The California Consumer Privacy Act (CCPA) requires that users are given the option to opt out of having their personal data processed. Publishers can use a consent management provider (CMP) or a proprietary solution to collect and store site visitor’s consent.
How Index Exchange supports CCPA
The Interactive Advertising Bureau’s CCPA compliance framework
Index supports the IAB Interactive Advertising Bureau (IAB). An advertising business organization that develops industry standards, conducts research, and provides legal support for the online advertising industry.'s CCPA compliance framework in the following ways.
OpenRTB API for DSPs
Index will now pass the us_privacy field in the regs object of the bid request An OpenRTB request that is sent from a supply-side platform (SSP) or ad exchange to the DSP requesting a bid response for potential impressions. A bid request contains information about the impression that allows the DSP to decide whether to bid on the impression., in accordance with version 1.0 of the IAB's CCPA Compliance Framework. The us_privacy field specifies the following:
- Whether the U.S. privacy regulations apply to the consumer.
- Whether the explicit legal notice has been established with the consumer.
- Whether the consumer has chosen to opt-out of the sale of their personal data.
- Whether the transaction is covered by the Limited Service Provider Agreement.
For more information about us_privacy, see the Regulations Extension object inList of supported OpenRTB bid request fields for DSPs .
Prebid
The Index Prebid adapter is now able to consume the us_privacy string for both display and video requests. Publishers may need to update the version of Prebid that they're using to get CCPA support in the Index Prebid adapter:
- Publishers using version 3.x must update their Prebid code to version 3.3.1 or later.
- Publishers using version 2.x must update their Prebid code to version 2.44.2 or later.
The Digital Advertising Alliance (DAA) opt-out tool
Index is a participant of the DAA’s CCPA opt-out tool via their WebChoice platform, which allows a web user to opt-out once across all websites. The platform allows our exchange to detect a CCPA opt-out signal each time we participate in an ad opportunity.
How Index reacts in opt-out cases
When Index determines that an ad request is for a user who has not provided consent, we anonymize certain user information in the bid request sent to our DSPs in the following ways:
ip(in the device object): The last octet (IPv4) or two last bytes (IPv6) of the user’s IP address are replaced with a zero(s).latandlon(in the geo object): Latitude and longitude coordinates are reduced to two decimals which translates to accuracy no less than one third of a mile.- All unique IDs from the bid request in the device and user objects that indirectly identify a user are removed.
deals(in the pmp Private Marketplace (PMP). An invitation-only real-time bidding auctions where one or several publishers invite a select number of advertisers to buy their inventory. object): Audience segment targeted deal A private auction that allows publishers to offer specific inventory directly to selected buyers identified by a deal ID. Terms are negotiated and are agreed upon before the auction occurs. IDs are no longer added to the bid request.
For more information about the above bid request fields, see the object descriptions in List of supported OpenRTB bid request fields for DSPs.
