CCPA Compliance Challenges on Facebook: Limited Data Use
Read about the CCPA compliance challenges on Facebook. Once July 31 hits, Facebook will require businesses to update their pixel to include an LDU parameter. Join the webinar on July 22 to learn more.
The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, and the enforcement date recently passed on July 1. But the regulation is causing confusion for some businesses — especially for those when data-sharing relationships exist, like the ones between every advertiser and Facebook.
This week, Facebook announced a new feature called Limited Data Use (LDU) that will have an impact on Facebook ad buyers and potentially your marketing performance. From July 1 through July 31, LDU has been automatically enabled for all Facebook business accounts, limiting the way user data can be stored and processed for users that Facebook identifies as residents of the state of California.
The feature automatically detects if a user resides in California, and applies limited data use rules. Once July 31 hits, Facebook will require businesses to update their pixel to include an LDU parameter.
Before diving in to the LDU, let’s review the CCPA. Some of the basic CCPA requirements are:
- Information being collected must be transparent about what data they collect, the purpose for it, and any third parties it may be shared with
- A business must delete the data if it’s requested by the user
- Consumers can opt out of their data being sold through a “Do Not Sell” button on link on a website
CCPA applies to businesses targeting residents of California, regardless of where the business is located. If your business is marketing to California residents on Facebook, you must be compliant or you may open your business to liability and possible penalties.
CCPA Compliance with Facebook’s LDU
Facebook LDU enables advertisers to specify which data should be subject to CCPA data management. The company has outlined the specific ways user data will be limited in their list of state-specific terms.
To detect if a user resides in California, you must modify the existing Facebook PageView pixel to include a string within the Facebook pixel for ‘dataProcessingOptions’. The string will allow for an advertiser to control if it is identifying a user in California or if would prefer for Facebook to handle the auto-identification.
The major consequence is that this could have a large impact on overall performance and retargeting for residents of California. Per Facebook, “When Limited Data Use is enabled, businesses may notice an impact to campaign performance and effectiveness, and retargeting and measurement capabilities will be limited.”
What to Do Before July 31
Facebook has not been the most communicative about CCPA compliance and its use of data, which means you (and your business) are solely responsible for assessing and taking actions. Here are the two options to take to use Facebook’s new feature:
Option 1 (recommended): Leverage OneTrust PreferenceChoice to build and implement a Consent Management Platform that provides users the choice to opt-out of tracking. You would then only enable LDU for the users who opt out, which will also disable the Facebook pixel from firing. This will likely allow you to deliver ads based on behavior and retarget ads as usual if California users decide not to opt out.
Option 2: If the user has been identified as a California resident, enable the LDU string on all instances of the PageView tag firing. The major downside is that California residents will be excluded from re-marketing campaigns so you will likely see a large performance hit.
Whichever option makes more sense for your business, be sure you update your Facebook pixel accordingly to protect your advertising spend and avoid getting fined. As a reminder, if no action is taken before August 1, your brand could face non-compliant charges.
For more information on how OneTrust PreferenceChoice can help, request a demo with an expert.