Native Advertising

California Consumer Privacy Act: How TripleLift Is Adopting the IAB CCPA Compliance Framework

By December 31, 2019 January 1st, 2020 No Comments

As of January 1, 2020 the California Consumer Privacy Act, better known as CCPA, will take effect, granting rights to California consumers regarding access to, deletion of, opt-out of sale, and the sharing of personal information to third parties by businesses.

How will this affect Publishers and Demand Partners?

This privacy initiative is a first of its kind in the U.S., and allows California residents to:

  • Access information that has been collected about them
  • Request that companies delete data that has been collected about them
  • Opt-out of having their information sold to third parties

This data may include, but is not limited to, personal information, browsing history, geolocation, cookies, mobile ad ids (MAIDS) and device identifiers.

California is the most populous U.S. state, with 40 million residents, so the potential impact to advertising is significant. The full impact is yet to be seen, as much of the legislation is still being finalized and enforcement of CCPA is not expected until July 2020. But with fines to businesses ranging from $2,500 to $7,500 per violation, it’s important for companies to understand how to be in compliance.

How TripleLift is taking action.

As of January 1, 2020, TripleLift is a signatory to the IAB CCPA Compliance Framework. Our adoption of the IAB framework aligns with our core mission of creating user-centric advertising that earns consumer attention.

How will TripleLift adopt the IAB framework?

TripleLift will send the us_privacy string via the OpenRTB Privacy Extension to participating DSPs.

How to Adopt the IAB CCPA Framework

TripleLift urges publishers and DSP partners to become members of the IAB CCPA Framework to support each party’s efforts towards compliance with the CCPA.

  • Participating publishers that sell information from California consumers for the purposes of digital advertising must comply with the guidelines as applicable and should send California traffic to TripleLift and downstream participants in compliance with CCPA. As publishers have the only direct relationships with users of their digital properties, it is the responsibility of publishers to provide the CCPA required Do Not Sell My Personal Information links and CCPA disclosures to users of publishers’ properties and to send TripleLift the us_privacy signal when a user opts-out of the “sale” of their data. If TripleLift does not receive the us_privacy signal from a publisher partner, we will treat these bid requests from publishers as having not opted out of a “sale” under CCPA.
  • TripleLift will consider the user sync as a “sale” of data and therefore will adhere to IAB CCPA Framework guidelines.
  • We expect continued adoption from publishers and DSP partners by the enforcement date of July 1, 2020. If your DSP is a signatory to the IAB CCPA Framework, it will be important to consider how you will respond in the event of no signal.
Download Your FAQ Sheet

Learn more about how to adopt the IAB Compliance Framework for the California Consumer Privacy Act (CCPA).

Have questions? Reach out to