Subscribe
Join 40,000+ sales and marketing pros who receive our 4x a week insights, tips, and best practices.
Thank you! You have been subscribed.

Free Guide: The Ultimate Inbound Marketing Strategy Playbook 2022

Download the Playbook
Fill out the form to get your playbook
Thank you! You have been subscribed.
... Inbound Marketing Marketing Strategy
Close
The Ultimate Inbound Marketing Strategy Playbook 2022

Free Guide:

The Ultimate Inbound Marketing Strategy Playbook 2022
Read the Playbook
The Ultimate Inbound Marketing Strategy Playbook 2022
Free Inbound Marketing Playbook
View The Ultimate Inbound Marketing Strategy Playbook 2022
The Ultimate Inbound Marketing Strategy Playbook 2022

Free Guide:

Take your inbound strategy to the next level

  • Master the 7 principles of highly effective inbound marketing
  • Dramatically improve your inbound sales
  • Get more buy-in at your company

IAB releases CCPA compliance framework ahead of Jan. 1 rollout

By Dylan Lepak

Dylan Lepak also recommends this free guide: The Ultimate Inbound Marketing Strategy Playbook 2022.

IAB releases CCPA compliance framework ahead of Jan. 1 rollout

The California Consumer Privacy Act (CCPA) has been looming on the horizon for over a year now, but we've all been in-the-dark when it comes to implementation.

Free Guide: The Ultimate Inbound Marketing Strategy Playbook 2022

CCPA officially takes effect on January 1st, and marketers are scrambling to make sense of the madness. To help soothe the transition, the Interactive Advertising Bureau (IAB) recently released its CCPA Framework — which will help marketers clear the CCPA fog when it comes to ad targeting and publisher data.

Let's take a look.

A CCPA refresher

The California Consumer Privacy Act (CCPA) was created on June 28, 2018, and goes into effect on January 1st, 2020. Broadly, CCPA means to protect consumers' data in California, but it has implications for every business in the United States. Since it impacts any brand that is "doing business with California residents," it's safe to assume that it applies to hundreds of brands nationwide — as long as they meet one or more of the following criteria:

  • Have $25 million or more in annual revenue
  • Possess the "personal data" (this includes basically any type of consumer data) of more than 50,000 consumers
  • Earns over 50% of revenue from selling consumer data

However, other states have announced plans to enact similar laws, and Microsoft has already promised to extend CCPA protections to all customers in the US. 

CCPA vs GDPR

The European Union's General Data Protection Regulation (GDPR) already covers similar grounds, has a similar scope (albeit a more granular one), and loosely defines "personal data" to be an all-encompassing term. Overall, GDPR compliance is stricter, more defined, and provides more rights to consumers, except in two specific ways:

  1. CCPA forces marketers to include an opt-out "Do Not Sell My Personal Information" link. Consumers can click this link to altogether opt-out of ALL data collection services.
  2. CCPA defines new roles (that GDPR doesn't) in the consumer data ecosystem, namely "Service Providers" and "Third Parties."

This is where things start to get tricky.

How do third-party entities like ad tech vendors know if consumers opted out? The relationships between third-party vendors, brands, and consumers has the potential to be headache-inducing.

Overall, CCPA requires that ad tech vendors have a clearer, more transparent relationship with brands. But that's "on paper." How does that process actually take place, and what kind of tech is required to enable that relationship?

Programmatic advertising and CCPA

To be entirely honest, CCPA isn't a tough sell. GDPR has a far more rigid set of rules, and the bulk of CCPA is already included in GDPR.

Currently, every marketer should be following GDPR guidelines (or at least using tools that automate GDPR compliance.) So, it shouldn't be surprising that this new IAB CCPA Framework is remarkably similar to the Transparency and Consent Framework (TCF) developed by IAB's Europe team for GDPR.

But they're not identical.

The most significant difference is the opt-out link. Vendors need to immediately be aware that the opt-out link has been clicked to control their programmatic spend and utilization. To facilitate this shared ecosystem, IAB has created a methodology and technology for alerting third-party ad tech vendors that consumers have opted out.

According to IAB:

"When a user clicks [the 'Do Not Sell My Personal Information'] link, a signal is sent to the technology companies with which the publishers do business via a technical mechanism that is based upon specifications developed by the IAB Tech Lab."

