Announcing Support for U.S. Privacy Consent String (9/3/20)
On August 15, 2020, LiveRamp released functionality for processing the U.S. Privacy consent string which is part of the IAB CCPA Compliance Framework. This release enables requests to our pixel infrastructure that contain the U.S. Privacy String to be processed and passed on to downstream partners when applicable.
The U.S. Privacy String is a core part of IAB's CCPA Compliance Framework and communicates signals regarding consumer privacy and choice under U.S. privacy regulations. Version 1 of this specification is focused on supporting requirements under the California Consumer Privacy Act (CCPA). If privacy regulations apply, digital property owners are expected to use this consent string to provide signals to all parties that intend to exchange data on a given transaction. LiveRamp will use this privacy string to determine if we are allowed to process the consumer’s personal data.
This privacy string enables the capture of signals to ensure:
Notice has been given to the consumer, or an opportunity to opt-out
The consumer can pass their right to opt-out of the sale of data
All pixel-based events will be subject to the U.S. Privacy String when traffic originates in the U.S. market.
Clients should understand that the processing of consent strings can have an impact on match rates and the volume of impressions captured as LiveRamp will be enforcing this standard on all inbound traffic. U.S. Privacy consent strings are in an early adoption phase and LiveRamp will be watching these impacts over time. Early testing against live traffic shows that degradation of traffic will be insignificant at this time.
In addition, Sync partners should understand that on sync traffic initiated from LiveRamp, consent strings will be passed downstream when we are able to process the requests.
For the U.S. Privacy String, the following actions will be taken by LiveRamp:
LiveRamp will process the U.S. Privacy String on all U.S. Requests, regardless of the State that the requests originated in.
All Requests that do not contain the U.S. Privacy String will be processed normally. We will only perform special processing on requests that contain the string.
LiveRamp will process and allow requests in which notice is given and the user has not opted out.
LiveRamp will process and not allow requests in which either notice isn’t given or the user has opted out.
This capability allows LiveRamp to adhere to current privacy regulations such as CCPA and will provide a framework for future regulations that have different requirements.