website” for those who don’t want to be tracked. It also lets consumers sue a company for failing to keep their information secure.
But the non-profit Internet Society’s Online Trust Alliance, which promotes digital best practices, found that the majority of the 2020 presidential candidates fail to meet the most basic of website and email security protocols.
That might seem like a minor concern as outreach to voters online has shifted primarily to social platforms. But the OTA’s audit sounded a note of caution with less than three months before the implementation of the CCPA.
“The most common statement regarding data sharing [on the campaigns’ websites] was that it could be shared with ‘like-minded’ organizations, which is in contrast to current generally accepted practices in the U.S. and directly counter to newer regulations such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA), which goes into effect in 2020,” the researchers write.
And despite privacy being an issue for some candidates, the campaigns had a failure rate of 70 percent in the privacy category — "nearly five times the overall failure rate for other sectors.
Of the 16 campaigns that had a failure, all failed in privacy, and two also failed in consumer protection.”
For instance, John Delaney wants Congress to adopt the CCPA, yet his campaign had a failure in the audit. Meanwhile, Elizabeth Warren has proposed “jail time for corporate executives found liable for data breaches.” Her campaign also failed to make the Honor Roll.
Jeff Wilbur, technical director of the Internet Society’s OTA, told C&E that the audit’s findings reveal that campaigns are trailing not just behind current regulation, but their marketing counterparts at major corporations.
“Even those who passed in the privacy area barely passed — it’s not like we’re giving a ringing endorsement,” Wilbur said. “I’m not sure that the campaigns have kept pace especially the new privacy laws that are about to come into play.”
The CCPA is a “much higher bar.”
If campaigns wanted to set an example, “they should be leading in that sector, not trailing,” Wilbur said of privacy.
Now, ask most digital consultants what the CCPA will do to their strategies for reaching California voters and the answer is frequently wait and see — or an admission they aren’t familiar with the law at all.
Still, Beth Becker, a digital practitioner who works with down-ballot Democrats, noted that there’s an easy way to get around tightening regulations.
“If you’ve got [a voter’s] consent, it doesn’t matter what they legislate,” she said.