How to Use Facebook Ads and Still Be CCPA Compliant

The California Consumer Privacy Act (CCPA) gives consumers the right to opt out of the "sharing" of their personal information. The law defines sharing as the disclosure of personal information for the purpose of "cross-context behavioral advertising," i.e., interest-based advertising.

If you are subject to CCPA and advertise on Facebook, and more specifically, if you are using Facebook Pixel for ad conversion optimization, allowing Facebook to collect browsing data through your website is considered to be sharing personal information, and you are obligated to honor California residents’ right to opt out.

Limit Data Sharing Through Facebook's Limited Data Use Feature

On July 1, 2020, Facebook launched a CCPA compliance tool to help businesses that use Facebook Pixel to comply with the CCPA. Limited Data Use (LDU), when enabled, limits how Facebook processes the information it collects through Facebook Pixel.

We mentioned earlier that the disclosure of personal informationto Facebook Pixel collects is considered data sharing. LDU changes how Facebook processes the information it collects via Facebook Pixel so that the information collection will no longer be "shared."

Businesses can use LDU to communicate which of their users or website visitors are residents of California that have opted out of having their information shared with Facebook. Facebook will then process the information as a service provider. Their obligations as a service provider may be read in detail in their State-Specific Terms.

How Do I Enable The Limited Data Use Feature?

To enable the feature, you’ll need to tap into your developer team or brush up on your coding skills. Facebook has a detailed instructional on how to enable the Limited Data Use feature here.

You will ultimately need to add a link to your homepage for California website visitors that reads “Do Not Sell or Share My Personal Information”. This link should direct the user to a page where they can opt out by enabling LDU processing.

What Other Facebook Services Does LDU Apply To?

The Limited Data Use feature is applicable for the following services:

• App Events API
• App Events via Facebook SDK
• Audience Network Ad Request and Bidding via Audience Network SDK
• Conversions API (formerly known as Server-Side API)
• Facebook Pixel
• Offline Conversions

The LDU feature is automatically enabled for Facebook Custom Audiences.

Are There Other Options To Opt Out?

If you cannot enable Facebook’s LDU feature, you’ll have to provide a way for your customers to opt-out of your business's sharing of their personal information.

Add a conspicuous link on your website that reads “Do Not Sell or Share My Personal Information”. This link should direct the user or website visitor to instructions on how to opt-out of any cookies associated with your third party vendors.

What About Facebook Lookalike Audiences?

If you share email addresses with Facebook, a common practice for businesses that use Facebook’s Lookalike Audience service, you will need to provide consumers a way to opt out of the sharing of their email address.

We recommend providing a form for consumers to submit a Request to Opt-out. You’ll need to track these requests carefully to ensure you remove the appropriate personal information before you share your list to Facebook.

After 12 months you may ask a consumer to opt-in to the sale or sharing of their information.

Need Help?

Being CCPA compliant doesn’t have to take a lot of time. At TrueVault, we have tools that help businesses with their CCPA compliance. If you need any help, don't hesitate to contact us.