About IAB’s CCPA Compliance Framework
IAB CCPA Compliance Framework has three main components to it:
- An agreement that publishers (websites) must inform Californian consumers about their rights at the point of data collection, as well as offering a means of opting out.
- Inform which categories of personal information is being collected
- Request permission for disclosure to third parties of collected personal information
- Allow deletion of collected information
- Include a "Do Not Sell My Personal Information" link on their digital properties
How does it work?
You can "ask" the
__uspapi stub for consent information. The stub has three parameters:
__uspapi(Command, Version, Callback)
|version||number||US Privacy spec version|
Here is an example on how to view the content of the
uspData is a JSON with the following format:
"version" is a number, indicating the US Privacy spec version, currently 1.
"uspString" is a string, built up as follows:
|1st||1||US Privacy spec version|
|2nd||Y / N||Explicit notice / Opportunity to opt out|
|3rd||Y / N||User opted out of sale of personal information|
|4th||Y / N||Publisher is a signatory to the IAB Limited Service Provider Agreement|
For users where CCPA doesn't apply, the string's value will always be "1---".
It is important that the visitor's consent state is established before querying
__uspapi for a consent string. If a consent string is fetched before the Cookiebot script has established the visitor's consent state it will be assumed that CCPA applies. This ensures ads are not served without prior consent.
We recommend fetching the consent string after the CookiebotOnConsentReady event is dispatched by the Cookiebot script.
Here is an example of how this can be done: