California is imposing tough new rules on processing the data of anyone under the age of 18, with the potential to affect businesses that don't target younger consumers.
The California Consumer Privacy Act (CCPA) gives consumers the right to opt out of the "sharing" of their personal information. The law defines sharing as the disclosure of personal information for the purpose of "cross-context behavioral advertising," i.e., interest-based advertising.
If you are subject to CCPA and advertise on Facebook, and more specifically, if you are using Facebook Pixel for ad conversion optimization, allowing Facebook to collect browsing data through your website is considered to be sharing personal information, and you are obligated to honor California residents’ right to opt out.
On July 1, 2020, Facebook launched a CCPA compliance tool to help businesses that use Facebook Pixel to comply with the CCPA. Limited Data Use (LDU), when enabled, limits how Facebook processes the information it collects through Facebook Pixel.
We mentioned earlier that the disclosure of personal information to Facebook Pixel collects is considered data sharing. LDU changes how Facebook processes the information it collects via Facebook Pixel so that the information collection will no longer be "shared."
Businesses can use LDU to communicate which of their users or website visitors are residents of California that have opted out of having their information shared with Facebook. Facebook will then process the information as a service provider. Their obligations as a service provider may be read in detail in their State-Specific Terms.
To enable the feature, you’ll need to tap into your developer team or brush up on your coding skills. Facebook has a detailed instructional on how to enable the Limited Data Use feature here.
You will ultimately need to add a link to your homepage for California website visitors that reads “Do Not Sell or Share My Personal Information”. This link should direct the user to a page where they can opt out by enabling LDU processing.
The Limited Data Use feature is applicable for the following services:
The LDU feature is automatically enabled for Facebook Custom Audiences.
If you cannot enable Facebook’s LDU feature, you’ll have to provide a way for your customers to opt-out of your business's sharing of their personal information.
Add a conspicuous link on your website that reads “Do Not Sell or Share My Personal Information”. This link should direct the user or website visitor to instructions on how to opt-out of any cookies associated with your third party vendors.
If you share email addresses with Facebook, a common practice for businesses that use Facebook’s Lookalike Audience service, you will need to provide consumers a way to opt out of the sharing of their email address.
We recommend providing a form for consumers to submit a Request to Opt-out. You’ll need to track these requests carefully to ensure you remove the appropriate personal information before you share your list to Facebook.
After 12 months you may ask a consumer to opt-in to the sale or sharing of their information.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.