Home Data-Driven Thinking New Utah And Connecticut Data Privacy Laws Are Coming. Are You Ready?
OPINION: Data-Driven Thinking

New Utah And Connecticut Data Privacy Laws Are Coming. Are You Ready?

By AdExchanger Guest Columnist

SHARE:
Emilie Kuijt, data protection officer at AppsFlyer
Emilie Kuijt Data Protection Officer

Another day. Another privacy law. *Cue emergency marketing meeting.*

Marketers might as well go ahead and add “tightrope walker” to their list of skills. The delicate balance between personalization and stringent privacy laws is just as precarious as a high-wire act. 

Research shows that 66% of consumers want personalized ads, but nearly half of them are uncomfortable sharing any data. And with Utah and Connecticut joining California, Virginia and Colorado to become the fourth and fifth states to enact data privacy laws, marketers can’t seem to catch a break. 

While experts believe these new laws are similar to those already in effect, any new regulations can potentially throw a wrench into your operations. Prepare for what’s to come with this breakdown of what these laws are and their effects on marketing strategy. 

Utah’s Privacy Act (UCPA): Narrow scope, broad exemptions for SMBs

Utah’s Privacy Act (UCPA) that goes into effect on December 31, 2023, bears a close resemblance to Virginia’s Consumer Data Protection Act. If you switched up your strategy to align with that law in 2021, you should be able to pivot quickly for UCPA. 

Like Virginia’s privacy act, UCPA gives consumers the right to access personal information that businesses collect on them. It also allows them to request deletion or to obtain a “portable copy” of the data. Additionally, consumers can also opt out of sharing their data for targeted advertising. 

Utah’s act is being hailed as more business-friendly than Virginia’s. Thanks to its narrower scope, it offers some exemptions to SMBs. 

Does this law apply to your business? 

The UCPA only applies if: 

  • You conduct business in Utah
  • Your annual revenue exceeds $25 million USD and
  • Your company deals with fewer than 100,000 consumers or
  • Less than 50% of your gross revenue comes from selling consumer data

In general, nonprofits are excluded from this law. Any data covered by another privacy law, such as HIPAA, or a public records law, such as tax rolls, would also be exempt. 

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Daily Roundup

Daily News Roundup

Is This TikTok Ban, Like, Happening?; DTC Darlings Lose Their Retail Darling

Connecticut’s Privacy Act (CTDPA): Similar but stringent?

Provisions in the Connecticut Data Privacy Act (CTDPA) that allow consumers to opt out of targeted advertising, profiling and data sales are stricter than in similar laws passed in California, Colorado, Virginia and Utah. The law also prevents “the right to cure,” meaning companies won’t be able to fix violations to avoid penalties. The law goes into effect on July 1, 2023.

Does the act apply to your brand?

The Connecticut law only applies if:

  • You conduct business in Connecticut
  • Your company handles the personal data of 100,000 consumers or more (not including data used to make payments) or
  • Your company handles the personal data of 25,000 consumers or more and made over 25% of its gross revenue from selling personal data.

Though the exemptions in this law are similar to Utah’s, there is no annual revenue threshold, so there’s no relief for small businesses. 

Importantly, both the Connecticut law and the Utah law require explicit consent to obtain children’s data.

How to prepare for these laws: Save this checklist

If you’re a data privacy champion and are GDPR compliant, you’re likely already in compliance with these new regulations. If not, here’s a checklist to get ahead of what’s to come: 

  • Provide a clear and easily accessible privacy policy that contains:
    • Categories of personal data you collect and reasons for collecting it (FYI: Consumers are more likely to share data if you’re transparent)
    • Categories of personal data you share with third parties (if applicable) and the categories of third parties you share data with
    • An active email address or online form consumers can use to contact you
  • Provide users with a clear and prominent way to opt out of the sale of their personal data to third parties, and an equally simple way to opt out of targeted advertising (the link or button must be clear and conspicuous on your site)
  • Collect only relevant and necessary data and ensure data is used only for intended purposes; don’t collect any sensitive data
  • Obtain explicit consent from all users, especially for consumers 16-19 years old
  • Don’t obtain consent through “dark patterns” and offer an easy way to revoke consent; stop processing data after consent is revoked
  • Work with data governance teams to:
    • Document all data collected 
    • Identify what falls under “personal data”
    • Design data architecture to minimize data collection

Sidestep the privacy-personalization paradox 

In addition to the five states that have already signed privacy bills into law, there are 21 considering privacy legislation. More are sure to follow. 

