CCPA regulation calls for a business that sells consumers' personal information to provide a notice of right to opt-out to consumers. Specifically, a website must host a link on their website titled "Do Not Sell My Personal Information" that allows a user to opt-out of data sales.
Under the CCPA, a sale is defined as"selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration"(Cal. Civ. Code Sec. 1798.140). This can include examples such as using data for attribution, look-alike modeling, or using cookies for behavioral advertising.
Ethcya provides a Consent option in your Privacy Center, so users can opt-out of Data Sales. When they go through the Consent experience, a user will land on the Consent Management Portal to manage their opt-out:
This article will focus on how to set up CCPA's Do Not Sell within Ethyca:
- Creating your Data Sales Data Use Case
- Applying Consent Flags to your Data Use Case
- Understanding the Customer Opt-out Experience
- Viewing Reports in Your Control Panel
To configure the technical integration for CCPA "Do Not Sell" please visit our technical implementation guide.
In order to set up your Data Sales Data Use Case for CCPA, there are a few steps you will want to follow in your Control Panel. It is important to note, this Data Use Case will be visible to customers in your Ethyca Privacy Center Consent Management portal depicted above.
When creating your Data Use Case, you will want to ensure that you:
Provide a Title that describes Data Sales (e.g. Data Sales or CCPA's Data Sales)
Ensure Requires Consent is set to Yes, so a user can opt-in
Include a Description of what your business does with the data. For example:
Although we do not sell your personal information, from time to time we may use some of your personal information for advertising performance analysis and audience modeling for ongoing advertising, which may be interpreted as Data Sales under the California Consumer Privacy Act (CCPA). You can opt out of this here and we will ensure your data is no longer used for these purposes.
Provide the Categories of information involved, such as: e-mail, IP address, behavior data, location, etc.
Provide the Phases of data activity. For Data Sales, this will commonly be:
The final step in creating your Data Use Case for CCPA is assigning Consent Flags, which will identify what underlying business processes and systems a users consent will affect.
Applying Consent For Data Integrations will govern how data is handled in backend and service-to-service calls. For example, sending attribution data from physical retail sales to Facebook via their Offline Attribution API.
For your Data Sales Data Use Case, you must check the box on the following flags:
- Under "Apply Consent for Website", select the checkbox for Data Sales (Facebook, Snap, Pinterest, GTM).
- Under "Apply Consent for Data Integration", select the checkbox forData Sales.
Click Save for your Data Use Case, and you're all set with the customer facing consent set up.
When you set your Data Sales Data Use Case live, it will be visible to customer's in your Ethyca Privacy Center's Consent Management portal. See mapping guide below:
|Privacy Center||Control Panel|
|Activities We Process||Business use case for the processing activity. Refers back to the "Title" in the Data Use Case section. (A)|
|Do you Consent?||Allows a user to select YES (opt-in) or NO (opt-out). (B)|
|Description||Business description of what a subject is consenting to. Refers back to the "Description" in the Data Use Case section. (C)|
|Information being processed||PII processed in the activity. Refers back to "Category" in the Data Use Case section. (D)|
Now let us we'll walk through the subject's consent experience in your Ethyca Privacy Center.
A subject will visit your custom-branded Ethyca Privacy Center and selects the "Consent" option (e.g.
The subject will then be shown a popup message that prompts them to provide their email address for identity verification. CCPA regulation requires that you verify the identity of the subject requesting to opt-out to ensure they are who they say they are.
Once the subject's email address has been submitted, they will be emailed a verification code to confirm their identity and receive the below pop up:
From the Consent Management page, the subject can choose whether or not they want to consent to having their data sold.
Once the user confirms their request—"YES" for Opts-In or "NO" for Opts-Out—they will see a confirmation banner (shown below), and a cookie will be set on the user's browser with their consent preference.
If the user selects "NO", the next time the subject visits your company's site, a cookie will be set on the subject's browser that will suppress their data from being sent back to any downstream systems. This way, Facebook and any other relevant ad products will know the user has opted out.
If the user selects "YES", it will be business as usual until a customer changes their opt-out preferences.
For more information on how to launch your Privacy Center check out this link here.
All of your subjects' consent status are available in the Control Panel for easy viewing and downloading. This is key for keeping a record of the consumer's opt-out requests you have honored.
Reporting is available on a monthly basis (including month to date). You have the option to open a new window to view the report or download it directly from the Control Panel as a CSV.
The report will include the data use case(s) consented to, the subjects' emails, their consent status, and the date the consent occurred.
Please contact [email protected] if you have any questions regarding your account.
Updated over 1 year ago