Managing Privacy requests privacy-requests
For a general presentation on Privacy Management, refer to this section.
This information applies to GDPR, CCPA, PDPA, and LGPD. For more on these regulations, see this section.
The opt-out for the Sale of Personal Information, which is specific to CCPA, is explained in this section.
About Privacy requests about-privacy-requests
In order to help you facilitate your Privacy readiness, ÃÛ¶¹ÊÓƵ Campaign allows you to handle Access and Delete requests. The Right to Access and the Right to be Forgotten (delete request) are described in this section.
To perform those requests, you must use the Privacy Core Service integration. Privacy requests pushed from the Privacy Core Service to all Experience Cloud solutions are automatically handled by Campaign via a dedicated workflow.
Prerequisites prerequesites
ÃÛ¶¹ÊÓƵ Campaign offers Data Controllers tools to create and process Privacy requests for data stored in ÃÛ¶¹ÊÓƵ Campaign. However, it is the Data Controller’s responsibility to handle the relationship with the Data Subject (email, customer care or a web portal).
It is therefore your responsibility as a Data Controller to confirm the identity of the Data Subject making the request and to confirm that the data returned to the requester is about the Data Subject.
Namespaces namesspaces
Before creating Privacy requests, define the namespace you will use. The namespace is the key that will be used to identify the Data Subject in the ÃÛ¶¹ÊÓƵ Campaign database. Out-of-the-box, two namespaces are available: email and mobile phone. If you need a different namespace (a profile custom field, for example), follow these steps.
Also refer to this tutorial on how to create a namespace.
-
Click the ÃÛ¶¹ÊÓƵ Campaign logo in the top-left corner, then select Administration > Namespaces.
-
In the list of namespaces, click Create.
-
Enter a Label.
-
If you want to use an existing identity service namespace, choose Map from Identity Namespace Service and select a namespace from the Identity Service Namespaces list.
If you want to create a new namespace in Identity Service and map it in Campaign, select Create new and enter a name in the Identity namespace name field.
To learn more about identity namespaces, see the Experience Platform documentation.
-
One Identity Service Namespace is mapped to one namespace in Campaign. You must specify how the namespace will be reconciled in Campaign.
Select a target mapping (Recipients, Real-time event or Subscriptions to an application). If you want to use several target mappings, create one namespace per target mapping.
-
Choose the Reconciliation key. This is the field that will be used to identify the Data Subject in the ÃÛ¶¹ÊÓƵ Campaign database.
-
Click Create. You can now create Privacy requests based on your new namespace. If you use several namespaces, create one Privacy request per namespace.
Creating a Privacy request create-privacy-request
The Privacy Core Service Integration allows you to automate your Privacy requests in a multi-solution context through a single JSON API call. Privacy requests pushed from the Privacy Core Service to all Experience Cloud solutions are automatically handled by Campaign via a dedicated workflow.
Refer to the Experience Platform Privacy Service documentation to learn how to create Privacy requests from the Privacy Core Service.
Each Privacy core service job is split into multiple Privacy requests in Campaign based on how many namespaces are being used, one request corresponding to one namespace. Also, one job can be run on multiple instances. Therefore, multiple files are created for one job. For example, if a request has two namespaces and is running on three instances, then a total of six files are sent. One file per namespace and instance.
The pattern for a file name is : <InstanceName>-<NamespaceId>-<ReconciliationKey>.xml
- InstanceName: Campaign instance name
- NamespaceId: Identity Service Namespace ID of the namespace used
- Reconciliation key: Encoded reconciliation key
List of resources list-of-resources
When performing a Delete or Access Privacy request, ÃÛ¶¹ÊÓƵ Campaign searches all the Data Subject’s data based on the Reconciliation value in all the resources that have a link to the profiles resource (own type).
