The California Consumer Privacy Act (CCPA) grants California residents new rights related to the sale of personal information and opt-out of it. Under the CCPA, the transfer of user data for purposes of programmatic advertising may be considered the “sale” of personal information, in which case users must be provided with appropriate consent solicitation with an opportunity to opt-out. Because you have a direct relationship with your users, we will rely on you to provide the opt-out opportunity by including a “Do Not Sell My Personal Information” link on your mobile properties. We will also rely on you to notify us with your users’ choice on opt-out. Verve currently supports the IAB proposal for the US Privacy User Signal Mechanism (USP API) for signaling a user’s decision in opt-out via a programmatic ad call. If this is your preferred compliance mechanism you should build support for the USP API and update your integration to ensure the signal is passed down. If you are a Verve publisher and you are utilizing the IAB CCPA Compliance Framework (i.e. USP API), you must make the following updates:
- OpenRTB integrations: add the us privacy field to bid requests that are sent to Verve per the IAB spec
- SDK Integrations: Verve’s iOS and Android SDK v3.8.2 and higher will pick up the US Privacy String from App’s shared storage as set by the Publisher compliant with https://iabtechlab.com/wp-content/uploads/2019/11/U.S.-Privacy-String-v1.0-IAB-Tech-Lab.pdf. Verve’s SDK passes this value along for all Ad calls to Verve Ad Servers. The SDK also offers convenience functions to interface with the shared storage. The consent solicitation and user’s opt-out choice management however, is the Publisher’s responsibility.
- Non-OpenRTB server-to-server integrations: Add the us_privacy parameter to ad requests
For more information or if you have questions, please contact your Verve publisher account manager.