Now that the new California Privacy Rights Act (CPRA) has long been in effect, it’s time to clean up your pixel game. CPRA requires any business that markets to California consumers to enter into comprehensive contracts with other companies with whom they’ll share consumer data.
More so, this law has added complexity to your vendor agreements with three different agreement types – service provider, contractor or third party – one of which must be in place prior to sharing consumer data.
But do you know what your pixels are doing? Pixels are manifestations of the business relationships you have or have had with various third parties. CPRA is asking: Do these relationships continue to make sense for your businesses and your customers? Which should you keep and which should you cull?
Those pesky pixels
Since the beginning of digital marketing, website owners have placed a plethora of pixels on their sites – tiny snippets of code that websites and the ad tech ecosystem use to gather information about visitors. It could be in the form of a 1×1 transparent image or the Twitter logo.
It’s just one line of javascript, but if you’ve been in the business as long as I have, you’ll recall a ton of stories about data leakage that are a direct result of those pesky pixels.
Basically, a marketer would enter into an advertising or marketing agreement with a partner and implement the pixels of their partners to collect data. That data could be used for retargeting, attribution, measurement, fraud or other purposes.
Pixels are incredibly difficult and time-consuming to implement and can be even harder to remove. When the contract ends, those pixels are supposed to stop collecting data, but that isn’t always the case. Consequently, all sites have at least some zombie pixels that are capable of transferring consumer data.
With the introduction of CPRA, this represents danger and risk. You now have a legal obligation to perform due diligence and assess your vendors, as well as have a comprehensive contract in place with the owners of those pixels.
I’ll give you a current example: When Elon Musk took over Twitter and flouted the brand safety norms of the industry, the headlines were about brand managers who paused advertising on Twitter. But there’s a difference between pausing advertising and disabling a pixel.
The responsible marketer must now ask basic questions, such as: Is there a server at Twitter that is still on? Is it still receiving my users’ personal data? If you can’t answer these questions with any kind of certainty, assume the worst: Twitter is still receiving my data and using it to build audiences.
Clean up your website
With CPRA and other emerging privacy laws, those pixels, whether they’re active or zombies, could be a liability you haven’t considered before. Your privacy policy won’t protect you if you don’t know what the third-party pixels on your site are doing. That’s why it’s imperative every business answer some hard questions, such as:
- Do you have a complete list of the pixels on your site, regardless of their status?
- Do you know where the data those pixels are collecting is going? Do you know how they are using it? Do you have the right contract with that vendor?
- Have you analyzed all of the pixels in your stack? Do you need them all? Do you still use them all? What can you get rid of?
- Do you have an agreement with your counterparties, as CPRA now requires of all companies that do business with California residents?
You need to take action based on your answers to these questions. If you opt to sever a relationship, take the time to remove that party’s pixel from your site. If you opt to continue a relationship, ensure you have a comprehensive contract in place, as required by law.
Pixel cleaning may seem like a drag, but it’s actually a blessing in disguise. It’s smart business to know who is on your site and has access to your consumer data. Your customers expect you to keep their data safe. Sweeping your site of zombie or unneeded pixels is an important part of ensuring your data safety and mitigating brand risk.
So I repeat my question. It’s 10:00 pm: Do you know where your pixels are?
“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Follow SafeGuard Privacy and AdExchanger on LinkedIn.
For more articles featuring Richy Glassberg, click here.
