Facebook was very late to the CCPA party, perhaps presuming that because its tracking Pixel is technically free, it didn’t fall under the regulation’s definition of data selling.
Enforcement of CCPA went into effect on July 1. As of that date, Facebook opted all advertisers into its new Limited Data Use solution for CCPA compliance — whether they already had a solution in place, aren’t affected by CCPA or not. The feature restricts the ability to reach and retarget California residents.
Then, as of August 1, it changed the default settings again, potentially leaving many advertisers unprotected. (Google rolled out its CCPA compliance solution, called Restricted Data Processing, last November.)
To dig into these issues and the implications for advertisers, I spoke with advertising and data intelligence experts Simon Poulton, VP of digital intelligence at Wpromote, and Akvile DeFazio, president of AKvertise, Inc. on Live with Search Engine Land.
We discussed what advertisers affected by CCPA need to do to keep their Facebook campaigns compliant, how to adjust their campaigns as a result of this change, and the impact marketers are already seeing due to Limited Data Use. We also discussed other state-level privacy regulations, the potential of a federal law and more.
Similar to the EU’s General Data Regulation Protection (GDPR), the California Consumer Protection Act provides several data privacy protections for California state residents.
- Including the Right to know what personal info a business has collected, used, shared or sold.
- The right to have that information deleted.
- The right to opt out of having their data sold.
Affected businesses must give California residents the ability to opt-out of having cookies placed on their devices.
CCPA applies to companies that qualify under one or more of the following criteria:
- Have gross annual revenues in excess of $25 million;
- Possess the personal information of 50,000 or more consumers, households, or devices; or
- Earn more than half of your annual revenue from selling consumers’ personal information
Watch the full epsiode above or skip to topics via the timestamps below.
- 0:00 Introduction
- 02:30 What is CCPA
- 05:28 What is Facebook Limited Data Use for CCPA compliance?
- 07:25 What does Limited Data Use allow you to do?
- 08:25 LDU’s scope goes beyond the Facebook Pixel
- 09:10 Technical implication challenges
- 09:54 LDU in the Facebook interface
- 11:19 Limited Data Use options in Business Manager
- 11:40 What Facebook advertisers are seeing because of Limited Data Use
- 12:28 Where do you implement the Limited Data Use flag on your site?
- 14:01 LDU, cookie management and local storage
- 15:24 LDU when the user clicks “Do not sell my information”
- 16:00 The challenge of IP addresses counting as personal information and how to handle it with LDU
- 16:56 Options in the Pixel for handling California residents
- 17:46 Performance implications of opting into LDU in Events Manager (through October 20)
- 18:24 Why you should not wait to address LDU and CCPA
- 18:55 Examples of CCPA links and user experiences on websites
- 19:30 How to set up the default coverage of LDU in Events Manager
- 20:38 The performance impact of LDU on Facebook advertisers in July and August?
- 22:20 Seeing conversions from California residents in pixel-based retargeting audiences — caveat
- 23:35 What Facebook ads without personalization looked like to a California resident
- 24:33 Many advertisers probably don’t realize they aren’t CCPA compliant now
- 24:44 Does CCPA apply to you? (Probably.) And a (relatively) simple way to apply LDU.
- 25:30 GDPR versus CCPA and data regulation trends
- 27:14 How to organize your Facebook campaigns for California
- 29:52 There is still reason to target California and where else to see performance
- 31:00 Clicks workaround to see data in Facebook
- 31:50 Lookalike audiences and Limited Data Use
- 33:55 Nobody is opting out — an anecdote
- 32:27 Using “dummy” UTMs for creating audiences and lookalikes for reaching California users
- 34:40 The value of customer data platforms, CRMs to capture opt-outs
- 35:56 Setting up opt-outs as exclusion audiences — CCPA compliant?
- 38:28 Data conversations between agencies and clients, internal stakeholders
- 40:15 Other state initiatives around privacy regulation: Maine, Utah, etc.
- 43:38 Should we expect federal privacy legislation?
- 46:15 GDPR opt-in vs. CCPA opt-out — are you in the car or out of the car?
- 47:31 How does CCPA impact other marketing technology vendors and is risk on vendor or advertiser side?
- 50:46 The beginning of the new normal for privacy and data handling
- 51:23 Why companies need to prioritize and beef up their compliance teams
- 53:40 Conclusion: Glass half full or empty?
We at Search Engine Land hope this series of live discussions, presentations, tutorials and meetups will help everyone stay sharp and up to date on tactics and best practices. If you have an idea for a session or would like to join a panel, email firstname.lastname@example.org or fill out the pitch form here.