These fragmented privacy laws mean marketers will have a harder time developing loyal relationships with customers. And as consumers become aware of the dangers of being constantly surveilled, they’ll adopt privacy measures like VPNs. Measuring your marketing efforts could become a tall order.

Opt out of the waiting game. Stop hoping new privacy laws won’t make both customer-facing campaigns and internal measurement harder. Future-proof your marketing by making privacy the focal point of your marketing efforts.

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Follow AppsFlyer and AdExchanger on LinkedIn.

Must Read

Comic: InstaTikSnapTokTube
digital video

The IAB Predicts Social Video Will Overtake CTV This Year

The IAB projects digital video ad spend will rise to $63 billion in 2024, representing a 16% increase from last year. Of the three video ad categories the report breaks out (social and online video and CTV), the clear winner is social video.

Pictograph of graph, mug of beer
Marketers

Inside AB InBev’s Strategy For Tapping Into First-Party Data

Pour one out for third-party data. These days, AB InBev’s digital marketing strategy is built squarely on first-party data.

Measurement

4A’s Measurement Committee Says New Currencies Aren’t Ready For Prime Time – Yet

The 4A’s measurement committee, a working group for marketers and media buyers to discuss their opinions and concerns about video ad measurement, has some thoughts on the status of alternative TV currencies.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
AdExchanger Commerce

How Chinese Sellers Are Quietly Reshaping US Consumer Habits

American consumers are buying more and more online products directly from Chinese manufacturers. It’s an important change, though many online shoppers are unaware.

AdExplainer

T-Commerce Vs. Shoppable TV

Television commerce, or T-commerce, is similar to shoppable TV: both refer to buying something you see on television. But shoppable TV is far more nascent – and also has different implications on attribution.

commerce

Why White Claw’s Parent Company Is Pouring Investment Into Headless Commerce

A booze brand and a “headless commerce” platform walk into a meeting with the CFO. That might sound like the setup for a punchline, but it’s just how mar tech works these days.

Popular

  1. One more year ...
    Chrome privacy sandbox

    Google Won’t Pull Cookies In 2024

    Google announces it’s delaying its self-imposed deadline to deprecate third-party cookies on Chrome for the third time.

  2. Comic: Not-So-Secret Sauce
    Publishers

    The NY Post Is Turning First-Party Data Into Direct Deals, With A Little Help From Its Friends

    To build a first-party data strategy, the NY Post contracted Permutive and Prohaska Consulting for advice on monetizing its audience data and growing its addressable audience. The collaboration prompted Permutive and Prohaska to expand their combined services to all publishers.

  3. Pictograph of graph, mug of beer
    Marketers

    Inside AB InBev’s Strategy For Tapping Into First-Party Data

    Pour one out for third-party data. These days, AB InBev’s digital marketing strategy is built squarely on first-party data.

  4. Publishers

    The Trade Desk’s OpenPass Adds Rewards As It Pursues Wider Adoption

    Bonbon gives users rewards – such as discounts or chances to win merchandise – for setting up email registrations with publishers. Now The Trade Desk’s OpenPass will include that same rewards functionality.

  5. Investment

    Streaming Platforms Must Become Performance Channels To Stay On Wall Street’s Good Side

    Streaming services with the best chances of survival are those that can turn their media into a performance marketing channel with targeting and attribution that looks and feels like digital advertising – at least according to investors on Wall Street.