WTF is CCPA’s service provider designation?
An open-ended definition of “selling data” in the California Consumer Privacy Act has put programmatic advertising in a precarious position ahead of the CCPA going into effect on Jan. 1.
The law provides people with the option to request that companies not sell their personal information and delete the information they have sold. This provision has the potential to eradicate the information that the programmatic advertising ecosystem relies on to target ads — at least to the 40 million people in California. The law’s definition for selling data is broad enough that some industry experts believe it may cover how companies across the programmatic supply chain use data to facilitate targeted advertising.
The ad tech industry is gravitating toward a stipulation in the law that would appear to enable programmatic advertising practices to continue, albeit with some limitations and at least as a stopgap measure until the enforcement picture becomes clearer. Similar to the GDPR’s “data processor” label, the California law provides a “service provider” designation that companies can adopt in order to process people’s personal information collected by another company without the sharing of that data being considered a sale under the law. “I think the industry is going to coalesce around it,” said Thomas Chow, general counsel and secretary at PubMatic.
WTF is a service provider?
The CCPA defines a service provider as a company that processes personal information collected by another company, but only for the purposes specified in a written contract between the companies. If a person requests that a company not sell their personal information — as the CCPA gives them the right to do — the company can still share that personal information with service providers for those specified business purposes.
How is this different from how companies already handle data collected by other companies?
The difference is that a service provider is limited in what it can do with the information it receives. For example, if an ad tech company receives device IDs collected by a publisher in order to serve targeted ads on the publisher’s site, the ad tech company cannot also use those device IDs to build a device graph in order to track people across the internet.
Will that prevent ad tech companies from sharing data with other ad tech companies to complete a programmatic ad sale?
Not necessarily. However, the various ad tech companies involved in a programmatic ad transaction would need to serve as service providers.
That sounds really complicated.
Definitely. To simplify matters, the Interactive Advertising Bureau and IAB Tech Lab have developed a CCPA compliance framework that is meant to facilitate this daisy chain of service providers. “Under our framework, what happens is companies downstream [in the programmatic supply chain] will be required to operate as service providers on the behalf of publishers,” said Michael Hahn, svp and general counsel at the IAB.
In early December, the IAB plans to release a Limited Service Provider contract that will detail the terms for ad tech companies serving as service providers under its framework. Chow has seen a version of the contract and said it lays out what service providers can and cannot do with the personal information collected by publishers “in a way that’s logical and reasonable to me.” Boiled down, the contract requires that ad tech companies have a way to isolate the personal information they receive from publishers so that the information is not used to enrich an ad tech company’s own data set.
Are ad tech companies okay with these restrictions?
They’re not wild about it. However, until Congress passes a federal privacy law that would preempt states’ privacy laws, ad tech companies have little choice but to figure out how to comply with the California law. Given the ambiguities that remain in the law, like what does and does not count as a sale of data, the service provider provision gives them some cover to continue to conduct their basic programmatic advertising businesses while they wait for more clarity regarding how the attorney general plans to enforce the law.
So programmatic advertising is saved?
No. For starters, the IAB framework only works for companies that adopt the framework. Apart from the framework, companies would need to sign service provider agreements with each company for which they process data for business purposes. Then there’s the trust required that service providers will abide the contracts and comply with the restrictions placed on their use of data. The attorney general’s office has yet to confirm whether ad tech companies operating as service providers to process data for targeted advertising would be compliant with the law.
Digiday+ Research deep dive: YouTube holds strong as a reliable marketing channel for agencies and brands
YouTube might not be considered the most exciting marketing channel out there, but brands and agencies see the platform as a reliable marketing channel that delivers consistent success.
Pringles goes all in on social to put college athletes front-and-center for ‘March Mustache’ campaign
Pringles is turning to social media — particularly Instagram — to leverage some of the college athletes playing in the March Madness basketball tournament, with the goal of reaching college basketball fans on second screens.
Short-form video needs better monetization, creator funds aren’t the way to do it
Creator funds have almost been like a stepping stone before a more permanent solution is either considered or put into place.
SponsoredHow advertisers are leveraging omnichannel attribution and measurement to power CTV
Sponsored by MNTN Connected TV advertising has joined and expanded the larger ecosystem of campaigns that advertisers deploy. As such, omnichannel marketing strategies now encompass television and mobile devices, tablets and other screens such as out-of-home. And as customers engage across these different touchpoints, brands are seeking and moving their measurement and analytics efforts to […]
L’Oreal uses social listening, in-house teams to tap into beauty trends ‘at the speed of culture’
The beauty behemoth is turning to in-house teams to accelerate content production that taps into trends within days, rather than the weeks or months of traditional marketing and advertising timelines.
With Canva and Adobe’s new updates, the generative AI race enters the brand design space
Canva and Adobe are just two of several major design and visual platforms that are rapidly introducing new generative AI capabilities in the service of brands.