Cyber Privacy

The start of the new year brought a major change in privacy laws in California, and like consumer safety laws of the past, the change in statute in the biggest state in America is likely to impact how streamers and podcasters do business nationwide. The California Consumer Privacy Act, or CCPA, requires companies to inform users of how they monetize their data. It also mandates that consumers be given a way to opt-out of having their data used.

The law requires compliance from any company with more than $25 million in annual revenue – or that makes more than half of its revenue from the sale of personal data about California residents. But the other threshold is more likely to impact many audio streamers and podcasters. It says if the company collects data on 50,000 or more California residents it must comply with the law.

CCPA gives California residents the right to know what information is being collected about them, including the IP address that many audio streamers and podcasters store in order to do marketing and advertising attribution. “Even though an IP address on its own does not necessarily identify a particular person or household, IP addresses can be associated with other information to do so, and thus are considered personal information under the CCPA,” said Chartable in a white paper about the new law. California residents also have the right to access the information collected and who that information is being sold to. CCPA also gives residents the right to force a company to delete their personal information. The law also specifically says a company cannot block a resident from using their product just because they exercise those rights. For podcasters, that would mean a listener who says a company cannot collect and sell their information can also not block the download of a show. Businesses will be allowed, however, to offer financial incentives to users who do allow them to collect and monetize their data.

The new law has led many companies to update their privacy disclosures to explicitly tell users what sorts of personal information is being gathered and sold. Most now also include instructions on how a user can delete that data and opt-out of its sale.

The new law has already led to some changes among podcasters. “These changes are important in light of CCPA and we feel it is important for the long-term growth of the space to extend these privacy protections to all listeners globally,” said Libsyn in an announcement. The podcast hosting company has put the focus on the prepends and prefixes which use special URLs to redirect listeners to a third-party server for metrics gathering for shows it hosts. Rob Walch, Libsyn’s VP of Podcaster Relations, said most weren’t sharing listener information or were willing to change their practices to no longer share personal information for podcasts hosted by Libsyn.

On an episode of the company’s The Feed podcast, Walch said a “tiny number” weren’t willing to make the change however, saying it has meant 22 of the roughly 67,000 shows it hosts were either blocked or removed for using prepends or prefixes that aren’t CCPA compliant. He also noted that the big companies, such as Blubrry and Podtrac that represent thousands of shows, were not affected. “We are only doing this to protect listeners’ privacy and for the betterment of the space. We will not allow any company to have their prefix or prepend added if they refuse to commit to not sharing any IP, personal information for any listeners globally,” said Walch. “We believe the steps taken by Libsyn are a big step forward for privacy protection for listeners and we hope others in the space will follow suit.”

Six Month Grace Period

For others scrambling to comply, there is a six-month grace period. CCPA took effect Jan. 1 although the California Attorney General Xavier Becerra has said his office will not begin enforcing the new requirements until July 1. Violators would be hit with monetary fines. “Ignorance of the law is not an excuse,” Becerra told the San Francisco Chronicle last month. Meantime, several other states are looking at similar laws which may prompt many podcasters and online companies to simply put the new rules into effect for all users, not just those living in California.

There are also new efforts in Washington to pass a federal version of the law. The Consumer Technology Association, which opposed CCPA regulations, has said it would prefer a national statute. “A common-sense federal privacy law would also be welcome to even start-ups, entrepreneurs and all businesses can follow a uniform set of principles to protect consumer data,” CTA said in a statement.

Advertisers are already working to deal with the impact. Several big trade groups, including the Interactive Advertising Bureau, the Association of National Advertisers and the 4As, have created the Digital Advertising Alliance which is spearheading the digital ad community’s effort to offer opt-out tools to consumers. Consumers will be able to access the tools through standardized CCPA-specific links on publisher sites and apps that include a new green icon.