Here is the list of out-of-the-box resources that are taken into account when performing Privacy requests:
- Profiles (recipient)
- Profile delivery logs (broadLogRcp)
- Profile tracking logs (trackingLogRcp)
- Delivery logs (Subscriptions to an application) (broadLogAppSubRcp)
- Tracking logs (Subscriptions to an application) (trackingLogAppSubRcp)
- Subscriptions to an application (appSubscriptionRcp)
- Subscription history of profiles (subHistoRcp)
- Profile subscriptions (subscriptionRcp)
- Visitors (visitor)
If you created custom resources that have a link to the profiles resource (own type), they will also be taken into account. For example, if you have a transaction resource linked to the profiles resource and a transaction details resource linked to the transaction resource, they will be both taken into account.
Also refer to this tutorial on how to modify custom resources.
For this to work, you must select the Deleting the target record implies deleting records referenced by the link option in the custom resource:
-
Click the ÃÛ¶¹ÊÓƵ Campaign logo in the top-left corner, then select Administration > Development > Custom resources.
-
Select a custom resource that has a link to the profiles resource (own type).
-
Click the Links section.
-
For each link, click the pencil icon (Edit properties).
-
In the Behavior if deleted/duplicated section, select the Deleting the target record implies deleting records referenced by the link option.
Privacy request statuses privacy-request-statuses
Here are the different statuses for Privacy requests:
- New / Retry pending: in progress, the workflow has not processed the request yet.
- Processing / Retry in progress: the workflow is processing the request.
- Delete pending: the workflow has identified all the recipient data to delete.
- Delete in progress: the workflow is processing the deletion.
- Complete: the processing of the request has finished without an error.
- Error: the workflow has encountered an error. The reason is displayed in the list of Privacy requests in the Request status column. For example, Error data not found means that no recipient data matching the Data Subject’s Reconciliation value has been found in the database.
Opt-out for the Sale of Personal Information (CCPA) sale-of-personal-information-ccpa
The California Consumer Privacy Act (CCPA) provides California residents new rights in regards to their personal information and imposes data protection responsibilities on certain entities whom conduct business in California.
The configuration and usage of Access and Delete requests are common to both GDPR and CCPA. This section presents the opt-out for the sale of personal data, which is specific to CCPA.
In addition to the Consent management tools provided by ÃÛ¶¹ÊÓƵ Campaign, you have the possibility to track whether a consumer has opted-out for the Sale of Personal Information.
When users decide, through your system, that they do not allow their personal information from being sold to a third-party, you will be able to store and track this information.
Prerequisite for custom tables ccpa-prerequisite
The CCPA Opt-Out field is provided out-of-the-box in the Campaign interface and API. By default, the field is available for the standard Profile resource.
If you use a custom profile resource, you must extend the resource and add the field. We recommend that you use a different name than the out-of-the-box field, for example: Opt-Out for CCPA (optoutccpa). When a new field is created, it is automatically supported by the Campaign API.
For more detailed information on how to extend the profile resource, see this section.
-
Go to Administration > Development > Custom Resources. Click the custom profile resource. For more on extending a resource, see this section.
-
Click Add field or Create Element, add the label, ID and choose the Boolean type. For the name, use Opt-Out for CCPA. For the ID, use: optOutCcpa.
-
In the Screen definition tab, under Detail screen configuration, add the field and select Input field. This will make the field available in the profiles list and details. For more on configuring the screen definition, see this section.
-
Go to Administration > Development > Publishing, prepare the publication and publish the modifications. For more on publishing a resource, see this section.
-
Verify that the field is available on a profile’s details. For more on this, see this section.
Usage usage
It is the responsibility of the Data Controller to populate the value of the field and follow the CCPA guidelines and rules concerning data selling.
To populate the values, several methods can be used:
- Using the Campaign’s interface by editing the recipient’s details (see below)
- Using the Campaign Privacy API (see the API documentation)
- Via a data import workflow
You should then ensure that you never sell to any third party the personal information of profiles who have opted-out.
-
In the Campaign’s interface, edit a profile to change the opt-out status.
-
When the value of the field is True, the information is displayed on the profile’s details.
-
You can configure the profiles list to display the op-out column. To learn how to configure lists, see this section.
-
You can click the column to sort recipients according to the opt-out information.