Is Your Digital Marketing Strategy Putting You at Risk? Understanding CCPA’s New Legal Precedent
Expanding Private Right of Action
A recent class action lawsuit filed against Capital One could have major implications for digital marketers, especially those relying on tracking technologies like Google Ads, Google Analytics, and Meta Ads pixels.
This is another reminder that privacy expectations are evolving, and that marketing teams need to evolve with them.
What Happened With Capital One?
The lawsuit alleges that Capital One shared users’ personal information with third parties (like Google and Meta) without proper user consent. This wasn’t the result of a traditional data breach, however, but from common tracking technologies embedded on the company’s website.
Capital One attempted to dismiss the case, arguing that no "breach" had occurred. But the court disagreed and allowed the lawsuit to proceed, potentially expanding the California Consumer Privacy Act’s (CCPA) private right of action to include unauthorized data sharing, even when no traditional breach has taken place.
Arguments Against
Some in the marketing community view this litigation and broader enforcement of the CCPA and General Data Protection Regulation (GDPR) as overreaching.
Opponents of the lawsuit argue that:
- Tracking technologies are standard across the digital marketing industry. Most websites use these tools to measure performance and optimize user experiences.
- There are few viable alternatives to pixel-based tracking for attribution, especially for small businesses with limited resources.
- Most businesses act in good faith, simply trying to reach the right audiences more efficiently, not to exploit user data.
- Regulatory enforcement may disproportionately affect small businesses rather than the tech giants that created the underlying tools.
Arguments For
On the other hand, privacy advocates see the ruling as an overdue shift in how user data is protected. They argue that:
- Tech giants like Meta and Google have repeatedly misused user data, including violations of laws like HIPAA. For example, Meta has been investigated for using sensitive health data for hyper-targeted and, at times, predatory marketing practices.
- The issue isn’t necessarily data use, it’s consent. In almost any other context, giving consent is the baseline. But digital marketing often treats this as optional.
- As digital identities increasingly mirror real-world lives, people are understandably uncomfortable with having their browsing behavior, preferences, and health data bought and sold without their knowledge.
This lawsuit reinforces a broader principle: Individuals deserve transparency and control over their digital lives.
Whatever side you fall into, privacy compliance is the not-so-new norm. And digital marketers need to ensure they’re compliant with their organization's legal requirements.
Why This Matters For Digital Marketers
If this interpretation of the CCPA stands, it means companies could potentially be liable for what are widely considered standard tracking practices if they involve sharing personal information without proper consent, even if no security breach occurs.
And the cost? The CCPA allows for statutory damages of $100 to $750 per user, per violation. With even 100 users, penalties could exceed $10,000.
Intersection Between Marketers and Lawyers
It’s important to recognize that most marketers are not lawyers.
The job of a digital marketer is to execute marketing strategies, not write privacy policies or interpret laws. However, digital marketers are responsible for ensuring their work aligns with an organization’s legal obligations.
You should be especially cautious when working with:
- HubSpot or any platform managing first-party customer data.
- Enhanced conversions in Google Ads or other ad platforms.
- User-provided data in GA4 or other analytics platforms.
- Any tracking pixel or technology that shares user data with third parties.
For example, if you know you have to be compliant with the CCPA or GDPR, you may want to think twice about implementing enhanced conversions, even if it improves campaign performance. Doing so could create legal risks for you.
How to Stay Compliant
To align marketing practices with privacy laws like the CCPA and GDPR, businesses should:
- Implement proper data security measures to reduce the risk of unauthorized disclosures.
- Audit all digital properties and tracking technologies to understand what data is collected, how it's shared, and with whom.
- Disclose all third-party data selling or sharing in privacy policies.
- Obtain user consent before tracking, selling, or sharing personal information. This could be through cookie banners and/or checkboxes on forms.
- Provide data access and deletion options so users can review or remove their personal information (HubSpot records, ecommerce history, etc.)
Final Thoughts
Whether you see the Capital One lawsuit as an overreach or a necessary step toward stronger data protection, one thing is clear: privacy compliance is now part of the digital marketing landscape.
Digital marketers don’t need to become legal experts, but they do need to collaborate closely with legal teams to make sure marketing strategies respect the privacy rights of the people we’re trying to reach.
Looking For A Partner Who Understands Privacy Compliance?
At Cypress North, we specialize in performance marketing strategies that drive results while staying in strict alignment with your organization's legal and privacy requirements.
Our services include:
- Compliant tracking and measurement setups across GA4, Google Ads, Meta, and HubSpot.
- Consent-aware analytics and conversion tracking using Consent Management Platforms like OneTrust.
- Direct collaboration with legal and IT teams to integrate our marketing strategies with your organization’s privacy compliance framework.
Let’s talk about how we can help you build high-performance, privacy-compliant digital advertising campaigns.
Meet the Author
Jack Novorr
Jack is our Head of Data. He joined Cypress North in July 2022 and works out of our Buffalo office.
Jack has Google Analytics 4 and Google Tag Manager certifications. He's familiar with a wide range of data analytics, reporting, and visualization tools, including Looker Studio, Google BigQuery, Tableau, and Power BI.
Since joining us, Jack has grown into a leader for our data team. He works closely with our clients to help them manage, visualize, and report on their data. He also played a key role in helping our agency and our clients with the shift from Universal Google Analytics to Google Analytics 4 in 2023.
