'Most Innovative Startup 2020' by RSA - Watch the pitch video

View More
swiss-privacy

Summary

July 1 - July 31 (With option to extend until Oct 20)

  • What happened: Facebook turns ON a feature to limit processing California residents data by default
  • What was the impact: Ensured all Facebook customers (advertisers and publishers) are compliant with CCPA, but limited their ability to re-target California residents
  • What are the consequences: Organizations are CCPA compliant, but their marketing performance suffers since there is no re-targeting for any California residents
  • Optimal solution: Organizations should identify California residents and ask/honor their consent before sharing their personal information with Facebook for further processing

After Oct 20

  • What happened: Facebook turns OFF the feature that limits processing of California residents personal data
  • What was the impact: Advertisers and publishers potentially at risk of processing all customers data (including California residents) without consent
  • What are the consequences: If no action is taken, organizations are not compliant with CCPA and potentially at risk of fines
  • Optimal solution: Organizations should identify California residents and ask/honor their consent before sharing their personal information with Facebook for further processing

Earlier in the year, Facebook had launched a feature called Limited Data Use (LDU) to help their customers, advertisers & publishers, comply with California Consumer Privacy Act (CCPA) compliance. You can learn all about LDU here.

In a nutshell, Facebook used LDU to limit or block processing California residents personal data to allow businesses time to comply with CCPA.

Under CCPA, which started enforcement July 1st, 2020 when consumers exercise the ‘Do Not Sell’ request, the companies are legally required to honor their consent and stop selling or processing consumer’s existing and collected personal data.

For-profit businesses that met one of the following criterion were required to comply with CCPA:

  • Greater than $25m in gross annual revenue
  • Obtains or shares personal information of at least 50,000 California residents, households, and/or devices per year
  • At least 50% of their annual revenue is generated from selling California residents’ personal information

To help its customers comply with CCPA, Facebook automatically enabled LDU for all Facebook business accounts and personal information shared through the following Facebook products.

  • Facebook Pixel
  • Server-Side API
  • App Events API
  • Offline Conversions

With this feature ON businesses were compliant with CCPA. Facebook would auto-identify all California residents and ensure their data isn’t being processed. Businesses had the option to turn it off if they weren’t serving California residents.

After October 20, 2020 Facebook turned this feature OFF by default, putting the onus on the business to identify California residents, and inform Facebook not to process their data, if they chose to opt-out.

Businesses can still use LDU, but if they use it broadly it would limit their ability to retarget users impacting marketing performance. Arguably, since CCPA does not require publishers to obtain opt-in consent of users but based on an opt-out consent regime, businesses can enable the LDU flag for only Californian residents who opt-out of sharing their personal information.

With this balanced approach, advertisers can reach a larger segment of the California residents population without being non-compliant with CCPA.

How can we help?

SECURITI.ai offers Cookie consent and Universal consent products that can be deployed within days to help businesses comply with CCPA. We help you track where visitors on your website come from, and for California residents manage user consent by asking and collecting opt-out requests on your websites. These opt-out notices are used to notify Facebook that user data shouldn’t be processed. Advertisers and publishers can create an audit trail to demonstrate compliance. In this way, advertisers and publishers can ensure they are always compliant with CCPA.

Get started within minutes by using our free trial or contact us to learn more.

Share this

Our Videos

View More
3:00

Data Intelligence

Discover granular insights into all aspects of your privacy and security functions while reducing security risks and lowering the overall costs

Learn More
data mapping video thumbnail View More
3:00

Data Mapping Automation

Simplify gathering information, dynamically update your data catalog, and automate assessments and reports

Learn More
View More
02:40

An IT Leader’s Perspective on CCPA

Meet Brian Lillie, Former CPO at Equinix as he discusses the potential challenges of CCPA and how the PrivacyOps framework can be the key to unlocking compliance.

Learn More
Most Innovative Startup 2020 SECURITI.ai View More
03:42

RSA Innovation Sandbox 2020: SECURITI.ai

Watch the 3-minute pitch presented by Rehan Jalil on SECURITI.ai in the RSAC Sandbox Competition

Learn More
CCPA View More
07:10

CCPA Compliance

CCPA protects consumers from mismanagement of their personal data and gives the consumer control over what data is collected, processed, shared or sold.

Learn More
Assessment Automation View More
2:25

Internal Assessment Automation

Audit once and comply with many regulations. Collaborate and track all internal assessments in one place.

Learn More