The California Consumer Protection Act (CCPA): What Is It and Will It Affect Your Facebook and Google Campaigns
Have you heard of the CCPA or the California Consumer Privacy Act, but clueless what it ACTUALLY is? Here’s the Easy to Understand Version of what it is and then the slightly more detailed version on How It Will Affect Your Facebook and Google Ads Campaigns.
Please note, we are an ad agency, not a law firm. Nothing you read in this article should be taken as legal counsel. We can find you quality leads, not innocence.
What CCPA is in a digital nutshell
- The CCPA allows Californians to opt-out of companies following them like Digital Big Brother around the web, thus giving Californians more privacy and having their data better protected.
- Right now only larger companies (revenue over $25MM or over 50,000 users) have to follow these rules– like ensuring any Californian can opt-out of being followed on their website.
- The State of California can now seek legal action against these companies who violate these new data protection standards.
- After two years of debates, the Act finally went into effect on January 1, 2020.
- Facebook applied the opt-out across the board on Facebook for everyone in California initially– which had a terrible effect on advertisers who sell to Californians.
- Facebook created a tool, Limited Data Use (LDU), that allows businesses to manage how they track Californians. They are requiring this to be implemented by July 31, 2020.
So, it’s basically the GDPR for Americans?
Kinda. There are some ways in which the GDPR and CCPA are similar and also several ways in which they are different. At their core, they are similar because they were both developed to protect consumer data and give data usage permission to the consumer.
The main difference between the two is the opt-in vs opt-out. This difference is crucial. It determines how you ensure you comply.
The GDPR makes privacy the default. Unless European users specifically opt-in to allowing companies to collect, track, and use their data, they are opted-out by default. On the flip side, the CCPA allows data to be tracked and used but requires that consumers be given the ability to see what’s collected and opt-out of any further collecting. Californians are by default, opted-in, until choosing to opt-out.
This difference is huge. It changes the marketing strategies, legalities, and intricate details of how each Act is enforced.
Three factors determine if the CCPA applies to your company:
If you don’t meet one of these requirements, this probably does not apply to you and you aren’t at risk of a hefty fine (we’re talking $2,500 per user per piece of data, hefty).
- Company’s gross annual revenue is at least $25 million
- Company gathers data on more than 50,000 users
- More than half of company’s annual revenue is made from selling consumer data
If your company does not meet one of these requirements, then the CCPA probably won’t affect you (for now). If your company does fall under one of these, we advise you to take it extremely seriously. There was a six month grace period from January 1, 2020, to July 1, 2020, to give companies some leeway at making changes to get compliant. As soon as that grace period expired, major class-action lawsuits against companies such as The Minted, Wal-Mart, and Ring began rolling in.
So if your company doesn’t meet the above requirements, are you in the clear?
Even if your company does not meet the above requirements you still might be affected if you use Facebook or Google advertising in California. While Facebook and Google DO meet these requirements, it’s still unclear how much of the responsibility is passed from them to their advertisers. Right now, however, it seems like you won’t be affected (yet). This is a bit murky and once again, we aren’t lawyers. Read on to see what options you have to be on the safe side.
If you advertise to California residents on Facebook, here’s what to do:
Review their Limited Data Use
Facebook introduced a feature called Limited Data Use, which gives businesses the ability to control the use of data in advertising and help remain compliant under the CCPA. Limited Data Use was automatically put on all advertiser accounts through July 31, 2020, but as of August 1st advertisers will need to take action to protect themselves.
Since CCPA is an opt-out law, the main thing you need to ensure is that if California consumers opt-out of tracking, are you ensuring that tracking of them stops? To ensure it stops, you should apply the Limited Data Use flag in your Facebook pixel.
Decide what level you want to opt-out all Californians
When you modify your pixel, you can code it to automatically detect if a user is in California, or if you (the advertiser) wants to be in control of monitoring that. It lets you decide to what level you want to be compliant.
- Do you want to automatically opt-out everyone? While you’re guaranteed to be compliant, it’s not going to be great for your bottom line.
- Do you want to only opt out the Californians that officially opted out? Right now, it’s not that many. This may be a good balance (for now).
- Not do anything. Despite not being a lawyer– we feel confident saying– don’t do this if you are a company that is subject to this law.
If you’re advertising on Google, segment your audiences now
Similar to Facebook, Google gives advertisers and developers the ability to restrict certain data processing to meet their compliance requirements. This can be connected so that an opt-out on your website (more on that later) connects into Google to stop tracking, storing data on and advertising to those who opt-out. To add an extra layer of protection, advertisers can also enable restricted data processing for anyone in California.
There are two ways to add protection to your Google Ads, you can program a piece of code into the global site tag, or Google offers a checkbox in the audience manager where you can set this feature.
Segment by State
Many advertisers are already reporting advertising results tanking due to CCPA. One of the most basic things an advertiser can do to protect their results is to segment. If you’ve been running ads with audiences mixed across states, it is time to stop.
By segmenting ads to California residents apart from other states, you’ll be able to see, review, and track the results of your ads in California vs not in California.
It’s highly likely that once California forges this path, many other states will follow. By segmenting your audiences now, viewing the results, and learning to market under different targeting methods, you’ll be more prepared as other states roll out similar legislation.
Ensure Your Website is Compliant
Since the CCPA is an opt-out law, businesses can give themselves the highest level of protection by ensuring the ability to opt-out is obvious and easy. This includes displaying a “Do Not Sell My Personal Information” button and updating your privacy policy to state your compliance with the CCPA.
You can dig deeper into making your website compliant by checking out the Interactive Advertising Bureau (IAB)’s Compliance Framework.
There’s also some recommend web compliance tools that you can use to help ensure your website’s compliance such as:
CookieBot: https://www.cookiebot.com/en/
OneTrust: https://www.onetrust.com/
Clym: https://www.clym.io/
Still Lost?
The CCPA is uncharted territory for companies and advertisers because it’s so new. While it is most likely laying the pavement for the new normal of digital advertising, it will be a confusing world for some time.
At Digital Caffeine, we are consistently monitoring the situation, regulations, our clients’ advertising results, and the published results of other advertisers out there. We will continue to update this article and post advertising tips and insight we discover as well as all travel down the CCPA road together.
If you need help navigating advertising amid CCPA, please reach out to us.
