Home Data-Driven Thinking New Utah And Connecticut Data Privacy Laws Are Coming. Are You Ready?
OPINION: Data-Driven Thinking

New Utah And Connecticut Data Privacy Laws Are Coming. Are You Ready?

By AdExchanger Guest Columnist

SHARE:
Emilie Kuijt, data protection officer at AppsFlyer
Emilie Kuijt Data Protection Officer

Another day. Another privacy law. *Cue emergency marketing meeting.*

Marketers might as well go ahead and add “tightrope walker” to their list of skills. The delicate balance between personalization and stringent privacy laws is just as precarious as a high-wire act. 

Research shows that 66% of consumers want personalized ads, but nearly half of them are uncomfortable sharing any data. And with Utah and Connecticut joining California, Virginia and Colorado to become the fourth and fifth states to enact data privacy laws, marketers can’t seem to catch a break. 

While experts believe these new laws are similar to those already in effect, any new regulations can potentially throw a wrench into your operations. Prepare for what’s to come with this breakdown of what these laws are and their effects on marketing strategy. 

Utah’s Privacy Act (UCPA): Narrow scope, broad exemptions for SMBs

Utah’s Privacy Act (UCPA) that goes into effect on December 31, 2023, bears a close resemblance to Virginia’s Consumer Data Protection Act. If you switched up your strategy to align with that law in 2021, you should be able to pivot quickly for UCPA. 

Like Virginia’s privacy act, UCPA gives consumers the right to access personal information that businesses collect on them. It also allows them to request deletion or to obtain a “portable copy” of the data. Additionally, consumers can also opt out of sharing their data for targeted advertising. 

Utah’s act is being hailed as more business-friendly than Virginia’s. Thanks to its narrower scope, it offers some exemptions to SMBs. 

Does this law apply to your business? 

The UCPA only applies if: 

  • You conduct business in Utah
  • Your annual revenue exceeds $25 million USD and
  • Your company deals with fewer than 100,000 consumers or
  • Less than 50% of your gross revenue comes from selling consumer data

In general, nonprofits are excluded from this law. Any data covered by another privacy law, such as HIPAA, or a public records law, such as tax rolls, would also be exempt. 

Connecticut’s Privacy Act (CTDPA): Similar but stringent?

Provisions in the Connecticut Data Privacy Act (CTDPA) that allow consumers to opt out of targeted advertising, profiling and data sales are stricter than in similar laws passed in California, Colorado, Virginia and Utah. The law also prevents “the right to cure,” meaning companies won’t be able to fix violations to avoid penalties. The law goes into effect on July 1, 2023.

Does the act apply to your brand?

The Connecticut law only applies if:

  • You conduct business in Connecticut
  • Your company handles the personal data of 100,000 consumers or more (not including data used to make payments) or
  • Your company handles the personal data of 25,000 consumers or more and made over 25% of its gross revenue from selling personal data.

Though the exemptions in this law are similar to Utah’s, there is no annual revenue threshold, so there’s no relief for small businesses. 

Importantly, both the Connecticut law and the Utah law require explicit consent to obtain children’s data.

How to prepare for these laws: Save this checklist

If you’re a data privacy champion and are GDPR compliant, you’re likely already in compliance with these new regulations. If not, here’s a checklist to get ahead of what’s to come: 

  • Provide a clear and easily accessible privacy policy that contains:
    • Categories of personal data you collect and reasons for collecting it (FYI: Consumers are more likely to share data if you’re transparent)
    • Categories of personal data you share with third parties (if applicable) and the categories of third parties you share data with
    • An active email address or online form consumers can use to contact you
  • Provide users with a clear and prominent way to opt out of the sale of their personal data to third parties, and an equally simple way to opt out of targeted advertising (the link or button must be clear and conspicuous on your site)
  • Collect only relevant and necessary data and ensure data is used only for intended purposes; don’t collect any sensitive data
  • Obtain explicit consent from all users, especially for consumers 16-19 years old
  • Don’t obtain consent through “dark patterns” and offer an easy way to revoke consent; stop processing data after consent is revoked
  • Work with data governance teams to:
    • Document all data collected 
    • Identify what falls under “personal data”
    • Design data architecture to minimize data collection

Sidestep the privacy-personalization paradox 

In addition to the five states that have already signed privacy bills into law, there are 21 considering privacy legislation. More are sure to follow. 

