Publishers and brands now have access to a standard developed by The IAB Tech Lab that automates the ability to receive content deletion notices.
The Data Deletion Request Handling specification is code that is added to the existing IAB California Consumer Privacy Act (CCPA) framework and inserted in a website page. It enables the retailer or business to send a request to have data deleted based on a consumer's request.
The free specs give publishers and vendors a standard to follow rather than each company having individual codes or procedures, said Alex Cone, senior director of product management at IAB Tech Lab. “This way it’s one system,” he said. “Many times those systems are manual, using email, rather than automatic.”
Companies use the spec to signal when a user asks to delete their personal information. This could come in the form of explanatory text and a button hosted on a publisher page designed to handle those requests — that’s up to each publisher using the spec.
The technical spec also provides those vendors serving as a publisher’s service provider with a standard way to listen for those requests coming from publisher pages.
The IAB Tech Lab is making the code available to anyone. Membership to the IAB not required. This is the first technical standard of its kind for the digital advertising industry and has the potential for application use beyond CCPA.
The standard, which Cone led, could help to avoid one-off, proprietary builds per partnership and policy, or manual processes to reach out to partners for deletes -- and save the industry real money and reduce room for error.
The standard has been in development for more than three months. The spec builds on the US Privacy API released in late 2019 that is designed to handle opt-outs of the “sale,” as defined in the CCPA of personal information.
“We’re always trying to create something companies can use flexibly,” Cone said. “Whenever you do this it takes time.”