Compliance tools are coming out of the woodwork with less than a month to go until the California Consumer Privacy Act (CCPA) goes into effect on Jan. 1.
The latest is a consent management platform from LiveRamp released on Wednesday, which the data onboarding company built using technology it acquired from Europe-based CMP Faktor in April.
Dubbed Privacy Manager, the CMP is designed to be flexible enough to roll with the regulatory punches, said Tim Geenen, GM of Faktor, which was founded specifically to gather and account for GDPR-compliant consent.
The new version of the tool is configurable by geographical area, which is necessary since privacy regs are coming into force around the world. Beyond Europe and California, Geenen and his team have their eye on Japan, China, Australia and Brazil, and on other state-based laws in the United States, including Nevada.
“We made a switch at a core infrastructure level,” Geenen said. “Instead of having a dedicated platform, we took everything apart to build a container with logic that determines the region you’re in and decides which configuration should load based on the legislation that applies.”
In the European Union under GDPR, that means providing notice and choice options geared toward getting users to proactively share their consent. For California consumers protected by the CCPA, it means providing visitors with the opportunity to opt out of the sale of their personal information.
LiveRamp’s CMP is also interoperable with different compliance frameworks by default, including the CCPA-focused tools recently released by the Interactive Advertising Bureau and Digital Advertising Alliance, respectively, and with IAB Europe’s Transparency and Consent Framework (TCF) for GDPR.
The TCF is a good example of why a really viable CMP should be extensible. Although European data protection authorities haven’t shared concrete guidelines on whether consent strings are GDPR-compliant, they’ve intimated that the concept of porting consent through the supply chain could be considered legally dubious. If consent strings eventually fail legal scrutiny, it’s a CMP’s job to adapt.
Although one of a CMP’s main selling points is to help companies comply with their regulatory obligations by tracking user consent and approved vendors, there’s another side benefit to providing consumers with clear options about how their data is collected and used: access to better data.
“Consent is only the first step here; after that, it’s about building a relationship with the user, getting them involved in a value exchange,” Geenen said. “Once you do that, you can command better CPMs and do better addressable targeting.”
That last bit is still theoretical. But it’s only logical that publishers will be able to command higher CPMs with permissioned data when the dust settles – especially because the opposite is proving true in Europe. Geenen said he’s observed lower CPMs for data that doesn’t have an associated consent signal.
Privacy Manager is already live with several hundred brand clients across Europe and the United States, but LiveRamp expects its pipeline to grow dramatically between now and February, a month after the CCPA goes into effect.
“A lot of companies are waiting until the last minute to start figuring out how to build a solution for their site, or they’re underestimating the amount of effort it will take,” said Anneka Gupta, president and head of products and platforms at LiveRamp. “Just like with GDPR, we saw the most scrambling right before and right after the law went into effect.”
It makes sense for LiveRamp to position itself as a privacy-safe data company. LiveRamp is a nexus for the flow of consumer data across the advertising ecosystem, which is a powerful position but one that could also leave it more exposed to greater scrutiny from regulators.
It’s been debated internally whether LiveRamp is particularly vulnerable on the regulatory front, Geenen said, and the consensus has been “no.”
“And that’s because LiveRamp realized early on that if consumers don’t engage, data companies won’t exist in the future,” he said. “This [the CMP] isn’t a power play for us, it’s the realization that consumers have a voice now, and they want to see value for their data.”
