IAB CCPA Framework & Do Not Sell

This article outlines how Osano utilizes the IAB's CCPA Framework.

IAB Framework and "Do Not Sell"

According to the IAB:

"The Framework requires participating publishers that choose to sell the personal information of California consumers in the delivery of digital advertising to provide “explicit” notice regarding their rights under the CCPA, to explain in clear terms what will happen to their data, and to notify the downstream technology companies with which the publishers do business that such disclosures were given.

It also requires publishers to include a “Do Not Sell My Personal Information” link on their digital properties. When a user clicks that link, a signal is sent to the technology companies with which the publishers do business via a technical mechanism that is based upon specifications developed by the IAB Tech Lab."

View the full documentation on the IAB CCPA Compliance Framework

Osano utilizes the IAB framework to signal to downstream advertisers using an API built according to the IAB specification. The framework is a global JavaScript event that is available on the web page. Third-party advertisers look for the callback when determining the level of behavioral tracking and cookies that they will implement. Osano does not dispatch events, we respond to requests for consent and it is on the third parties to request the consent through the IAB API implementation.

When the advertisers load, they also have access to the webpage and cookies and all of the major exchanges and ad networks have “receiver capabilities” built into their ad pixels. Osano transmits to these companies using a common, agreed-upon convention. In this case, the Do Not Sell switch in the Osano Cookie Preferences Drawer. 

Testing the Osano CMP do-not-sell setting is as easy as copying and pasting the following code into the console of your web browser developer tools:

 __uspapi('getUSPData', 1, (uspData, success) => {
if(success) {
console.log('success', uspData);
} else {
console.log('IAB failure', uspData);

The following responses can be seen in your console when testing the above:

  • When no consent is given
    • {uspString: "1Y-Y"}
  • When Do Not Sell is ACTIVE (switch turned ON)
    • {uspString: "1YYY"}
  • When Do Not Sell is INACTIVE (switch turned OFF)
    • {uspString: "1YNY"}