The DAA Shares CCPA Compliance Proposal With 5 Weeks To Go (It’s Basically AdChoices)

Self-reg is revving up in the lead-up to the CCPA effective date on Jan. 1.

The Digital Advertising Alliance (DAA) said Monday that it’s finalizing mechanisms that would allow consumers to opt out of the sale of their personal information as required by the California Consumer Privacy Act (CCPA).

The tools aren’t available to use just yet, but the DAA is planning to release implementation specs and guidance for web and app versions soon.

Just last week, the IAB Tech Lab released the first version of technical specs for data sharing in the real-time bidding ecosystem, and Google announced that sites and apps will be able to deactivate personalized ad serving and restrict data processing across its ad products in preparation for CCPA.

“The DAA’s tools are designed to be compatible with the existing ad ecosystem, as well as new approaches such as the IAB framework,” said Lou Mastria, the DAA’s executive director. “We expect that our tools will work in concert with other solutions.”

It’s … green AdChoices

Businesses covered under CCPA have to place a clear and conspicuous “Do Not Sell My Info” button on every page of their site that collects personal information … which is pretty much every page.

The California attorney general’s draft implementation regs, which are still out for comment until Dec. 6, don’t say what this button should actually look like, however.

The DAA is taking a stab with a design that’s going to look pretty familiar to most anyone in the ad industry: a green-colored version of the AdChoices icon.

But unlike the light blue AdChoices icon which appears embedded within the top right corner of most ads across the internet, the green icon is meant to be displayed within a site or app along with a text link that takes people to a publisher-hosted notice with information on what data a publisher is collecting and whether any third parties are involved.

The tool will also allow users to opt out of the sale of their personal information by any or all of the companies that participate in the DAA’s compliance program, including third parties that collect and sell data.

All together now

Over the past year, advertisers, publishers, agencies and ad tech companies have been spinning their wheels on the practical aspects of CCPA compliance. It’s one thing to say that California consumers have the right to opt out of the sale of their data, and another to actually provide a mechanism to make that right a reality.

That’s what the DAA and the IAB are both trying to do.

In theory, a consumer would be exposed to the DAA’s green icon and link, which would fulfill the notice and opt-out requirements under CCPA. From there, the IAB’s “US privacy string” would allow companies to share that information up and down the supply chain, including whether a consumer was given the proper notice and the chance to opt out and if the person actually did opt out.

But only relying on the IAB’s framework and/or the DAA’s green icon isn’t enough to fully comply with the law, so talk to your lawyer and give your engineers a heads-up.

“Each entity will have to make its own determination, in consultation with counsel, about their compliance obligations under the CCPA,” Mastria said. “But we believe the DAA tools will offer a valuable resource for companies to incorporate in those compliance efforts.”

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!