Facebook Launches Limited Data Use Compliance Feature as CCPA Enforcement Goes into Effect

Akvile DeFazio
July 14th, 2020
Akvile DeFazio

The California Consumer Protection Act (CCPA) went into effect on the first day of 2020. Now, six months later, enforcement of CCPA has begun – meaning, businesses that fail to comply with the CCPA’s regulations can be litigated by the California Attorney General. Because the law regulates how businesses collect and use consumer data, it directly impacts Facebook advertisers targeting California users.

In an attempt to help businesses comply with CCPA during this initial phase of enforcement, Facebook has recently launched a Limited Data Use feature.

“This feature enables businesses to choose whether or not to apply restrictions to Facebook business tools data from California,” explained a Facebook product manager during a July 13 live Q&A webinar, “Businesses can implement limited data use to specify when Facebook should process data in accordance with its role as a service provider under the CCPA. When partners implement limited data use, we will use personal information that they share about people in California subject to our state-specific terms.”

While ads will still display to people in California, Facebook emphasized during the webinar that Limited Data Use will affect advertisers with a large percentage of ads delivered to California users – likely adversely impacting ad delivery and performance metrics and limiting retargeting and measurement capabilities. Not only will Facebook advertisers targeting California users likely see changes in campaign performance, they will be responsible for modifying their Facebook Business Tools to remain compliant with CCPA.

A quick recap of CCPA

Before understanding how CCPA may impact Facebook ad campaigns and retargeting measures, it’s necessary to know who the legislation aims to protect and the businesses it will impact. Launched on January 1, 2020, CCPA was created to protect the rights of California consumers. It is the first legislation to be mandated in the U.S. since the roll out of Europe’s GDPR.

As we first reported in February, CCPA grants the following rights to California residents:

  • The right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information.
  • The right to delete personal information held by businesses and by extension, a business’s service provider.
  • The right to opt-out of sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13.
  • The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.

Under CCPA guidelines, these consumer rights apply to businesses that meet the following criteria:

  • Have a gross annual revenue in excess of $25 million.
  • Buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices.
  • Derive 50% or more of their annual revenue from selling consumers’ personal information.
  • Businesses that handle the personal information of more than four million consumers will have additional obligations.

The legal implications for Facebook advertisers who may be in violation of CCPA rules are not entirely clear. Nor is there a clear-cut understanding around what is required by businesses that may share consumer data information with third-party platforms, such as advertisers who use Facebook’s Pixel for retargeting campaigns.

What is clear is that Facebook advertisers targeting users in California will need to be make changes around how they collect and implement user data.

Facebook’s new Limited Data Use Feature

Facebook’s Limited Data Use feature is designed to limit how the company uses the data it receives via its Business Tools. For the advertisers that enable the Limited Data Use feature, Facebook says it will process information about people in California as the business’s Service Provider.

According to an announcement on the Facebook for Business blog, the company is giving advertisers time to implement its new Limited Data Use tool:

“There will be an initial transition period where we will automatically limit how we use data businesses send about people in California through our supported Business tools. The transition period will vary depending on the product, but for most Business Tools it will last until July 31. After the transition period, businesses will need to implement the feature to continue data use restrictions for our Business Tools.”

The transition period began on July 1 and the new feature applies to all personal information a business shares about people in California via Facebook Pixel, Server-Side API, App Events API, Offline Conversions and Audience Network SDK.

Updating Your Facebook Business Tools

First, any businesses unsure whether or not CCPA applies to them should consult with their legal advisor to understand the full ramifications of the legislation and how it will impact their business and advertising practices.

Businesses that fall under CCPA’s guidelines that are currently targeting California users will need to update their Business Tools by August 1 to make sure their advertising efforts remain CCPA-compliant. Such efforts include enabling the Limited Data Use feature for the Facebook Pixel, Server-Side API, App Events API, Offline Conversions and Audience Network SDK.

“Many businesses might not be aware that they need to update their Facebook Pixel to avoid potential liability under CCPA because other advertising platforms (such as Google Ads) have offered centralized opt-out buttons or other solutions,” writes Simon Poulton, VP of Digital Intelligence at Wpromote, in a recent column on Search Engine Land, “At this time, the LDU [Limited Data Use] parameter is not included within the Facebook pixel by default, and you need to refer to a specific developer documentation page to review the scope of requirements.”

As Poulton clarifies in his column, Facebook’s Limited Data Use feature allows advertisers to specify which users’ data is subject to CCPA regulations. Advertisers implement the feature by making a simple modification to their existing Facebook PageView Pixel.

According to Poulton, “Developers will need to include a string within the Facebook Pixel for ‘dataProcessingOptions’ that will allow your business to specify its degree of CCPA compliance.”

There is still a lack of clarity in terms of how CCPA is being interpreted and how it will impact Facebook advertising practices. Poulton admits even he, a veteran social media advertiser, has questions. Among the concerns Facebook advertisers are still trying to figure out: How will Limited Data Use affect Custom Audiences and what should advertisers do to keep lists CCPA-compliant going forward?

For now, it is in every advertiser’s best interests to play it safe with consumer information for users in California and avoid penalties by enabling Facebook’s Limited Data Use feature.


Comments are now closed.