IAB CCPA Compliance Framework: Everything you need to know

IAB CCPA Compliance Framework: Everything you need to know

IAB has released the first version of the IAB CCPA compliance framework for publishers and technology companies in an effort to promote the principles of transparency, accountability, and choice. The Interactive Advertising Bureau (IAB) is an advertising business organization that develops industry standards and provides legal support to the online industry. 

IAB Logo

The California Consumer Policy Act (CCPA) was introduced to provide consumers from Calfornia control over their personal information and more transparency. CCPA is a law that has created a broad spectrum of privacy and data protection rules that apply to all businesses in one jurisdiction, California. It was created in response to changing public perceptions, that the users rightly want to have an understanding of how their data is being handled. 

A business requires careful consideration and implementation in an important ecosystem to create a new industry framework to support CCPA compliance amongst publishers. Under the CCPA, California residents have an option to opt-out of having their data sold to third parties. Additionally, they have the right to be notified and the right to equal services and price.

The right under CCPA are as follows:

  1. The right to know what personal information is being collected about them
  2. The right to know whether their personal information is sold or disclosed and to whom
  3. The right to say no to the sale of their personal information
  4. The right to request the deletion of their personal information
  5. The right to access their personal information
  6. The right to equal service and price, even if they exercise their privacy rights

Who does CCPA apply to?

Who does CCPA apply to?

Figuring out whether these laws apply to your business is a tricky part. These laws are created to protect the citizens of the state or country and not the business. This applied to businesses that are situated even outside of California. CCPA basically applies to businesses that are for a profit legal entity operating in California. Additionally, the following are the thresholds-

  1. Has annual gross revenue of more than $25,000,000
  2. Annually buys or receives, for business or commercial purposes, sells or shares the personal information of 50,000 or more Californian consumers, households or devices or
  3. Derives 50% or more of its annual revenues from selling the personal information of Californian consumers.

Consequences of not complying with CCPA

Fines for non-compliance with CCPA can vary from $2500 to $7000 per intentional violation. Per violation is generally the term used to describe per person whose right you have violated. If you have 100 visitors on your website and it doesn’t comply with the privacy policy your fine can go beyond $200000.

Tips on how to make your WordPress website CCPA compliant

Hire a Privacy Lawyer
The law and the regulations can be very difficult to interpret as a lot goes into complying with CCPA. You should hire an attorney if you are unsure of what path you have to choose. Hiring a privacy lawyer can help save tons of money ballooning into a fine. 

Understanding what type of personal information to collect
According to CCPA, you must inform the users of the type of personal information you are collecting. You must have a thorough look at the pages ad the forms about the type of information. 

Read this guide to Learn How to Add Privacy Policy In WordPress

Analyzing the sources of personal information
According to CCPA, you need to disclose the sources from the personal information were collected. Examples of sources can be: 

  1. Surveys
  2. Data resellers
  3. Directly from the customer 
  4. Observing activities through the use of cookies

Using a Plugin The WordPress Cookie Consent Plugin for GDPR & CCPA plugin helps you comply with the EU GDPR’s cookie consent and CCPA’s “Do Not Sell” opt-out regulations.

Using a Plugin The WordPress Cookie Consent Plugin for GDPR & CCPA plugin helps you comply with the EU GDPR’s cookie consent and CCPA’s “Do Not Sell” opt-out regulations.

The plugin can help you comply with CCPA in the following ways: 

  • Cookie detector (auto-scan):  Quickly detects all your website cookies in one-click. Saves your time by populating cookie details and categorizing cookies.
  • Third-party cookie details: Automatically fetches the 3rd party cookie details, including privacy policy links of popular scripts.
  • Manually add/edit cookie details: Provides an easy-to-use interface where you can add details of cookies used on your website.
  • Policy data can be displayed anywhere using shortcodes 
  • Opt-out Log: Stores an opt-out log of visitors who have opted-out by clicking on the “Do Not Sell My Personal Information” link.
  • Geo-targeting: Display or hide the “Do Not Sell” notice if the visitor is from California.

Examples of checking the “Do Not Sell” Opt-out regulation

A user may opt-out of the sale of their data. There are three ways to make sure of this:

Case 1: When CCPA doesn’t apply to a business

// check for user's optout
    window.__uspapi("getUSPData", 1, function(consent, success) {
            if (success && consent.uspString === '1---') {
                  // ccpa doesn’t apply
                      } else {
                          // error retrieving the uspString.
                              }
                                });

 Case 2: When a user has opted out of selling the personal information

// check for user's optout
  window.__uspapi("getUSPData", 1, function(consent, success) {
    if (success && consent.uspString === "1YYY") {
      // user has opted out
          } else {
            // error retrieving the uspString.
                }
                  });

Case 3: User didn’t opt out, business as usual

window.__uspapi("getUSPData", 1, function(consent, success) {
                if (success && consent.uspString === "1YNY") {
                    // user has not opted out.
                            } else {
                              // error retrieving the uspString.
                                  }
                                    });

If you liked the article, don’t forget to share it on twitter. Leave your feedback on the comment section below, We would love to hear from you. If you have any doubt, please let us know. We will get back to you as soon as possible.