California Consumer Protection Act (CCPA)

For Facebook advertisers, CCPA = WTF Right Now

Posted in Industry News, Paid Social

Posted on July 20th, 2020

After a lot of ballyhoo the past year or so around the forthcoming California Consumer Protection Act (CCPA), it finally rolled out on July 2nd.

Many media buyers came back from the July 4th holiday and promptly proceeded to tear their collective hair out, with Facebook Ad results that plummeted overnight in many accounts.

While the full impact of the CCPA is yet to really be known, Facebook made an aggressive move for the month of July that essentially wiped out targetable users in CA. Panic ensued, and even lawyers weren’t sure how to address how it should be handled yet.

What Exactly is the CCPA?

First, let’s define what it is, as best we can. Disclaimer: We are not lawyers, and none of this should be taken as legal advice. Please consult an attorney for direction on your specific situation.

This is a state level protection for the California consumer. The idea behind it is much like the inception of GDPR: consumers have a right to have a say in how their information is used.

Unlike the GDPR, the CCPA is “opt out,” so it’s assumed a user will be ok unless they say otherwise. That’s in contrast to GDPR, which has you opt into sharing your information.

The first thing to understand is CCPA doesn’t apply to all businesses. There are stipulations for which are subject to it, which includes the following (only one of these three criteria need apply for a business to be subject to CCPA):

  • those with gross annual revenue over $25m
  • over 50,000 users’/households’/devices’-worth of information per year
  • those who earn more than half their annual revenue for selling that information

What Did Facebook Do?

While this new edict applies to all websites, it was felt most on Facebook. They took a rather aggressive stance on it – likely due to their continued heartburn from privacy issues being raised for many years, along with being a California-headquartered company.

When it went into effect on July 2nd, Facebook basically assumed no one was in compliance, and disabled retargeting to California users.

Naturally, results plummeted. As anyone who has made sudden, large changes in their Facebook accounts knows, the algorithm tends to go into a tailspin and loses a ton of efficiency.

What Do Advertisers Need to Do?

First, consult a lawyer. Find out (FOR SURE) if this applies to you or not.

Once you know, Facebook has created what is essentially an “opt out” and “opt in” feature they call “Limited Data Use.”

The automatically disabling that happened for July isn’t permanent. It is essentially working as a stopgap to protect brands from compliance misses, and putting it on them to then say if it should or shouldn’t apply to them.

This transitional period is supposed to last through July 31st. After that, things will revert back, and it’s on the advertisers to implement the Facebook feature for “Limited Data Use.”

In the meantime, most media buyers are putting California users into their own ad sets or Campaigns so the algorithm can re-optimize their buys using only the data that they’re able to. Many are reporting rebounding results since doing so.

The Limited Data Use Feature

In situations where someone in California visits a site that has the Facebook pixel, they may decline to have their information tracked – but then what? Advertisers need to make sure it isn’t used in Facebook, but there isn’t an easy way to do that without – you guessed it – disabling all of California.

Facebook has introduced a flag that essentially lets the pixel know not to track that user further through a feature called Limited Data Use. It lets them continue to be a service provider that intakes the user-level detail to be compliant at a state level.

If, during July, an advertiser finds they don’t have to worry about CCPA, they can override the feature. This is located in the Pixel screen, under the Settings feature:

If the new law DOES apply to a business, advertisers shouldn’t touch that button.

If it does NOT, they will need to add the Limited Data Use code (commonly now called ‘LDU’). It can be implemented using automatic geolocation, or via users specifying their own geography.

There are options for applying it to the Pixel, via APIs, and the SDK for apps. The full documentation for all you dev-heads can be found here.

 

Subscribe Today

We'll keep you updated on the latest Aimclear musings & appearances

Join the Conversation

Your email address will not be published. Required fields are marked *