CCPA grants California consumers robust data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors. mediasmart is GDPR & CCPA compliant, and we've put together a bunch of FAQs for your management of your campaigns at mediasmart.
1. What does CCPA mean?
“CCPA” stands for California Consumer Privacy Act. The California Consumer Privacy Act, or CCPA, is a privacy protection law voted in by California lawmakers in 2018. Its purpose is to protect the personal information of California residents (“consumers”).
2. When did CCPA go into effect?
CCPA went into effect on January 1st, 2020.
3. What is the purpose of CCPA?
CCPA aims to protect the personal information of consumers in the state of California, placing requirements on businesses for collecting, sharing or selling that personal information. It also restricts the sale of personal information of minors.
CCPA gives privacy rights to California residents, too. These rights include the right to disclosure, the right to deletion, the right of data portability and the right to object to the sale of their personal information.
4. Who does the CCPA apply to?
CCPA protects California residents (whether they’re currently in the state or not) and refers to them as “consumers”.
CCPA places obligations on “businesses” headquartered inside or outside of California, which collect personal information of California state residents and satisfy at least one of three conditions:
- Annual gross revenue of more than $25 million.
- Handling (buying, selling, etc.) personal information of more than 50,000 CA-based consumers, households, or devices annually.
- Gets at least 50 percent of annual revenue from selling CA consumers’ personal information.
5. What personal information is protected under this law?
Under CCPA, “personal information” refers to information that identifies, relates to, describes, and is linked to or associated with a consumer or household.
Based on this definition, information covered by CCPA may include name, address, social security number, email address, search history, IP address or geolocation data (this list isn’t exhaustive). In the case of mediasmart, the only personal information that is processed upon our clients requests and as per our privacy policy is IP address, user ID (GAID or IDFA) and geolocation data.
6. What does CCPA mean for mediasmart?
As mediasmart had undergone all the necessary changes in processes, security procedures and privacy policies to comply with GDPR when it went into effect back in May 2018, we were ready to comply with CCPA with very few changes.
mediasmart has signed the Limited Service Provider Agreement and implement the IAB Tech Lab technical specifications for the CCPA Compliance Framework.The main change required from a platform perspective to comply with CCPA was to have the system read the new US privacy string in the incoming bid requests as per the extension created for that purpose to the Open RTB protocol. But the processes that had to take place in those cases in which the end-user has opted-out were already in place.
7. How will CCPA affect the performance of my campaigns in mediasmart?
Campaigns that use personal information as targeting criteria will exclude any inventory from end-users who have opted-out from selling their personal information. For more detailed information of what specific types of campaigns and features will be affected and how, please refer to answers to questions 6 to 11 in this GDPR article. The way the system reacts to not having consent to sell personal information is similar to how it reacts when users have not provided consent for interest based advertising under GDPR.
