Home Data-Driven Thinking What Does The CPRA Mean For Behavioral Advertising?
OPINION: Data-Driven Thinking

What Does The CPRA Mean For Behavioral Advertising?

By AdExchanger

SHARE:
Richard Eisert headshot

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Richard Eisert, partner at Davis & Gilbert.

For the ad tech community, election day felt like deja vu. Less than a year after the California Consumer Privacy Act (CCPA) came into effect, the California Privacy Rights Act (CPRA) passed through a ballot initiative. Like its predecessor, the CPRA will have dramatic implications for the ad tech ecosystem.

The CPRA was touted as legislation that would fill in the blanks that CCPA left open and further CCPA’s consumer protections. Significantly for online advertisers, the CPRA more specifically addresses businesses’ obligations when engaging in behavioral advertising.

Under CCPA, some businesses engaged in behavioral advertising interpreted “sales” as excluding the exchange of personal information, such as cookie data, for targeting and serving advertising to users across different platforms, arguing that no “sales” were involved because no exchange for “valuable consideration” had occurred. The CPRA’s introduction of the concept of “sharing” closes this potential loophole.

And, the CPRA clarifies that it intends to regulate the processing of any information for “cross-context behavioral advertising,” defined as ad targeting of consumers based on personal information collected across businesses, websites, applications or services with which the consumer did not intentionally interact. The CPRA extends the same opt-out and transparency rights to consumers for any “sharing” of their personal information, which includes making such information available for cross-context behavioral advertising “whether or not for monetary or other valuable consideration.”

The CPRA also makes clear that while businesses can still disclose personal information to “service providers” and “contractors” for “business purposes,” those “business purposes” do not include “cross-context behavioral advertising” and that any disclosure for such advertising activities will disqualify any recipient of that information from being considered a “service provider” or “contractor.”

So what will not be subject to these new requirements?

Disclosures involved in first-party advertising and auditing to gauge ad performance are identified as “business purposes” carved out of what are considered “sales” or “sharing”. In particular, “non-personalized advertising” is distinguished from “cross-context behavioral advertising” as advertising and marketing that “is based solely on a consumer’s personal information derived from the consumer’s current interaction with the business” and does not involve “precise geolocation information.”  Non-personalized advertising is included in the definition of a “business purpose,” and will not constitute “sales” or “sharing” when the personal information is not disclosed to another third party or used to build a profile for the consumer.

Other language in the CPRA may provide advertisers a bit more leeway in carrying out certain advertising activities. When consumers use or direct a business to “intentionally interact” with third parties, it is not considered a “sale” or the “sharing” of personal information. Deliberate interactions such as visiting an entity’s website or purchasing goods or products from a party constitute “intentional interactions” as newly defined in the CPRA.

The CPRA also further clarifies CCPA’s limitation on a business’s liability for the violations of third parties to whom it discloses personal information. Businesses that disclose non-opted-out personal information to third parties and impose on such parties certain contractual provisions protecting consumer rights will not be liable for those parties’ subsequent violation of CPRA if the business has no reason to believe such violations would occur.

A version of this “safe harbor” was provided in the CCPA, and the CPRA preserves this protection from liability albeit with an added contractual provision requirement. This exemption from liability may continue to provide assurances to compliant publishers who are concerned about their liability for downstream recipients of personal information (e.g., in real-time bidding situations), and potentially lessen the exposure for publishers under the CPRA even when disclosing personal information for cross-context behavioral advertising.

As the CPRA’s regulations emerge, the contours of how cross-context behavioral advertising may be permitted under the new law will become clearer. One question to consider is what sort of activities will count as “intentional interactions” that will afford some flexibility under the statute. Another is whether any more room to conduct cross-context behavioral advertising activities will be granted to entities that have registered as “data brokers” under California’s separate data broker law.

As we wait for those answers, businesses will have to readjust their data privacy compliance plans in preparation for the CPRA’s effective date on Jan. 1, 2023, and its one-year look back requirement.

Follow Davis & Gilbert (@dglaw) and AdExchanger (@adexchanger) on Twitter.

Tagged in:

Must Read

Meta is giving advertisers the ability to connect their third-party analytics tools directly to its ad platform via API.
Platforms

How Apparel Brand Tuckernuck Devised The 'Why' Behind Its CTV Ad Performance

Performance CTV tech company Keynes launched an AI-powered platform. Tuckernuck says it can finally “pop open the hood” and see what’s working.

Salt Lake City, Utah, U.S.A. - February 24th 2021: Martinelli Gold Medal Sparkling Blush for festive occasions and gatherings. Fermented Apple Cider from the state of California.
Measurement

How Juice Brand Martinelli’s Gets To The Core Of Retail Media Incrementality

ROAS who? Martinelli’s is testing how crisp its retail media spend really is by using a new metric called incremental ROAS.

A scale with the letters AI on one side and a pencil and ruler on the other. The pencil and ruler represent the concept of measurement and precision
Measurement

Measured Has A New Tool That Lets Marketers Chat With Their Incrementality Data

Media measurement provider Measured launched an MCP integration that allows brands to ask ChatGPT, Claude, Gemini and other AI platforms how their media is performing.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
CTV

Roku Revamps Its Home Screen To Appease Both Consumers And Advertisers

Roku unveiled its new home screen, which includes new features designed to further personalize the home screen experience for each viewer.

CTV

Why Critics Say Email-Based IDs Don’t Work For CTV

Email targeting in CTV has a credibility problem as buyers and sellers question whether one-to-one identity even fits a channel built for broader reach.

PODCAST: AdExchanger Talks

How ‘Wrapped’ Insights Become Audience Segments

How does Spotify translate quirky Wrapped labels, like “divorced dad hipster,” into ad audiences? And is AI-generated content safe for brands? Spotify’s Global Head of Ad Product Katie English weighs in.

Popular

  1. Publishers

    Amazon Has New Tools To Help Publishers Prove Which Bidstream Signals Drive Demand

    Amazon Publisher Services released a host of tools, such as Signal IQ, to help publishers see which bidstream signals drive demand. Pinpointing which signals drive higher revenue is key for publishers.

  2. Sarah Caputo, Founder & Independent Advisor, Fraction Method
    OPINION: Data-Driven Thinking

    From Open Internet To Open Agent: The Architecture Buyers Were Promised Is Finally Here

    The programmatic intelligence layer is owned by the same parties that are extracting margin from it. That structure is now being dismantled by an AI-underpinned protocol that moves the intelligence layer into the open.

  3. CTV Roundup

    FAST Content Isn’t Always ‘Premium,’ But That’s Where TV Ad Innovation Is Happening

    The FAST channel ecosystem is providing advertisers with a sandbox (no, not that sandbox) to test new CTV formats, targeting tools and programmatic buying methods.

  4. Salt Lake City, Utah, U.S.A. - February 24th 2021: Martinelli Gold Medal Sparkling Blush for festive occasions and gatherings. Fermented Apple Cider from the state of California.
    Measurement

    How Juice Brand Martinelli’s Gets To The Core Of Retail Media Incrementality

    ROAS who? Martinelli’s is testing how crisp its retail media spend really is by using a new metric called incremental ROAS.

  5. Commerce Roundup

    Marketers Have Become Followers Of The Cult Of Performance

    Over the past few years, driven primarily by AI adoption, there has been a truly radical change to how quickly and easily brands will abandon old standards of quality ­– or even decency – in the name of performance.