۶Ƶ Advertising Support for the California Consumer Privacy Act: Consumer Data Access and Delete Support
For ۶Ƶ Advertising Search, Social, & Commerce; ۶Ƶ Advertising DSP; ۶Ƶ Advertising Creative; and ۶Ƶ Advertising DCO
The California Consumer Privacy Act (CCPA) is California’s new privacy law, which is effective January 1, 2020. CCPA provides California residents new rights regarding their personal information and imposes data protection responsibilities on certain entities who conduct business in California. CCPA provides consumers with the right to access and delete their personal information as well as the right to opt out of certain activities that qualify as “selling” personal information to a third party.
As a business, you will determine the personal data that ۶Ƶ Experience Cloud processes and stores on your behalf.
As your service provider, ۶Ƶ Advertising provides support for your business to fulfill its obligations under CCPA that are applicable to the use of ۶Ƶ Advertising products and services, including managing requests to access and delete personal information and managing requests to opt out of the sale of personal information.
This document describes how Advertising Search, Social, & Commerce; Advertising Creative; Advertising DSP (Demand Side Platform); and Advertising DCO — as service providers — support consumers’ rights to access and delete personal information using the ۶Ƶ Experience Platform Privacy Service API and Privacy Service UI.
For information about how Advertising DSP supports the consumer right to opt-out of the sale of personal information, see ۶Ƶ Advertising Support for the California Consumer Privacy Act: Consumer Opt-out Support.
For more information about the ۶Ƶ Privacy services for CCPA, see the .
Supported Data Request Types for ۶Ƶ Advertising
۶Ƶ Experience Platform provides the ability for businesses to complete the following tasks:
- Access a consumer’s cookie-level data or device ID-level data (for ads in mobile apps) within Search, Social, & Commerce, Creative, DSP, or DCO.
- Delete cookie-level data stored within Search, Social, & Commerce, Creative, DSP, or DCO for consumers using a browser; or delete ID-level data stored within DSP for consumers using apps on mobile devices.
- Check the status of one or all existing requests.
Required Setup to Send Requests for ۶Ƶ Advertising
To make requests to access and delete consumer personal information from ۶Ƶ Advertising, you must:
-
Deploy a JavaScript library to retrieve and remove your customer’s cookies. The same library,
۶ƵPrivacy.js
, is used for all ۶Ƶ Experience Cloud solutions.note important IMPORTANT Requests to some Experience Cloud solutions don’t require the JavaScript library, but requests to ۶Ƶ Advertising require it. You should deploy the library on the webpage from which your customers can submit access and delete requests, such as your company’s privacy portal. The library helps you retrieve ۶Ƶ cookies (namespace ID:
gsurferID
) so that you can submit these identities as part of access and delete requests via the ۶Ƶ Experience Platform Privacy Service API.When the customer asks to delete personal data, the library also deletes the customer’s cookie from the customer’s browser.
note note NOTE Deleting personal data is different than opting out, which stops the targeting of an end user with audience segments. However, when a consumer asks to delete personal data from Creative, DSP, or DCO, the library also sends a request to ۶Ƶ Advertising to opt out the customer from segment targeting. For advertisers with Search, Social, & Commerce, we recommend that you provide your customers a link to , which explains how to opt out of audience segment targeting. -
Identify your Experience Cloud organization ID and make sure that it’s linked to your ۶Ƶ Advertising accounts.
An Experience Cloud organization ID is a 24-character alphanumeric string appended with “@۶ƵOrg.” Most Experience Cloud customers have been assigned an organization ID. If your marketing team or internal ۶Ƶ system administrator doesn’t know your organization ID, or isn’t sure if it’s been provisioned, then contact your ۶Ƶ Account Team. You’ll need the organization ID to submit requests to the Privacy API using the
imsOrgID
namespace.note important IMPORTANT Contact your company’s ۶Ƶ Advertising representative to confirm that all of your organization’s ۶Ƶ Advertising accounts — including DSP accounts or advertisers, Search, Social, & Commerce accounts, and Creative or DCO accounts — are linked to your Experience Cloud organization ID. -
Use either the ۶Ƶ Experience Platform Privacy Service API (for automated requests) or the Privacy Service UI (for ad-hoc requests) to submit requests to access and delete personal information to ۶Ƶ Advertising on behalf of consumers, and to check the status of existing requests.
