Join our webinar on democratizing data in the cloud with Forrester, Snowflake and TIAA - Sign up here

Start Now


July 1 - July 31 (With option to extend until Oct 20)

  • What happened: Facebook turns ON a feature to limit processing California residents data by default
  • What was the impact: Ensured all Facebook customers (advertisers and publishers) are compliant with CCPA, but limited their ability to re-target California residents
  • What are the consequences: Organizations are CCPA compliant, but their marketing performance suffers since there is no re-targeting for any California residents
  • Optimal solution: Organizations should identify California residents and ask/honor their consent before sharing their personal information with Facebook for further processing

After Oct 20

  • What happened: Facebook turns OFF the feature that limits processing of California residents personal data
  • What was the impact: Advertisers and publishers potentially at risk of processing all customers data (including California residents) without consent
  • What are the consequences: If no action is taken, organizations are not compliant with CCPA and potentially at risk of fines
  • Optimal solution: Organizations should identify California residents and ask/honor their consent before sharing their personal information with Facebook for further processing

Earlier in the year, Facebook had launched a feature called Limited Data Use (LDU) to help their customers, advertisers & publishers, comply with California Consumer Privacy Act (CCPA) compliance. You can learn all about LDU here.

In a nutshell, Facebook used LDU to limit or block processing California residents personal data to allow businesses time to comply with CCPA.

Under CCPA, which started enforcement July 1st, 2020 when consumers exercise the ‘Do Not Sell’ request, the companies are legally required to honor their consent and stop selling or processing consumer’s existing and collected personal data.

For-profit businesses that met one of the following criterion were required to comply with CCPA:

  • Greater than $25m in gross annual revenue
  • Obtains or shares personal information of at least 50,000 California residents, households, and/or devices per year
  • At least 50% of their annual revenue is generated from selling California residents’ personal information

To help its customers comply with CCPA, Facebook automatically enabled LDU for all Facebook business accounts and personal information shared through the following Facebook products.

  • Facebook Pixel
  • Server-Side API
  • App Events API
  • Offline Conversions

With this feature ON businesses were compliant with CCPA. Facebook would auto-identify all California residents and ensure their data isn’t being processed. Businesses had the option to turn it off if they weren’t serving California residents.

After October 20, 2020 Facebook turned this feature OFF by default, putting the onus on the business to identify California residents, and inform Facebook not to process their data, if they chose to opt-out.

Businesses can still use LDU, but if they use it broadly it would limit their ability to retarget users impacting marketing performance. Arguably, since CCPA does not require publishers to obtain opt-in consent of users but based on an opt-out consent regime, businesses can enable the LDU flag for only Californian residents who opt-out of sharing their personal information.

With this balanced approach, advertisers can reach a larger segment of the California residents population without being non-compliant with CCPA.

How can we help? offers Cookie consent and Universal consent products that can be deployed within days to help businesses comply with CCPA. We help you track where visitors on your website come from, and for California residents manage user consent by asking and collecting opt-out requests on your websites. These opt-out notices are used to notify Facebook that user data shouldn’t be processed. Advertisers and publishers can create an audit trail to demonstrate compliance. In this way, advertisers and publishers can ensure they are always compliant with CCPA.

Get started within minutes by using our free trial or contact us to learn more.

Share this

Our Videos

View More

China’s PIPL

China has drafted its new data protection law, Personal Information Protection Law (PIPL) that will strengthen the regulatory framework for privacy and data protection in China.

Learn More
View More

South Africa’s POPIA

The video gives an overview of South Africa's Protection of Personal Information Act (POPIA).

Learn More
privacy policy and notice management View More

Dynamic Privacy Policies & Notices

Automatically Update & Refresh Your Policies and Notices

Learn More
View More

Universal Consent & Preference Management

Simplify and automate universal consent management

Learn More
View More

Cookie Consent Management

Automate and manage the entire consent life cycle with efficiency for various cookie compliance regulations around the world.

Learn More
View More

Sensitive Data Intelligence

Discover granular insights into all aspects of your privacy and security functions while reducing security risks and lowering the overall costs

Learn More

Democratize your data without compromising security and privacy
Register Now