Home Privacy IAB Tech Lab Intros New Spec To Handle CCPA Data Deletion Requests

IAB Tech Lab Intros New Spec To Handle CCPA Data Deletion Requests

SHARE:

The IAB Tech Lab publicly unveiled a technical spec on Friday so that publishers and their partners can handle data deletion requests under the California Consumer Privacy Act (CCPA).

Documentation for the spec, which is part of an overall framework for CCPA compliance, was committed to GitHub last week.

Under CCPA, companies and third-party partners must abide by consumer requests to delete any personal information that they have about them in their records.

But publishers need an automated, standard way to manage and route those requests. Otherwise, it’s a “potentially error-prone and costly” process, said Alex Cone, senior director of product management at IAB Tech Lab focused on privacy.

Today, most publishers respond to data deletion requests using “one-off approaches,” Cone said. “If you’re a publisher and you work with a handful of vendors, each one likely has its own process for handling these requests,” he said. “And conversely, a vendor working with a lot of publishers – an ad server and an SSP, for example – is probably getting a bunch of different people asking them to do things.”

The deletion spec, which works across the web and apps, is fairly easy to implement, Cone said. All a publisher has to do is embed a snippet of code, and a consumer’s request to delete is automatically disseminated to all of the publisher’s partners who have also adopted the spec.

“We’ve done our best to streamline the technology,” Cone said. “This is about giving publishers a standard, simple code interface for calling out to the vendors they work with.”

It’s not a magic button, though. Companies need to map their data sources for this to work. You can’t fulfill a consumer’s data deletion request if you don’t know what data to delete.

CCPA enforcement begins on July 1, but the California attorney general’s implementation regulations, which businesses need to operationalize the law, still aren’t finalized, and it’s unclear if they will be by the enforcement date.

Compliance without the guidelines

The near-final proposed regs were submitted for approval on Tuesday to the California Office of Administrative Law, which has up to 90 days to review them.

So companies have to get into compliance before the specs are finalized, which is where the Tech Lab comes in. The IAB compliance framework has two components: a policy piece and technical specs to facilitate it.

A standardized contract codifies the relationship between publishers and their partners and what the latter can and can’t do with user data in the OpenRTB ecosystem. A privacy string, similar to the Transparency and Consent Framework in Europe, propagates consent signals and handles the opt-out process.

So far, more than 250 companies – a mixture of publishers and ad tech firms – have adopted the IAB’s limited service provider agreement.

The next item on the agenda for the IAB Tech Lab’s CCPA/US Privacy Technical Working Group is a set of technical efficiency tools for companies that have already adopted the framework.

“We’re keeping our ear to the ground along with our policy friends as the law develops so we can respond collectively and in an agile way,” Cone said.

Must Read

Why Media Mergers And Spin-Offs Don’t Always Keep Their Promises

With media megamergers, acquisitions and spin-offs left and right, the media landscape is changing at a pace that is difficult to keep up with.

TransUnion is partnering with Blockgraph so that advertisers can use its identity data to target, reach and measure TV households across channels.

How This Disaster Relief Nonprofit Tapped First-Party Data To Reach Donors Year-Round

Staying top of mind for potential donors is an ongoing challenge for Direct Relief. Nexxen’s audience curation helped it spread and sustain awareness.

Why Major UK Publishers Are Finally Joining Forces To Curate Ad Inventory

Atria’s collective approach is a response to growing monetization challenges and the need to protect the value of human journalism in the AI era.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Toronto Canada pride parade includes a crowd waving pride flags

Ad Performance And Politics Steered Brand Dollars Away From LGBTQ+ Communities – But The Pendulum Will Swing Back

The current administration has discouraged many marketers and organizations from showing support for the LGBTQ+ community, including during Pride month.

How AI Can Enhance Content Without Generating It

As much as consumers complain about AI-generated content, advertising experts say AI still has an important place in video creation and production, including for ads. But using AI in content without turning off consumers is a tricky dance.

How Tovala Banks On Subscriptions And Incrementality – But Not Ads – To Profit From Its Oven

Smart TVs, refrigerators and other home appliances may pester you with marketing, but at least the hardware is cheap. Another startup taking a different approach to the same theory is Tovala, which was founded in 2015 and combines a standalone countertop oven with a weekly meal kit subscription.