The California Consumer Privacy Act of 2018 (CCPA) defines the sale of personal information broadly to include any exchange of personal information for money or anything else of value. This definition may include interest-based advertising—we have a two-part blog post that explains why here.
If you are subject to CCPA and advertise on Facebook, and more specifically, if you are using Facebook Pixel for ad conversion optimization, the information Facebook collects through your website may be considered a sale of personal information and you are obligated to honor California residents’ Right to Opt Out.
On July 1, 2020, Facebook launched a CCPA compliance tool to help businesses that use Facebook Pixel to comply with the CCPA. Limited Data Use (LDU), when enabled, limits how Facebook processes the information it collects through Facebook Pixel.
We mentioned earlier that the information that Facebook Pixel collects may be considered a sale of personal information. LDU changes how Facebook processes the information it collects via Facebook Pixel so that the information collection cannot be considered a sale.
Businesses can use LDU to communicate which of their users or website visitors are residents of California that have opted out of having their information sold to Facebook. Facebook will then process the information as a service provider. Their obligations as a service provider may be read in detail in their State-Specific Terms.
To enable the feature, you’ll need to tap into your developer team or brush up on your coding skills. Facebook has a detailed instructional on how to enable the Limited Data Use feature here.
You will ultimately need to add a link to your homepage for California website visitors that reads “Do Not Sell My Personal Information”. This link should direct the user to a page where they can"opt out" by enabling LDU processing.
The Limited Data Use feature is applicable for the following services:
The LDU feature is automatically enabled for Facebook Custom Audiences.
If you cannot enable Facebook’s LDU feature, you’ll have to provide a way for your customers to opt-out of your business' selling their personal information.
Add a conspicuous link on your website that reads “Do Not Sell My Personal Information”. This link should direct the user or website visitor to instructions on how to opt-out of any cookies associated with your third party vendors.
If you have an existing opt-out tool, your instructions should direct the consumers to use your opt-out tool. If your website does not have an existing opt-out tool, you could link to a global tool, such as Digital Advertising Alliance’s (DAA) opt-out tool and instruct your customers to select ‘Facebook’.
If you share email addresses with Facebook, a common practice for businesses that use Facebook’s Lookalike Audience service, you will need to provide consumers a way to opt out of the sharing of their email address.
We recommend providing a form for consumers to submit a Request to Opt-out. You’ll need to track these requests carefully to ensure you remove the appropriate personal information before you share your list to Facebook.
After 12 months you may ask a consumer to opt-in to the sale of their information.
Being CCPA compliant doesn’t have to take a lot of time. At TrueVault, we have tools that help businesses with their CCPA compliance. If you need any help, don't hesitate to contact us.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal advice. This content is not a substitute for obtaining legal advice from a licensed attorney. The information on this page may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments.