IAB publishes CCPA Compliance Framework technical specs

The IAB’s Tech Lab has released its version 1.0 of the technical specifications for the IAB CCPA Compliance Framework. A draft version of the document was initially published last month for industry comment; that comment period is now over.

Generally, there are two components of the IAB Compliance Framework:

• A “Limited Service Provider Agreement” that binds supply chain partners to specific conduct that meet the law’s provisions.
• A set of technical specifications that guide companies on how to implement the contract mechanically in their operations.

This release concerns the latter category and includes the following technical provisions:

• IAB Tech Lab U.S. Privacy String: Supports data format for information about disclosures made and choices selected by a user regarding consumer data privacy.
• IAB Tech Lab U.S. Privacy User Signal API: Specifies a lightweight API that may be implemented by digital properties for web and mobile in-app to represent U.S. privacy signals.
• IAB Tech Lab U.S. Privacy OpenRTB Extension: Outlines a mechanism to support communication of U.S. privacy signals within the scope of CCPA compliance.

The IAB says these technical specifications are “available for immediate adoption by publishers and tech companies.” It added that future versions of the framework may add features “for evolving regulatory compliance and additional consumer privacy and data protection functionality. “

Why we should care. All publishers and MarTech companies subject to CCPA should take an immediate, serious look at the IAB Compliance Framework. It’s intended to be a reliable mechanism for publishers, advertisers and ad tech platforms in their effort to comply with California’s landmark online privacy rules. As always, the IAB reminds companies to conduct their own due diligence and consult privacy lawyers.

---