Home Privacy The IAB/IAB Tech Lab Publish A Compliance Framework For CCPA And Public Comments Are Open

The IAB/IAB Tech Lab Publish A Compliance Framework For CCPA And Public Comments Are Open

SHARE:

The California Consumer Privacy Act wants to make opting out of data collection as easy as clicking a button. But for publishers, advertisers and ad tech companies, it’s not so simple.

On Tuesday, the Interactive Advertising Bureau and the IAB Tech Lab released the first draft of a compliance framework to help companies handle the practicalities of the law. The framework will be in a public comment period through Nov. 5.

The industry is still struggling to interpret parts of the CCPA despite the recently published initial draft of the California attorney general’s implementation regs. Although the regs clarify parts of the statute, there are still a bunch of open questions, including exactly what the CCPA-mandated “Do Not Sell My Personal Information” button should look like.

It’s also unclear exactly what back-end mechanisms will exist to enable companies to actually honor their CCPA obligations. When someone opts out, it has to mean something.

And with the CCPA effective date bearing down – it’s less than 70 days until Jan. 1, 2020 – businesses don’t have time to wait for all the ambiguities to be resolved before taking action to comply, said Michael Hahn, an SVP and general counsel at the IAB.

Master contract

The IAB/IAB Tech Lab’s compliance framework draft consists of two components: a standardized contract for use between publishers and their partners, and a series of technical specs so companies can follow through on the contract.

The master contract specifically defines the relationship between a publisher and other companies involved in real-time bidding, clarifying everyone’s responsibility when a consumer opts out of the sale of personal information.

This is extra important because the CCPA distinguishes between third parties and service providers – and ad tech vendors can be defined as either. “Under the CCPA, you can be different things at different points in time based on the relationship and the particular circumstances under which you’re receiving data,” Hahn explained.

Unlike a third party, which has greater latitude in the use of properly collected data as long as someone hasn’t opted out, a service provider, according to CCPA, is only allowed to use data for very specific, limited business purposes, such as auditing or fraud detection.

In the IAB’s view, when a consumer doesn’t opt out, an ad tech company is a third party that purchases information from publishers. But when a consumer hits that “Do Not Sell” button, the downstream ad tech company is contractually bound to act as a service provider, which means putting service provider-like constraints on the use of the data.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

“The concept behind this is that there needs to be real meaning when a consumer opts out,” Hahn said. “That can be done by changing to a service provider relationship, which provides a means of real accountability.”

The tech specs

But a contract isn’t enforceable unless publishers and tech companies can see whether someone has opted out of the sale of data or not.

And so the compliance framework proposal also includes a set of three technical specifications from the IAB Tech Lab designed to help companies implement their service provider contracts.

The first is a “US privacy string” that’s similar in spirit to the Transparency and Consent Framework developed by the IAB Tech Lab and IAB Europe last year to share consent information with third-party vendors under the EU’s General Data Protection Regulation. In this case, the string contains information about whether a consumer was given the proper disclosures and the opportunity to opt out.

The second spec is a privacy user signal API that would be used by sites and apps to transmit info, aka functional cookies, through the US privacy string, while the third spec outlines an extension that would allow companies to pass CCPA-related information within OpenRTB transactions, such as whether the data collection process was kosher.

The contract and the specs aim to “strike a balance” between honoring consumer preferences and helping companies comply with the CCPA in “a way that doesn’t disrupt the value exchange, their products or their services,” said Dave Grimaldi, EVP for public policy at the IAB.

“I think we’ve done that here,” Grimaldi said. “But the comment period will hopefully shed meaningful light on tweaks we can make and gaps we need to fill so we can make this thing better.”

Must Read

Comic: Gamechanger (Google lost the DOJ's search antitrust case)

Judge Mehta’s Remedies For Google’s Search Monopoly Won’t Cure What Ails Publishers

Remedies in the federal search antitrust case against Google landed with a thud earlier this week. Most publishers and ad industry pundits were sorely disappointed.

Conversion APIs Are Becoming Table Stakes – But Not All Brands Have Bought In

CAPI integrations have moved from a nice-to-have to a necessity for anyone operating within walled garden environments. Now they’re laying the groundwork for an outcomes-driven ad ecosystem.

Peppa Pig

The Media And Retail Deals Behind The Peppa Pig Franchise Expansion

Peppa Pig is everywhere. Whether or not you have children, you likely know the little girl pig from the kid’s cartoon show. But the Peppa media franchise is just getting started.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

How A For-Profit College Is Using CTV Ads To Win Over New Students

The American College of Education partnered with performance TV company MNTN to better reach its audience of adults seeking higher education.

Critics Say The Trade Desk Is Forcing Kokai Adoption, But Apparently It’s Up To Agencies

Is TTD forcing agencies to adopt the new Kokai interface despite claims they can still use the interface of their choice? Here’s what we were able to find out.

Why Big Brand Price Increases Will Flatten Ad Budgets

Product prices and marketing budgets are flip sides of the same coin. But the phase-in effects of tariffs, combined with vicissitudes of global weather and commodity production, challenge that truism.