The California Consumer Protection Act (CCPA) went into effect on the first day of 2020. Now, six months later, enforcement of CCPA has begun – meaning, businesses that fail to comply with the CCPA’s regulations can be litigated by the California Attorney General. Because the law regulates how businesses collect and use consumer data, it directly impacts Facebook advertisers targeting California users.
In an attempt to help businesses comply with CCPA during this initial phase of enforcement, Facebook has recently launched a Limited Data Use feature.
“This feature enables businesses to choose whether or not to apply restrictions to Facebook business tools data from California,” explained a Facebook product manager during a July 13 live Q&A webinar, “Businesses can implement limited data use to specify when Facebook should process data in accordance with its role as a service provider under the CCPA. When partners implement limited data use, we will use personal information that they share about people in California subject to our state-specific terms.”
While ads will still display to people in California, Facebook emphasized during the webinar that Limited Data Use will affect advertisers with a large percentage of ads delivered to California users – likely adversely impacting ad delivery and performance metrics and limiting retargeting and measurement capabilities. Not only will Facebook advertisers targeting California users likely see changes in campaign performance, they will be responsible for modifying their Facebook Business Tools to remain compliant with CCPA.
Before understanding how CCPA may impact Facebook ad campaigns and retargeting measures, it’s necessary to know who the legislation aims to protect and the businesses it will impact. Launched on January 1, 2020, CCPA was created to protect the rights of California consumers. It is the first legislation to be mandated in the U.S. since the roll out of Europe’s GDPR.
As we first reported in February, CCPA grants the following rights to California residents:
Under CCPA guidelines, these consumer rights apply to businesses that meet the following criteria:
The legal implications for Facebook advertisers who may be in violation of CCPA rules are not entirely clear. Nor is there a clear-cut understanding around what is required by businesses that may share consumer data information with third-party platforms, such as advertisers who use Facebook’s Pixel for retargeting campaigns.
What is clear is that Facebook advertisers targeting users in California will need to be make changes around how they collect and implement user data.
Facebook’s Limited Data Use feature is designed to limit how the company uses the data it receives via its Business Tools. For the advertisers that enable the Limited Data Use feature, Facebook says it will process information about people in California as the business’s Service Provider.
According to an announcement on the Facebook for Business blog, the company is giving advertisers time to implement its new Limited Data Use tool:
“There will be an initial transition period where we will automatically limit how we use data businesses send about people in California through our supported Business tools. The transition period will vary depending on the product, but for most Business Tools it will last until July 31. After the transition period, businesses will need to implement the feature to continue data use restrictions for our Business Tools.”
The transition period began on July 1 and the new feature applies to all personal information a business shares about people in California via Facebook Pixel, Server-Side API, App Events API, Offline Conversions and Audience Network SDK.
First, any businesses unsure whether or not CCPA applies to them should consult with their legal advisor to understand the full ramifications of the legislation and how it will impact their business and advertising practices.
Businesses that fall under CCPA’s guidelines that are currently targeting California users will need to update their Business Tools by August 1 to make sure their advertising efforts remain CCPA-compliant. Such efforts include enabling the Limited Data Use feature for the Facebook Pixel, Server-Side API, App Events API, Offline Conversions and Audience Network SDK.
“Many businesses might not be aware that they need to update their Facebook Pixel to avoid potential liability under CCPA because other advertising platforms (such as Google Ads) have offered centralized opt-out buttons or other solutions,” writes Simon Poulton, VP of Digital Intelligence at Wpromote, in a recent column on Search Engine Land, “At this time, the LDU [Limited Data Use] parameter is not included within the Facebook pixel by default, and you need to refer to a specific developer documentation page to review the scope of requirements.”
As Poulton clarifies in his column, Facebook’s Limited Data Use feature allows advertisers to specify which users’ data is subject to CCPA regulations. Advertisers implement the feature by making a simple modification to their existing Facebook PageView Pixel.
According to Poulton, “Developers will need to include a string within the Facebook Pixel for ‘dataProcessingOptions’ that will allow your business to specify its degree of CCPA compliance.”
There is still a lack of clarity in terms of how CCPA is being interpreted and how it will impact Facebook advertising practices. Poulton admits even he, a veteran social media advertiser, has questions. Among the concerns Facebook advertisers are still trying to figure out: How will Limited Data Use affect Custom Audiences and what should advertisers do to keep lists CCPA-compliant going forward?
For now, it is in every advertiser’s best interests to play it safe with consumer information for users in California and avoid penalties by enabling Facebook’s Limited Data Use feature.