Consumer Data Protection Chain Reaction

Consumer Data Protection is seeing the beginning of a global domino effect which started in May in the EU, and has now travelled to California, USA. If you’ve got any customers in the EU then you’ve been subject to GDPR legislation. The California Consumer Privacy Act has just become law in the US State of California. Now the taper has been lit it’s only a matter of time before this State Law, or the ethos behind it, becomes national Federal US law.

There have been numerous catalysts to the chain reaction getting started, but the most infamous was the Cambridge Analytica case. However, the groundswell of consumer data protection has come from the more savvy and empowered consumers themselves. The regulation is a reflection of what consumers see have become their human rights, so brands who push against this tide are only going to further undermine consumer trust.

While regulation is a stick to beat reluctant organisations into line on personal data protection, enlightened brands will look beyond the compliance issues and see an opportunity to rebuild consumer trust through organisational change.

Legislation to protect consumer data is a good catalyst for brands to reexamine how they approach customer relationships, and the opportunity to create value – for brands and the customer – by moving to a business model that puts customer engagement at its core. In other words, legislation is an opportunity for organisations to refocus on the customer, restoring trust and value to the relationship.

“The Consumer Privacy Act will allow consumers to take control of and make informed choices about their own data, control that fosters a healthy relationship to technology and overall digital well-being,” said Elizabeth Galicia, from Common Sense Media, which co-sponsored the bill in California. What she’s talking about here for brands who embrace the act is a healthy relationship with customers.

“The Consumer Privacy Act will allow consumers to take control of and make informed choices about their own data, control that fosters a healthy relationship to technology and overall digital well-being”


Disappointingly some big brands (Facebook, Google, Amazon, etc) formed an alliance to try and oppose the new law in California being passed. The fact it was passed in the face of their opposition is a clear signal which way this tide is turning.

There are differences – and some would argue the new Californian law doesn’t go far enough. The new law only targets bigger businesses (those who have data records on over 50k consumers) whereas GDPR is focused on all consumer interests, no matter how small the organisation they’re interacting with.

The other major difference is the penalty. Companies who violate the Californian law could be penalised up to $7,500 for each violation, paltry compared to GDPR infringement (max fine of €20m or 4% of the company’s global turnover), and perhaps a cost some stubborn short-sighted brands will be willing to take a hit on rather than change.

Either way, for brands resisting this change, the longer-term cost will be to break consumer trust and undermine customer relationships, which has to far outweigh any operational cost of managing the implications of the regulation.  Trust is a key element of customer engagement and building consumer trust has become a top priority for many CEOs. Forward-thinking brands are taking the operational impacts now to build long-term, sustainable ways to ensure the consumer is at the core of everything they do, which includes how their data is protected and managed.

Are you ready? Don’t you want to be reassuringly ahead of this tide change?


The Guardian: This article is more than 1 year old California passes ‘strongest in nation’ privacy bill limiting data harvesting

Reuters: California lawmakers approve data-privacy bill opposed by Silicon Valley