skip to main content
CookiePro Blog October 23, 2019

IAB Releases CCPA Compliance Framework Draft

Yesterday, the IAB and IAB Tech Lab released the CCPA Compliance Framework for Publishers and Technology Companies for public comment in response to the upcoming California Consumer Privacy Act (CCPA).

The CCPA Compliance Framework was crafted by the IAB Privacy and Compliance Unit, which includes representatives and experts from legal, public policy, and technology companies. The multi-stakeholder unit created the framework to be used by publishers and technology companies engaged in RTB (Right to Bid) transactions in the digital advertising industry.

In this post, we’ll walk through the new framework and the technical specifications.

Who are the IAB CCPA Framework Participants?

The proposed framework is intended to be used by publishers and advertisers (otherwise known as Digital Properties) and downstream framework participants that engage or support RTB (Right To Bid) transactions in the digital advertising industry.

  • Signatories: Any company that signs the IAB Limited Service Provider Agreement.
  • Publisher Digital Properties: Website or app owners that display ads to California residents
  • Advertiser Digital Properties: Brands that operate or publish web pages that display ads to California residents
  • Downstream Framework Participants: Agencies, SSPs (Supply-Side Platforms), DSPs (Demand-Side Platforms), ad servers, or publishers that receive personal information about California residents through the Publisher Digital Property or Advertiser Digital Property.

Proposed Framework

The framework creates a contractual relationship between Digital Properties and the Downstream Framework Participants to enforce limitations on the use of data and mechanisms for accountability when a consumer opts-out of the sale of their information.

Requirements

The framework requires participants to:

  • Include information about the rights of consumers under CCPA
  • Explain in explicit, clear terms what will happen to the collected data and provide visitors with the opportunity to opt-out of the sale of their personal information. (What is The California Explicit Notice?)
  • Add a “Do Not Sell My Personal Information” link on their website or app with an explicit notice that sends a signal to downstream framework participants when clicked or preset the signal to opt-out.
  • Communicate to downstream framework participants via corresponding signals that disclosures were given

Guidelines

The framework provides the following guidelines:

  • How publishers should communicate information about California residents’ rights, including the ability to opt-out of the “sale” of their personal information
  • How publishers should communicate to partners across the open internet supply chain that a California resident has opted out of the sale of his or her personal information
  • How partner companies must operate after a consumer has opted out of the sale of their personal information

Components

There are two main components of the framework:

  • A contract that binds supply chain partners to behaviors to meet the law’s provisions
  • Technical specifications to guide companies on how to implement the contract

The Do Not Sell Rule

Companies that collect and sell California resident’s personal information and operate websites must provide a clear and conspicuous link on their website, titled “Do Not Sell My Personal Information“. This link or button must allow the consumer or person authorized by the consumer, to opt-out of the sale of their personal information.

Depending on how this is implemented and how many consumers choose to opt-out, “do not sell” could be disruptive to publisher ad revenues and data companies.

Now What?

IAB and IAB Tech Lab are asking publishers and participants in the digital advertising industry to provide feedback on the draft by November 5, 2019. Shortly after, a final draft is intended to be released before CCPA goes into effect. Those who wish to comment on the Framework should send their remarks to [email protected].

The CookiePro team will continue to monitor this framework and provide updates to keep you informed.


CCPA Do Not Sell WordPress Plugin

CCPA Do Not Sell WordPress Plugin

If you have a WordPress website, the CookiePro CCPA Do Not Sell Plugin offers an easy-to-use interface where you can customize and embed a floating action button or link on your website to give visitors the ability to exercise their rights and opt-out of personalized advertisements.

When a visitor clicks on the Do Not Sell button, a modal pops up with key information such as links to your privacy policy and consumer request form, as well as contact information (email address + phone number). Using CookiePro CCPA Consumer Rights Management, businesses can set up both an online intake form for consumer requests and a toll-free number for phone requests.

CookiePro by OneTrust

CookiePro supports the new IAB Europe Transparency and Consent Framework version 2.0 (IAB TCF v2.0), Google AdSense and Ad Manager, Salesforce DMP, mParticle, FreeWheel, Adobe Advertising Cloud, Google AMP, OTT, Connected TV, social integrations like Facebook Pixel and Facebook Lookalike audiences, DAA AdChoices and dozens of other consent triggers and standard across mobile and web.

Resources:

Recent Posts

[WEBINAR] Prepare for CCPA with CookiePro
[WEBINAR] Prepare for CCPA with CookiePro
Join the CookiePro team for a CCPA preparation webinar on Friday, November 22 at 11:30 pm.
+ View Article
CCPA Compliance Checklist: 8-Week Countdown
CCPA Compliance Checklist: 8-Week Countdown
Learn about #3 off of our CCPA Compliance Checklist which focuses on the consumer right called the Right to Inform.
+ View Article
Mobile-Responsive Consent Management is Key
Mobile-Responsive Consent Management is Key
With the increase of web browsing on mobile devices and tablets, it's important to partner with a consent management tool that provides...
+ View Article
CookiePro Sponsors Seattle WordPress WordCamp
CookiePro Sponsors Seattle WordPress WordCamp
CookiePro is heading to Seattle to participate in the WordPress WordCamp Seattle to connect with WordPress enthusiasts from around the...
+ View Article