These fragmented privacy laws mean marketers will have a harder time developing loyal relationships with customers. And as consumers become aware of the dangers of being constantly surveilled, they’ll adopt privacy measures like VPNs. Measuring your marketing efforts could become a tall order.

Opt out of the waiting game. Stop hoping new privacy laws won’t make both customer-facing campaigns and internal measurement harder. Future-proof your marketing by making privacy the focal point of your marketing efforts.

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Follow AppsFlyer and AdExchanger on LinkedIn.

Tagged in:

Must Read

Publishers

Sports Publisher On3 Tries AI Recommendations To Keep Engagement In Its Home Court

Mula’s AI native content feed helps On3 keep its engagement and RPS consistent amid traffic drop-offs to publisher sites and the growing scarcity of online attention.

Comic: Race To The Bottom
Publishers

Hearst Built A Unified Ad Marketplace To Simplify Omnichannel News Buys

Hearst is stitching together its far‑flung news properties into a single programmatic marketplace to simplify buying local news and shore up its business as the ad market shifts.

Measurement

Northbeam Adds The Third Leg Of The Attribution Stool With Incrementality Testing

There’s MMM and MTA, but no single ad measurement works for brands with multiple points of sale. On Tuesday, Northbeam launched an incrementality tool to complete what it calls “the trifecta of digital attribution.”

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: The Great Online Privacy Battle
Data Privacy

What Regulators Talk About When They Talk About Ad Tech

If you want to know what privacy regulators think about online advertising, it’s not a mystery. Just listen to what they’re saying.

Publishers

Keyword Blocking Demonetized More Than Half Of Reuters’ Brand-Safe Stories

The effect wasn’t just limited to news content. The Reuters.com/lifestyle vertical also had some of its brand-suitable pages blocked.

AI

The Agentic Marketplace Is Here. Where Does That Leave DSPs and SSPs?

Swivel and Olyzon’s new partnership brings buy-side and sell-side agents together as early examples of an agentic marketplace.

Popular

  1. Seattle, WA USA - circa February 2023: Close up view of Liquid Death sparkling water for sale inside a grocery store
    Measurement

    Liquid Death Lets Incrementality Decide What Tactics To Kill And What To Keep

    Behind its edgy marketing, Liquid Death faces a familiar CPG problem: Most sales happen at the register, where media measurement goes to die.

  2. Comic: Race To The Bottom
    Publishers

    Hearst Built A Unified Ad Marketplace To Simplify Omnichannel News Buys

    Hearst is stitching together its far‑flung news properties into a single programmatic marketplace to simplify buying local news and shore up its business as the ad market shifts.

  3. AdExchanger's Big Story podcast with journalistic insights on advertising, marketing and ad tech
    PODCAST: The Big Story

    What Is AI Automating In Ad Tech?

    Every company wants an AI-powered product. So what do they all look like? From A/B testing and media optimization to agentic interfaces for customers, we give a rundown on AI’s most popular applications in ad tech.

  4. Frans Vermeulen, Co-Founder & President, Swivel
    OPINION: On TV & Video

    Why CTV Is Becoming The First Real Test Of Agentic Advertising

    CTV never fit cleanly into campaign execution models built for RTB-based trading. Whether agentic AI solutions can simplify the complicated CTV landscape for publishers will be their first real test case.

  5. Marketers

    Linkby Raises $15 Million For its Hybrid PR And Affiliate Marketing Network

    Linkby, which connects brands with publisher content that advertisers pay for based on reader engagement, announced its $15 million Series B on Tuesday.