IMPACT Inbound Marketing Agency]

They Ask, You Answer Mastery

A coaching & training program that drives unmatched sales & marketing results.


Sales Performance Mastery

Improve the competencies and close rates of your sales organization.

Web design

Website Mastery

Web design, development & training for your team.


HubSpot Mastery

Everything you need to get the most from HubSpot.

AI Mastery

AI Enablement Mastery

Unlock the power of AI in all aspects of your revenue operations.

Discover how IMPACT’s services can help take your business to the next level. Book a free 30-minute coaching session Book a free 30-minute coaching session
Learning Center
Learning Center

Learning Center

Free resources to help you improve the way you market, sell and grow your business.

[NEW] The Endless Customers Podcast is now available everywhere. Learn how to earn trust & win more customers in the age of AI. Listen Now Listen Now

Free Assessment: How does your sales & marketing measure up?

Close Bottom Left Popup Offer

Free Assessment:

How does your sales & marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.
Dylan Lepak

By Dylan Lepak

Dec 11, 2019


News Marketing Strategy Data Security
Join 40,000+ sales and marketing pros who receive our weekly newsletter.

Get the most relevant, actionable digital sales and marketing insights you need to make smarter decisions faster... all in under five minutes.

Thanks, stay tuned for our upcoming edition.
News  |   Marketing Strategy  |   Data Security

IAB releases CCPA compliance framework ahead of Jan. 1 rollout

Dylan Lepak

By Dylan Lepak

Dec 11, 2019

IAB releases CCPA compliance framework ahead of Jan. 1 rollout

The California Consumer Privacy Act (CCPA) has been looming on the horizon for over a year now, but we've all been in-the-dark when it comes to implementation.

CCPA officially takes effect on January 1st, and marketers are scrambling to make sense of the madness. To help soothe the transition, the Interactive Advertising Bureau (IAB) recently released its CCPA Framework — which will help marketers clear the CCPA fog when it comes to ad targeting and publisher data.

Let's take a look.

A CCPA refresher

The California Consumer Privacy Act (CCPA) was created on June 28, 2018, and goes into effect on January 1st, 2020. Broadly, CCPA means to protect consumers' data in California, but it has implications for every business in the United States. Since it impacts any brand that is "doing business with California residents," it's safe to assume that it applies to hundreds of brands nationwide — as long as they meet one or more of the following criteria:

  • Have $25 million or more in annual revenue
  • Possess the "personal data" (this includes basically any type of consumer data) of more than 50,000 consumers
  • Earns over 50% of revenue from selling consumer data

However, other states have announced plans to enact similar laws, and Microsoft has already promised to extend CCPA protections to all customers in the US. 


The European Union's General Data Protection Regulation (GDPR) already covers similar grounds, has a similar scope (albeit a more granular one), and loosely defines "personal data" to be an all-encompassing term. Overall, GDPR compliance is stricter, more defined, and provides more rights to consumers, except in two specific ways:

  1. CCPA forces marketers to include an opt-out "Do Not Sell My Personal Information" link. Consumers can click this link to altogether opt-out of ALL data collection services.
  2. CCPA defines new roles (that GDPR doesn't) in the consumer data ecosystem, namely "Service Providers" and "Third Parties."

This is where things start to get tricky.

How do third-party entities like ad tech vendors know if consumers opted out? The relationships between third-party vendors, brands, and consumers has the potential to be headache-inducing.

Overall, CCPA requires that ad tech vendors have a clearer, more transparent relationship with brands. But that's "on paper." How does that process actually take place, and what kind of tech is required to enable that relationship?

Programmatic advertising and CCPA

To be entirely honest, CCPA isn't a tough sell. GDPR has a far more rigid set of rules, and the bulk of CCPA is already included in GDPR.

Currently, every marketer should be following GDPR guidelines (or at least using tools that automate GDPR compliance.) So, it shouldn't be surprising that this new IAB CCPA Framework is remarkably similar to the Transparency and Consent Framework (TCF) developed by IAB's Europe team for GDPR.

But they're not identical.

The most significant difference is the opt-out link. Vendors need to immediately be aware that the opt-out link has been clicked to control their programmatic spend and utilization. To facilitate this shared ecosystem, IAB has created a methodology and technology for alerting third-party ad tech vendors that consumers have opted out.

According to IAB:

"When a user clicks [the 'Do Not Sell My Personal Information'] link, a signal is sent to the technology companies with which the publishers do business via a technical mechanism that is based upon specifications developed by the IAB Tech Lab."

Once this signal is received by the ad tech company, it ceases the sale of consumer information for that individual, and it causes all downstream tech companies handling that consumer's data to switch their roles over to "service providers" — changing how they're legally able to interact with data under CCPA guidelines.

All of this is facilitated by an agreement signed between the ad tech company and the brand, creating a new, fluid legal relationship that promotes transparency throughout the data lifecycle.

This has benefits for both parties.

Brands can ensure that consumer data is only being utilized in accordance with CCPA for policy and regulatory control. Ad tech providers and third-party programmatic ad companies can simplify their contract workflows by utilizing a single agreement instead of a cluster of smaller contracts for each client.

It's a win-win.

What does this mean for marketers?

In the big scheme of things, this will end up with marketers adding a new plugin and signing a new agreement. The IAB CCPA Framework will likely get granular changes over the coming years. Still, most of the burden of this particular framework falls on the ad tech companies and tech providers.

Google has already announced that it's implementing IAB standards for its CCPA compliance at the beginning of next year, so IAB will likely be the go-to agreement signed with tech vendors.

Expect to see some of these agreements when you sign up for that next tech contract. While Google and other vendors dragged their heels when it came to adopting outside party GDPR frameworks, the relative speed of CCPA's enactment has caused a bit of a stir in the tech community.

So, it's safe to say that most companies will be happy to have a consistent framework to build on.

Free Assessment:

How does your sales & marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.