back button

Back

Get CCPA ready with the Didomi consent management platform (CMP)

May 15, 2020byJawad Stouli

The California Consumer Privacy Act (CCPA) was enacted to provide California consumers with greater transparency and control over their personal information. The CCPA was created in response to changing public perceptions. Users, rightfully, want to understand and have the option to exercise control over their own data. Therefore, companies in the ad tech ecosystem need a way to ensure that everyone is compliant with the law, and playing by the same rules. So how does it work, and how can we help you comply?

On Thursday, April 23rd 2020, PubMatic hosted a webinar to educate the industry and affected publishers on this new legislation. Marina Gu, Senior Director & Customer Enablement at PubMatic moderated the conversation between Thomas Chow, General Counsellor at PubMatic, Ashwanth Vemulapalli, Senior Product Manager at PubMatic, and myself, Jawad Stouli, CTO & Co-Founder of Didomi. I was invited to present some practical & technical aspects of CCPA compliance thanks to a Consent Management Platform (CMP) such as ours.

The webinar also addressed CCPA’s legal implications, the IAB’s CCPA framework, and the U.S. Privacy String.  See the full recording of this webinar here:

How does the CCPA work?

The IAB’s CCPA Framework requires participating publishers that choose to sell the personal information of California consumers in the delivery of digital advertising to provide “explicit” notice regarding their rights under the CCPA, to explain in clear terms what will happen to their data, and to notify the downstream technology companies with which the publishers do business that such disclosures were given.

Unlike the GDPR in Europe, which is an “opt-in” regime requiring consent, the CCPA is an “opt-out” regime requiring publishers to include a “Do Not Sell My Personal Information” link on their digital properties. 

What publishers should expect with the CCPA

There are three main elements, to my mind, that publishers and advertisers should look out for.

First, there will be a massive adoption of the IAB’s CCPA framework. We expect the IAB to play the same role as the TCF in Europe, which was key in standardizing the way consent is collected and shared between publishers, vendors and advertisers.

Second, the impact on CPM and revenue is likely to be much lower in the US than in Europe, as the CCPA is an “opt-out” model – implying that there will be higher opt-in rates from users, and there will be a lower impact on publishers’ operations. Indeed, the opt-out rate will potentially be lower than 1%.

Third, expect more US regulations to follow. It is very likely that there will be iterations of similar regulations throughout the country, and you should prepare to be capable of complying with changing regulations from every location you operate in. 

For all these reasons, a Consent Management Platform (CMP) like Didomi can easily help you integrate the IAB CCPA framework, and get compliance with evolving regulations. 

Why you need a CMP like Didomi

CMPs are very easy to deploy: they work just like your other partners and vendors. You will get a small piece of code to deploy on your website or your mobile app, that you will be able to embed, just like your regular tags, and then CMPs will automatically start interacting with the users and vendors.

Collect, store and share consent

Didomi was created in 2017 to help compliance with data privacy regulation both in the EU and in the US, for ad tech publishers, advertisers, and anyone who has to deal with the GDPR or the CCPA.

We collect user choices by helping publishers inform their users of the choice to opt-in or out from the sale of information. We store that information to keep a legal proof of how that user was informed, and what the user choice was. Finally, we share users’ choices with vendors, automatically ensuring that the ad request complies with local regulations.  

Bear in mind that CMPs like Didomi provide standard user interfaces to make you compliant, but we advise you to configure and adapt the look-and-feel and messaging, to make sure that the end result is customized to your particular brand experience.

Simple deployment, instant benefits

A CMP like Didomi is very easy to configure. You may create a platform for a website, an AMP website, or mobile app. Decide the regulations you want to cover with your notice (CCPA, GDPR), and configure the look-and-feel of your notice to customize it to your company’s visual identity. You end up getting a tag that you can use and deploy to make sure your consent notice appears on your website. And the job is done! 

The standard workflow for a user is to see the notice, get the option to either get more information and be able to not sell their data, or simply acknowledge the notice and potentially ignore it. In this case, your notice will disappear on the next page, and the user will be opted-into the sale of personal data. For you to be in full compliance with the IAB CCPA framework, users will also be given the option to change their minds later on.

Deployment is done with your usual tools through your tag managers or directly through your website, and works exactly the same way for your websites or your mobile apps. 

Conclusion

As a publisher, you are free to do all of that yourself. However, we do see that it gets complicated for publishers over time to build and maintain their notices, and to comply with different, ever-evolving regulations. A commercial CMP like Didomi will bring years of experience and expertise to make sure that you are always compliant and up-to-date with frameworks and regulations.

Check out our website to help you get started with compliance! 

Related articles

April 16, 2020byRomain Gauthier

My take on the CNIL’s new guidelines on cookies: 4 key ideas to remember

The new CNIL (France’s privacy watchdog) guidelines released in the summer of 2019 have turned the advertising industry upside down and are prompting us to rethink how we monetize information and innovate in programmatic. On June 28th, the CNIL (which means National Commission for Information Technology and Civil Liberties) published its action plan on advertising targeting, one…

Read more

CMP

Consent

Cookies

July 1, 2019byRomain Gauthier

Didomi is the first Consent Management Platform to offer a solution for AMP

The French independent company Didomi becomes the first provider to offer a consent management solution dedicated to AMP pages (Accelerated Mobile Pages), enabling publishers to optimize the collection and management of their user’s privacy preferences in strict compliance with current legislation. Used by several publishers, brands and E-commerce players worldwide, the AMP framework (accelerated mobile…

Read more

AMP

CMP

November 22, 2018byJawad Stouli

What CMPs can learn from the French data protection authority

On 30 October 2018, the French Data Protection Authority (the “CNIL”) issued a warning against a small company called Vectaury in relation to how this Ad Tech actor was collecting consent for geolocation-based advertising campaigns. On 8 November 2018, it decided to make this decision public notably because it is necessary to “raise awareness among…

Read more

CMP

CNIL

Consent

Cookies

France

GDPR

IAB

Sanction

Vectaury

Warning

April 20, 2018byRomain Gauthier

Didomi now supports the IAB Europe consent framework

Didomi is proud to announce that our Consent Management Platform (CMP) is now officially registered with the IAB Europe’s GDPR consent framework. We’re one of the first CMPs to fully support the framework. The IAB Europe Consent Framework The IAB Europe Consent Framework aims at standardizing consent flows between advertising partners. Online advertising involves a…

Read more

Consent

Cookies

ePrivacy

GDPR

Publishers

tailored advertising

targeted advertising

May 13, 2020byYannig Roth

Didomi’s CMP has been approved as TCFv2-compliant (migration cut-off date now is August 15th)

We have announced yesterday that our Consent Management Platform (CMP) has successfully passed the IAB Europe’s CMP Compliance Programme (see the full list here). Many clients have started to transition to the TCF’s version 2 already, and all IAB members will have to update their websites and mobile apps to support it until the summer 2020.

Read more

CMP

compliance

IAB

TCF v2