Why Your Intent Data Provider Can't Prove Consent (And Why That's Expensive)
California's DELETE Act imposes $200/day/record fines. Most intent data providers cannot prove consent for the signals they sell. Here's what that costs you.
Why Your Intent Data Provider Can't Prove Consent (And Why That's Expensive)
The intent data industry has a consent problem. Not a theoretical one. A financial one.
Most B2B intent signals are built from cross-context behavioral advertising data -- tracking users across publisher websites to infer what topics a company is researching. Under CCPA as amended by CPRA, cross-context behavioral advertising requires explicit opt-in consent. Under the California DELETE Act (effective January 2026), data brokers face fines of $200 per day per record for non-compliance.
If your intent data provider cannot produce a verifiable consent receipt for every signal they sell you, you are not just buying data. You are buying liability.
The CCPA Cross-Context Problem
CCPA Section 1798.100(d) defines "cross-context behavioral advertising" as the targeting of advertising to a consumer based on personal information obtained from the consumer's activity across businesses, distinctly-branded websites, applications, or services.
This is precisely how topic-surge intent data works. A JavaScript tag on Publisher A observes a user. The same tag on Publisher B observes the same user. The intent provider correlates these observations across publishers to build a topic interest profile. That correlation is cross-context behavioral advertising under CCPA.
Since the CPRA amendments took effect, this activity requires the consumer's opt-in consent. Not opt-out. Not "legitimate interest." Opt-in.
Ask your current intent data provider: "For each signal you sell me, can you produce a consent receipt proving the underlying consumer opted in to cross-context behavioral advertising?" If the answer is anything other than "yes, here it is," you have a problem.
The DELETE Act Math
California's DELETE Act (SB 362) created a single deletion mechanism for all registered data brokers. Consumers submit one request, and every registered broker must delete their data within 45 days.
The enforcement mechanism is what matters: $200 per day per record for non-compliance. That is not a typo. Per day. Per record.
Consider a modest scenario. Your intent data provider sells you 10,000 signals per month derived from cross-context behavioral tracking. A fraction of those signals trace back to California residents who have submitted DELETE Act requests. If 500 records are subject to deletion and your provider fails to process them for 30 days:
500 records x $200/day x 30 days = $3,000,000
That is the provider's liability. But if you, as the buyer, are re-using that data in your CRM, marketing automation, or sales outreach, you may have independent obligations as a data broker yourself.
What Data Brokers Need From Their Suppliers
If you are a data broker buying intent signals for redistribution, CCPA Section 1798.100 requires you to:
1. Know the provenance of every record. Where did this data originate? Was it collected with consent? 2. Honor deletion requests. When a consumer requests deletion, you must delete the data AND confirm deletion with your downstream buyers. 3. Maintain records of compliance. You need an audit trail proving you processed deletion requests within the required timeframe.
Most intent data providers give you a CSV or an API response. They do not give you a consent receipt. They do not give you a deletion propagation mechanism. They do not give you an audit trail.
This means you are building your pipeline on data you cannot prove you have the right to use, and you have no mechanism to comply with deletion requests when they arrive.
How SIE's ConsentReceipt JWT Solves This
Every signal that flows through SIE's pipeline carries a cryptographically signed ConsentReceipt JWT (JSON Web Token). This is not a policy document. It is a machine-verifiable proof of consent.
Each receipt contains:
- Receipt ID: Unique identifier for this specific consent event.
- Publisher ID: Which publisher site collected the consent.
- Regulation: Which regulatory framework applies (CCPA, GDPR, LGPD).
- Consents granted: Exactly which categories of data processing the user consented to.
- Consents denied: Which categories were explicitly refused.
- Cross-context disclosed: Whether cross-context behavioral advertising was disclosed in the consent banner.
- Cross-context consented: Whether the user explicitly opted in to cross-context use.
- Expiration: When the consent expires and must be re-obtained.
- Cryptographic signature: HMAC signature proving the receipt has not been tampered with.
- 10,000 signals/month at $0.50 each = $5,000/month
- One DELETE Act enforcement action = $3,000,000+
- One CCPA class action settlement = $7,500 per consumer (statutory damages)
- Reputational damage: unquantifiable
- 200 BANT-qualified signals/month at $2,500 average = $500,000/month
- DELETE Act liability: $0 (automated compliance)
- Conversion rate: 25-40% vs 5-10%
- Revenue from 60 converted signals at $80K ACV = $4,800,000/month
When you buy a signal from SIE, you can validate the consent receipt independently. You do not need to trust us. You verify the JWT signature, check the consent categories, confirm the expiration date, and store the receipt as your compliance documentation.
If a deletion request arrives through the DELETE Act mechanism, SIE's DROP (Data Rights Orchestration Protocol) sync propagates the deletion to every downstream buyer who received signals derived from that consumer's data. Automatically. With an audit trail.
The Compliance Stack Comparison
| Capability | Typical Intent Provider | SIE | |-----------|------------------------|-----| | Consent proof per signal | No | ConsentReceipt JWT | | Cross-context disclosure | Unclear | Explicit field in receipt | | Deletion propagation | Manual/none | Automated DROP sync | | Audit trail | None | Immutable chain with HMAC | | Re-identification blocking | No | k-anonymity + differential privacy | | FCRA firewall | N/A (but risky) | Hardcoded field blocks | | Suppression list sync | Manual | Automated daily sync |
The Cost of Non-Compliance vs. the Cost of SIE
Let us be direct about pricing. SIE signals cost more per unit than commodity topic signals. A basic signal starts at $1,000. A premium BANT-qualified signal is $5,000.
Here is what you are actually comparing:
Option A: Cheap intent data without consent proof
Option B: SIE signals with full consent chain
The question is not "can we afford compliant data?" The question is "can we afford data we cannot prove is compliant?"
What Happens Next
California's DELETE Act is live. CCPA enforcement is accelerating. The FTC is pursuing data brokers under Section 5. The EU's Digital Services Act adds another layer for companies with European exposure.
The regulatory direction is unambiguous: cross-context behavioral data collection without verifiable consent is becoming untenable. Companies building their pipelines on this data will need to replace their sources within 12-24 months.
You can make that transition reactively (scrambling to find new providers when enforcement hits your current one) or proactively (building on consent-proven signals now).
---
Talk to our compliance team. We will walk you through exactly how the ConsentReceipt JWT works, how DROP deletion propagation integrates with your systems, and what the transition from your current provider looks like.