Once this signal is received by the ad tech company, it ceases the sale of consumer information for that individual, and it causes all downstream tech companies handling that consumer's data to switch their roles over to "service providers" — changing how they're legally able to interact with data under CCPA guidelines.

All of this is facilitated by an agreement signed between the ad tech company and the brand, creating a new, fluid legal relationship that promotes transparency throughout the data lifecycle.

This has benefits for both parties.

Brands can ensure that consumer data is only being utilized in accordance with CCPA for policy and regulatory control. Ad tech providers and third-party programmatic ad companies can simplify their contract workflows by utilizing a single agreement instead of a cluster of smaller contracts for each client.

It's a win-win.

What does this mean for marketers?

In the big scheme of things, this will end up with marketers adding a new plugin and signing a new agreement. The IAB CCPA Framework will likely get granular changes over the coming years. Still, most of the burden of this particular framework falls on the ad tech companies and tech providers.

Google has already announced that it's implementing IAB standards for its CCPA compliance at the beginning of next year, so IAB will likely be the go-to agreement signed with tech vendors.

Expect to see some of these agreements when you sign up for that next tech contract. While Google and other vendors dragged their heels when it came to adopting outside party GDPR frameworks, the relative speed of CCPA's enactment has caused a bit of a stir in the tech community.

So, it's safe to say that most companies will be happy to have a consistent framework to build on.

The Ultimate Inbound Marketing Strategy Playbook 2022

Free Guide:

The Ultimate Inbound Marketing Strategy Playbook 2022
Read the Playbook
The Ultimate Inbound Marketing Strategy Playbook 2022

Free Guide:

The Ultimate Inbound Marketing Strategy Playbook 2022

Take your inbound strategy to the next level

  • Master the 7 principles of highly effective inbound marketing
  • Dramatically improve your inbound sales
  • Get more buy-in at your company

Topics:

News
Marketing Strategy
Data Security
Published on December 11, 2019

Recent Articles

INBOUND 2021 Recap: Takeaways, Speakers, and Lessons Learned
October 25, 2021 • 7 min read
Drift report on pandemic fallout reveals seismic shift in marketing strategy
September 9, 2021 • 3 min read
Google Shares New Tools to Audit Website User Experience
August 12, 2021 • 3 min read
Google: Website Content Quality More Important Than Quantity
August 10, 2021 • 3 min read
New HubSpot CMS Hub Starter Tier Released for Growing Businesses
August 6, 2021 • 4 min read
Why most marketing 'news' doesn't matter to inbound marketers
August 3, 2021 • 4 min read
Gartner: Slashed 2021 marketing budgets increases in-house ownership
July 30, 2021 • 6 min read
ICYMI: Digital Marketing News Update for July 26, 2021
July 26, 2021 • 6 min read
How to Optimize Videos On Your Business Website for Search
July 23, 2021 • 4 min read
Data: 'Funny' seniors imagery is not only demeaning, it's inaccurate
July 21, 2021 • 4 min read
ICYMI: Digital Marketing News Update for July 19, 2021
July 19, 2021 • 6 min read
Google: 'Here's how to prepare for the future private web'
July 16, 2021 • 4 min read
How Facebook's news feed algorithm works and prioritizes content
July 14, 2021 • 4 min read
ICYMI: Digital marketing news update for July 12, 2021
July 12, 2021 • 5 min read
Too many internal links in content can confuse Google about site structure
July 9, 2021 • 5 min read
Data: Facebook is No. 1 in revenue value for publishers, Twitter is a bust
July 7, 2021 • 4 min read
ICYMI: Digital marketing news update for July 6, 2021
July 6, 2021 • 5 min read
Google July 2021 core update rolling out over next 2 weeks
July 2, 2021 • 4 min read
ICYMI: Digital marketing news update for June 28, 2021
June 28, 2021 • 6 min read
Google punts third-party cookie ban to 2023 for 'responsible planning'
June 25, 2021 • 6 min read
ICYMI: Digital marketing news update for June 21, 2021
June 21, 2021 • 5 min read
Finally, Google page experience core update is rolling out
June 18, 2021 • 3 min read
Apple Mail privacy news spooks email marketers, newsletter creators
June 16, 2021 • 4 min read
ICYMI: Digital marketing news update for June 14, 2021
June 14, 2021 • 6 min read
ICYMI: Digital marketing news update for June 7, 2021
June 7, 2021 • 6 min read