After being announced in 2018, the California Consumer Privacy Act (CCPA) has rolled out – and its leaving confusion in its wake. Facebook ad buyers scrambled to grapple with the vaporizing of data and targeting for California audiences, while simultaneously scratching their heads over what compliance actually means.
Note: We are not laywers. Do not take any of the following as legal advice. If you need actual legal advice, seek the advice of an attorney.
What is the CCPA?
This is a state-level privacy enactment. It’s somewhat in the spirit of GDPR, however, while GDPR is “opt in” for information sharing, CCPA is “opt out.”
It applies only to California at this time, though there are expectations other states will adopt some type of privacy measure into law in the future.
Some of the basic rules are:
- information being collected must be transparent about what data they collect, the purpose for it, and any third parties it may be shared with
- a business must delete the data if it’s requested by the user
- consumers can opt out of their data being sold
- CA authorities can fine for violations, though it’s unclear how it applies to out-of-state companies since it’s only a CA law
- businesses are allowed to offer financial incentives for being allowed to collect data
It doesn’t apply to all businesses. Specifically, it pertains to businesses with gross annual revenue over $25m, those that have over 50,000 users’ worth of personal information, and/or those who earn more than half that annual revenue from selling this information.
How Does This Affect Facebook and Instagram Ads?
Facebook announced a new feature called Limited Data Use. It automatically applies to all Facebook business accounts, and specifically to users in California that ads are targeting. It ultimately puts the onus on the advertiser to be in compliance with CCPA, which is no small thing given that many feel it’s very vague. It’s goal is to limit “personal information,” but there is confusion about what that means, exactly.
Programmers will eventually apply a “LDU flag” to the Facebook pixel to address specific events. In the meantime, California will automatically limit data on California users. (Information on the data processing options can be found here). These updates must be made by August 1.
Advertisers can toggle the enablement of customer data if they have implemented the LDU flag:
How Did Ad Buyers Prepare?
David Herrmann, an enterprise-level Facebook Ads expert for the direct-to-consumer (DTC) space shared the plans for his clients as the reality of this hits in July.
“For us, in the month of July we’re splitting out CA into its own campaigns for any that have over 10% of conversions coming from CA,” he said. “Due to the limited use feature, especially on FB, we want to make sure we’re tracking things correctly regarding ROAS. With CA conversions apparently not being properly attributed, we want to keep that in mind.”
The impact became apparently quickly late last week. The main fear for advertisers was a lack of data on California users would impact targeting and optimization on the platform. This would mean Facebook would have less data, and would likely lead to lower results.
Sure enough, Herrmann saw this first hand, and shared it on Twitter:
He later followed up after making a crucial change: excluding California from the ad targeting:
What Happens Next?
There’s still a lot of confusion overall about the reach of CCPA. There are many fears that businesses may not even be aware it applies to them.
Much like when GDPR happened and US businesses were unprepared, not running in the affected area seems to be the immediate step. As compliance and rules become clearer to companies, especially in regard to the data they house, it will become a new norm.
In the meantime, be sure you update your Facebook pixel accordingly, and take short-term measures to protect your advertising spend.