Learn why every Facebook advertiser is at risk of CCPA non-compliance, and how should they respond

Earlier in the year, Facebook had launched a feature called Limited Data Use (LDU) to help their customers, advertisers & publishers, comply with California Consumer Privacy Act (CCPA) compliance. You can learn all about LDU here.

In a nutshell, Facebook used LDU to limit or block processing California residents personal data to allow businesses time to comply with CCPA.

Under CCPA, which started enforcement July 1st, 2020 when consumers exercise the ‘Do Not Sell’ request, the companies are legally required to honor their consent and stop selling or processing consumer’s existing and collected personal data.

For-profit businesses that met one of the following criterion were required to comply with CCPA:

• Greater than $25m in gross annual revenue
• Obtains or shares personal information of at least 50,000 California residents, households, and/or devices per year
• At least 50% of their annual revenue is generated from selling California residents’ personal information

To help its customers comply with CCPA, Facebook automatically enabled LDU for all Facebook business accounts and personal information shared through the following Facebook products.

• Facebook Pixel
• Server-Side API
• App Events API
• Offline Conversions

With this feature ON businesses were compliant with CCPA. Facebook would auto-identify all California residents and ensure their data isn’t being processed. Businesses had the option to turn it off if they weren’t serving California residents.

After October 20, 2020 Facebook turned this feature OFF by default, putting the onus on the business to identify California residents, and inform Facebook not to process their data, if they chose to opt-out.

Businesses can still use LDU, but if they use it broadly it would limit their ability to retarget users impacting marketing performance. Arguably, since CCPA does not require publishers to obtain opt-in consent of users but based on an opt-out consent regime, businesses can enable the LDU flag for only Californian residents who opt-out of sharing their personal information.

With this balanced approach, advertisers can reach a larger segment of the California residents population without being non-compliant with CCPA.

How can we help?

securiti.ai offers Cookie consent and Universal consent products that can be deployed within days to help businesses comply with CCPA. We help you track where visitors on your website come from, and for California residents manage user consent by asking and collecting opt-out requests on your websites. These opt-out notices are used to notify Facebook that user data shouldn’t be processed. Advertisers and publishers can create an audit trail to demonstrate compliance. In this way, advertisers and publishers can ensure they are always compliant with CCPA.

Get started within minutes by using our free trial or contact us to learn more.