Our previous article outlining the birth of the consent economy warned that the initial waves of privacy regulation in the U.S. are growing stronger. The recent news that California voters passed Proposition 24 proves the point. It also elevates conversation around what the future may hold in terms of national regulation, especially given California’s large influence on the tech industry.

Proposition 24 is better known as the California Privacy Rights Act (CPRA) and builds upon the existing California Consumer Privacy Act (CCPA) passed in 2018. CCPA left room for interpretation, particularly around whether selling targeted ads qualified as selling California residents’ personal information. The CPRA goes one step further in expanding the rights of California’s citizens through new consent definitions among other things. 

While the CPRA won’t be enforceable until 2023, it could severely impact publisher revenue. The added uncertainty around any federal or additional state regulations coming out prior to the deadline makes immediate action a smart choice. If stricter federal regulation rolls out, it will be important to have set the groundwork that will give yourself a head start.

Anticipating what’s to come 

The European privacy regulation landscape offers parallels, that can and should be drawn from, as we face a similar trajectory.

The existing CCPA borrows heavily from the “right to be forgotten” principle enshrined in the European Union’s General Data Protection Regulation (GDPR). To make it easier for publishers to process first-party user data and to obtain consent in compliance with the rules laid down by GDPR, the IAB Europe created the Transparency & Consent Framework (TCF). 

As the shortcomings of TCF v 1.0 became apparent, TCF v 2.0 was introduced to clarify and strengthen the regulatory framework. This dialing up of control measures is exactly what we’re seeing play out in California with the passage of CPRA as an addendum to the CCPA.  

The CCPA limited “selling” data. However, the CPRA is closer in nature to the relationship between the GDPR and TCF by now including restrictions on sharing of personal information as well. Publishers will be required to allow citizens to opt-out and the CPRA. It requires that all third parties with whom a data owner may have sold or shared information be notified as well.   

This new regulation also establishes an enforcement arm. This would be the first agency dedicated to privacy rights enforcement in the U.S. The five-person board will appoint a Chief Privacy Auditor in a structure similar in nature to the GDPR’s European Data Protection Board. In this latest version, California will now have the authority to levy larger fines, which has already occurred with GDPR violations. 

The lessons learned from GDPR and CCPA can help anticipate the future. There’s no doubt that publishers are entering challenging territory with these regulatory demands and the concerns around ad blocking further compounding the path to protecting and growing revenue. Publishers should only be fearful if they are unprepared in their strategy for how to monetize both a consented and non-consented user.

Revenue diversification in the consent economy

The time is now to challenge old belief systems. With the passage and evolution of new regulations, one must begin taking the first steps in the inevitable long-term journey towards revenue diversification. The reality of garnering 100% consent has shown itself to be elusive, if not impossible. In European markets, depending on the country, we have seen anywhere from 50-80% consent adoption. With outcomes like this, having a proper plan in place will enable you to monetize both consented and non-consented traffic, starting with how your ad server is configured and building the initial infrastructure.

When a user provides consent, most of your current monetization partners and policies will be fine and won’t require additional changes. When user consent isn’t provided, a shift in tactics is required. You’ll need to work with partners that will still have the ability to serve ads when user consent is not present. And keep in mind that you should always beware any provider who requires access to your user data to do this. In these situations, contextual targeting and semantic targeting can serve as effective and compliant alternatives.

Even when ad supported situations are off the table, other options exist. A subscription-based limited- or ad free experience, as we’ve seen publishers like Business Insider and The New York Times create, offers additional revenue streams while still staying true to the essence of your brand. 

Another option is to consider ecommerce as it aligns with your brand and brand experience. Publishers like BuzzFeed, Hearst, and Meredith have taken this route through online stores, licensing agreements, and product development. These additional revenue streams increase the long-term value of your audience while still providing value. 

Welcome to the new frontier

This new frontier can be intimidating. However, publishers who successfully diversify revenue streams will be positioned best for long-term sustainability. With the user now occupying a seat at the table, the consent economy can also be seen as an opportunity for publishers. 

Respecting the wishes of the user always pays in garnering trust and attention. This balance between respecting data privacy and delivering on expectations for personalized interactions, not only protects existing revenue, but could also lead to revenue growth through new audiences. Taking the first step now sets you on the path to positioning yourself well for survival in this new consent economy.