On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect.
It gave businesses until July 1 to ensure full compliance.
However, while this has been a topic of discussion for a couple of years now, some still struggle to thoroughly understand the compliance requirements.
There are many reasons this is the case.
One of the most significant is the fact that different requirements apply to different types of organizations and inter-business relationships.
For instance, advertisers and Facebook have naturally had a relationship that involves sharing user data.
Facebook has responded to the CCPA by introducing a Limited Data Use (LDU) feature.
It identifies when a user is a resident of California and applies certain data use rules accordingly.
The problem is, the LDU feature will only remain active until July 31.
After that date, Facebook expects any business it works with to have updated their pixels with LDU features for California residents.
In other words, businesses advertising on Facebook will be liable for all CCPA compliance issues after that date.
Some may not know what steps they must take to be in full compliance.
Others may not have even been aware that updating their pixels was necessary.
This guide will explain the topic in greater detail so that Facebook advertisers avoid penalties and stay compliant after this month’s deadline.
Facebook Action and Expectations
Facebook has released a list of specific terms describing the manner in which advertisers may use a Facebook user’s data in California.
Updating the Facebook PageView pixel accordingly involves simply including a new string within the pixel.
This gives Facebook marketers the option to choose whether they will be the party involved in determining if a user is in California, or if they would prefer Facebook to auto-identify such users.
Still, there is some confusion regarding when it’s necessary or advisable for an advertiser to enable LDU features.
Is it necessary to enable LDU universally for California users?
Or, is it required only in instances when users have specified that they don’t want their data tracked?
Facebook agencies and advertisers thus find themselves in a position where they need to make a confusing decision even though failure to make the right choice involves assuming a degree of risk.
Facebook CCPA Compliance and Digital Marketing
We don’t yet have a full sense of how Facebook CCPA compliance issues will affect digital marketing efforts.
That said, it’s already clear that Facebook intends to scale back the way it uses personal information for residents of California.
This will almost certainly make such Facebook marketing tasks as audience targeting and behavior tracking more challenging than they were in the past.
Marketers will see the most significant impact in their retargeting efforts.
An enabled Facebook LDU will prevent advertisers from including California users in retargeting campaigns based on behavior tracked via a website pixel.
Keep in mind that this isn’t something that’s going to happen in the future should you enable LDU features.
Because Facebook has already enabled LDU features while it waits for advertisers to catch up, this is already happening.
Suggestions for Facebook Advertisers
It’s worth noting that CCPA compliance involves providing users with the option to opt-out of data tracking.
This is unlike GDPR compliance, which asked users to opt-in.
Add an Opt-in Feature to Your Site
Thus, you could theoretically greet users visiting your website with a cookie-consent banner or pop-up.
This visible banner can ask them if they wish to opt-out of tracking and thereby enhance transparency and trust on the platform.
Of course, if a user chooses this option, you’ll need to ensure LDU features apply to them going forward.
Otherwise, you won’t be in compliance with the CCPA.
This may be a good sign for Facebook marketers.
Typically, not many users will agree to opt-in to data tracking.
However, research indicates that when asked if they’d like to opt-out of tracking, the numbers are more favorable for advertisers.
The Risk Averse Approach
Businesses that are thoroughly averse to risk may simply choose to enable LDU features for all California users, instead of asking them if they’d like to opt-out of tracking first.
This ensures absolute compliance with virtually no risk of accidental non-compliance.
The Risk Tolerant Approach to Facebook CCPA Implementation
Businesses with more tolerance for risk can give users the option to opt-out of tracking.
Theycan then enable LDU features so they only apply to those users who do select that option.
This is slightly risky because it remains unclear precisely how the CCPA is to be implemented.
High Risk
Some Facebook marketers may wish to see how the situation develops once the CCPA has been implemented for a longer period of time.
As a result, they may choose to take no action right now until they have a clearer perspective.
That said, any business considering this option should thoroughly discuss the issue with a legal team.
Next Steps for Facebook CCPA Compliance
You need to assess your degree of risk-tolerance to decide which you consider to be best at this point.
Finally, it’s worth noting that your business may not be based in California.
But, if any of your customers are, CCPA still applies to you.
Again, while we’re still waiting to see precisely how all of this will play out, it’s important to start developing a plan sooner rather than later.