Originally from Kansas, Jack moved to Buffalo to join our team shortly after graduating from the University of Kansas with a Bachelor of Science in business analytics. While pursuing his degree, Jack gained experience writing queries for large databases, data manipulation, database management, data visualization, and general coding.
Outside of work, Jack has a cat he enjoys spending time with.
Related Resources
Using BigQuery to Overcome GA4 Data Retention Limits
Keep your GA4 data forever with BigQuery. Learn how to set up BigQuery to start storing raw GA4 data before it's gone for good.
Why US Businesses Need to Prioritize Data Privacy Now
The U.S. doesn't have a comprehensive national data privacy policy in place, but that doesn't mean businesses aren't being impacted. Learn more about the state-level policies reshaping digital marketing strategy and compliance.
![Data - Blog - Google Collab [Background]](https://cypressnorth.com/wp-content/uploads/2024/03/Data-Blog-Google-Collab-Background-640x360.jpg)
How to Get Started Using Python for Data Analysis in Google Colaboratory
Learn how to use the free Google Colab tool and perform data analysis with Python programming language in this tutorial for digital marketers and data analysts.
How to Save Universal Analytics Data
All historical data from Google’s Universal Analytics will be deleted on July 1, 2024. Learn more about what your options are for backing it up before it’s gone for good.
Is Google Analytics 4 a Tactical Move Away From Free Analytics?
There’s something fishy going on with the way that Google is handling GA4. To me, it’s playing out as a backdoor cash grab, hidden under a thin veil of a free and easy migration from UA.
Data Lakes & Data Warehouses: What Are They? (& Why Your Company Probably Needs Both)
Data lakes and data warehouses have gained increased interest from organizations in recent years for their ability to support a single source of truth for data-driven decision-making across various departments. Understanding the strengths and applications of each is important not […]
How to Get Started with GA4: A Step-by-Step Guide
Need help setting up GA4 for your company or client’s website? Look no further! This post provides a step-by-step process for creating GA4 properties and best practices to make sure necessary events are tracked and the data flowing into GA4 are accurate.
How To Change Your Google Analytics Attribution Model in GA4
One of the biggest changes to Google Analytics has arrived in 2022 - the ability to change your Google Analytics attribution models. This is a first for Google Analytics as this attribution model change will not just apply to a […]
Why You Should Set Up Google Analytics 4 Today
Let's face it. GA4 isn't GR8. Google Analytics 4 is a work in progress to put it kindly. However, in these final weeks of 2021 you have an opportunity to get GA4 installed and tuned up, giving your future self […]
What to Include in a PPC Dashboard
Learn What Metrics to Include in PPC Reports. Then, Download Our Free Data Studio Dashboard Template! Let’s be real, pay per click advertising is all about data. What campaigns are bringing in the most revenue? What landing pages are converting […]
6 Google Ads Custom Columns to Help Uncover More Data
You may already know you can create custom columns in the Google Ads online interface. But, if you're anything like me, you may not always think about how you can leverage custom columns to surface essential Google Ads performance metrics, […]
How To See Audience Performace Across Campaigns With Google Ads Reports
Google Ads makes it really easy to see performance at the campaign or ad group level, but analyzing audience performance across multiple Google Ads campaigns is easier said than done. You're left wondering.... What's working well? What's not? Combining like-minded […]
Install Google Analytics on Web Stories With the Official WordPress Plugin
You read that right - the moment we've all been waiting for is here! Google’s Web Stories plugin is out of beta and now offers the ability to install Google Analytics on Web Stories directly in the plugin. If you […]
Cross-Domain Tracking With Google Tag Manager: A Simple Guide
Cross-domain tracking can make your life a lot simpler if you find yourself having to analyze Google Analytics data from two different sites. It allows you to capture the full user journey from the moment they land on one domain […]
Why Don't Multi-Channel Funnel Reports Match Up With Other Reports in Google Analytics?
Why don't numbers from the multi-channel funnel reports match up with numbers for the same metrics in other Google Analytics reports? The discrepancy is largely due to differences in what Google considers direct traffic. Read our guide to gain a full understanding of attribution differences in Google Analytics reporting.
Exploring a New Dataset With Python Part II: Using Seaborn To Visualize Data
Welcome to Part II of Exploring a new dataset with Python! If you missed Part I: The Basics, you can check it out here. In this article, we’ll be returning to our animal mug company’s dataset to continue our exploratory […]
Exploring a New Dataset With Python: Part I
We’re taking it back to the basics in this article. Why? The day of a Digital Marketer is busy. We’re pulled in all sorts of different directions and are responsible for a lot of different things. In my personal experience, […]
Strip Query Strings From URL Data: Python For Digital Marketing
If you’ve ever spent any time in a Google Analytics account, you’re all too familiar with the fact that the data isn’t always pretty. One exceptionally common scenario that us marketers run into all the time is page data being […]
Pandas Groupby Function: Python for Digital Marketing
If you’ve been following along with our Python for Digital Marketing posts, you’ve imported data from Google Analytics into a Jupyter Notebook and may have even combined it with another dataset. If you’ve never been here in your entire life […]
Using Python To Combine Datasets For Digital Marketing
Working in digital marketing, there are several reasons why you might want to combine two datasets from two different sources together. It could be combining Google Analytics data from two different accounts or properties, or turning two different reports into […]