For advertisers who have a mobile app to interact with customers and launch campaigns with DSP, you must download the Privacy-ready Mobile SDKs for Experience Cloud. The Mobile SDKs allow businesses to set opt-out status flags, retrieve the consumer’s device ID (namespace ID:
deviceID
), and submit requests to the Privacy Service API. Your mobile app will require an SDK Version 4.15.0 or greater.When you submit a consumer access request, the Privacy Service API returns a consumer’s information based on the specified cookie or device ID, which you then must return to the consumer.
When you submit a consumer delete request, the cookie ID or device ID and all cost, click, and revenue data associated with the cookie are deleted from the server.
note note NOTE If your business has multiple Experience Cloud organization IDs, then you must send separate API requests for each. You can, however make one API request to multiple ۶Ƶ Advertising sub-solutions (Search, Social, & Commerce, Creative, DSP, and DCO), with one account per sub-solution.
All of these steps are necessary to receive support from ۶Ƶ Advertising. For more information about these and other related tasks you need to perform using the ۶Ƶ Experience Platform Privacy Service, and where to find the necessary items, see /docs/experience-platform/privacy/home.html.
Required Field Values in ۶Ƶ Advertising JSON Requests
"company context":
"namespace": **imsOrgID**
"value":
<your Experience Cloud organization ID>
в”:
-
"key":
<usually the name of the customer> -
"action":
either**access**
or**delete**
-
"user IDs":
-
"namespace": **411**
(which indicates the adCloud cookie space) -
"value":
<the actual customer’s cookie ID value as retrieved from۶ƵPrivacy.js
>
-
-
"include": **adCloud**
(which is the ۶Ƶ product that applies to the request) -
"regulation": **ccpa**
(which is the privacy regulation that applies to the request)
Example of Request Submitted by a Consumer Using an ۶Ƶ Advertising User ID Retrieved from ۶ƵPrivacy.js
{
"companyContexts":[
{
"namespace":"imsOrgID",
"value":"5AB13068374019BC@۶ƵOrg"
}
],
"users": [
{
"key": "John Doe",
"action":["access"],
"userIDs":[
{
"namespace":"411",
"value":"Wqersioejr-wdg",
"type":"namespaceId",
"deletedClientSide":false
}
]
}
],
"include":[
"adCloud"
],
"regulation":"ccpa"
}
Data Fields That Are Returned for Access Requests
The following is an example of a personal information access response for ۶Ƶ Advertising.
{
"jobId":"12345AD43E",
"action":"access",
"product":"adCloud",
"status":"complete",
"results":{
"userIDs":[
{
"namespace":"411",
"userID":" Wqersioejr-wdg "
}
],
"receiptData":{
"impressionCount":"100",
"clickCount":5,
"geo":[
"United States of America",
"San Francisco CA"
],
"profile":[
{
"pixelid":"111",
"ut1":"abc",
"ut2":"def",
"ut3":"ghi",
"ut4":"jkl",
"ut5":"mno"
},
{
"pixelid":"123",
"ut1":"abc",
"ut2":"def",
"ut3":"ghi",
"ut4":"jkl",
"ut5":"mno"
}
],
"matchingSegments":[
{
"segmentName":"AP4 - Art/Culture - In-Market",
"segmentID":"kV1mPa2aqPNWKSNtf325",
"serviceProvider":"۶Ƶ"
},
{
"segmentName":"EMEA - UK - Health Food Buyers",
"segmentID":"eP2oJ2UPsfsDVDhvlGewx",
"serviceProvider":"BlueKai"
}
]
}
}
}