IAB CCPA Framework & Do Not Sell

IAB Framework and "Do Not Sell"

According to the IAB:

"The Framework requires participating publishers that choose to sell the personal information of California consumers in the delivery of digital advertising to provide “explicit” notice regarding their rights under the CCPA, to explain in clear terms what will happen to their data, and to notify the downstream technology companies with which the publishers do business that such disclosures were given.

It also requires publishers to include a “Do Not Sell My Personal Information” link on their digital properties. When a user clicks that link, a signal is sent to the technology companies with which the publishers do business via a technical mechanism that is based upon specifications developed by the IAB Tech Lab."

View the full documentation on the IAB CCPA Compliance Framework


Osano utilizes the IAB framework to signal to downstream advertisers using an API built according to the IAB specification. The framework is a combination of a cookie and a global JavaScript event that are available on the web page. Third-party advertisers look for the cookie and callback when determining the level of behavioral tracking and cookies that they will implement. Osano does not dispatch events, we respond to requests for consent and it is on the third parties to request the consent through the IAB API implementation.

When the advertisers load, they also have access to the webpage and cookies and all of the major exchanges and ad networks have “receiver capabilities” built into their ad pixels. Osano transmits to these companies using a common, agreed-upon convention. It this case, the Do Not Sell switch in the Osano Cookie Preferences Drawer. 

Testing the Osano CMP do-not-sell setting is as easy as copying and pasting the following code into the console of your web browser developer tools:

 __uspapi('getUSPData', 1, (uspData, success) => {
    if(success) {
        console.log('success', uspData);
    } else {
        console.log('error');
    }
});

As well you can look for a cookie named "usprivacy" - the JavaScript event and the cookie both respond with 1YYY if the individual has chosen the "Do Not Sell" toggle in the consent manager drawer. You can then choose to use that cookie and callback to make additional privacy decisions related to that individual.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.