IAB CCPA US Privacy String
Overview
The California Consumer Privacy Act (CCPA) was enacted to provide California consumers with greater transparency and control over their personal information.
Initially prompted by regulation in the California Consumer Privacy Act (CCPA), the IAB's US Privacy String were created to support compliance with the CCPA. For more information, consider reviewing the following IAB CCPA's resources:
What This Article Covers
- How to implement the Latest solution (SDK versions 6.12.0+)
- How to migrate from the Legacy solution to the Latest solution
- How to implement the Legacy solution (SDK versions -6.12.0)
Implement the US Privacy String (Latest)
Available for OneTrust SDK versions 6.12.0+
Prerequisites
In order to setup US Privacy String on your app, you will first need to follow the set up guidance for Configuring the CCPA US Privacy String in your OneTrust tenant.
How It Works
With this latest implementation, there is no SDK code for the app to call to initialize or set the IAB US Privacy String. The SDK handles it automatically based on the configuration in the OneTrust tenant.
Access the US Privacy String
Per IAB Standards, the US Privacy String is saved to SharedPreferences under the IABUSPrivacy_String
key.
Context mContext = getApplicationContext();
SharedPreferences mPreferences = PreferenceManager.getDefaultSharedPreferences(mContext);
String ccpaString = mPreferences.getString("IABUSPrivacy_String", "");
How to Migrate from Legacy to Latest Version
Prerequisites
In order to setup US Privacy String on your app, you will first need to follow the set up guidance for Configuring the CCPA US Privacy String in your OneTrust tenant.
Note: Make sure to publish your changes for them to take effect.
Configuring the Codebase
- Remove all Legacy method calls from your codebase. These are no longer needed because the OneTrust SDK handles all this logic on your behalf.
initializeCCPA()
optIntoSaleOfData()
optOutOfSaleOfData()
- Download the latest SDK data using
startSDK()
- Test your app for quality to ensure proper functionality.
Implement the US Privacy String (Legacy)
- Create a CCPA Template in the OneTrust Admin Console
- By default, a
Sale of Personal Data
category will be created as a "Parent" category and other categories will be nested underneath as children.
- By default, a
- In the CCPA template, disable the AllowHostOptOut option
- Assign that Template to a Geolocation Rule
- Most users select California for their Geolocation Rule locale, however there is no restriction to selecting additional US States or Countries to apply this template to as well.
- Assign the Geolocation Rule Group to a Mobile App
- Publish the Mobile App
Initialize the US Privacy String (Legacy)
After you have called startSDK()
, you will make a call to initializeCCPA()
for the first time.
`new OTPublishersHeadlessSDK(MainActivity.this).initializeCCPA(new String[]{"9005", "C0004" }, OTCCPAGeolocationConstants.ALL, false, false);`
Param | Type | Description |
---|---|---|
groupIDs | [string] | An arrray of child category Ids nested under the Sale of Personal Data toggle. |
ccpaGeolocation | string | The geolocation for which IABUSPrivacy_String should be updated. Permissible values include: CCPAGeolocationConstants.ALL (all regions), CCPAGeolocationConstants.US (USA only), CCPAGeolocationConstants.CA (California only) |
explicitNotice | boolean | Boolean value to be passed when explicit notice been provided as required of the CCPA and the opportunity to opt out of the sale of their data. |
LSPACT | boolean | Boolean value to be passed when the Publisher is a signatory to the IAB Limited Service Provider Agreement (LSPA) and the publisher declares that the transaction is covered as a “Covered Opt Out Transaction” or a “Non Opt Out Transaction” as those terms are defined in the Agreement. |
Please note that if your application is configured with a single geolocation rule, OneTrust will save and update the IAB CCPA values for every location, regardless of the value provided for geolocation. This is because the OneTrust SDK does not make a geolocation API call when only one geolocation rule exists and we will be unable to determine which location to apply the IAB CCPA updates to.
When a User Withdraws Consent
Calling this method will:
- Update the US Privacy String to indicate the user has opted-out of the sale of personal information
- Broadcast the change to your app to alert 3rd party vendors of the change
`new OTPublishersHeadlessSDK(context).optOutOfSaleOfData();`
When a User Gives Consent
Calling this method will:
- Update the US Privacy String to indicate the user has opted-in to the sale of personal information
- Broadcast the change to your app to alert 3rd party vendors of the change
`new OTPublishersHeadlessSDK(context).optIntoSaleOfData();`
Access the US Privacy String
Per IAB Standards, the US Privacy String is saved to UserDefaults under the IABUSPrivacy_String
key.
Option 1
Context mContext = getApplicationContext();
SharedPreferences mPreferences = PreferenceManager.getDefaultSharedPreferences(mContext);
String ccpaString = mPreferences.getString("IABUSPrivacy_String", "");
Option 2
// You can also use OneTrust's OTIABCCPAKeys constant to access this value:
String ccpaString = mPreferences.getString(OTIABCCPAKeys.OT_IAB_US_PRIVACY_STRING, "");
Access the US Privacy String
Per IAB Standards, the US Privacy String is saved to UserDefaults under the IABUSPrivacy_String
key.
Context mContext = getApplicationContext();
SharedPreferences mPreferences = PreferenceManager.getDefaultSharedPreferences(mContext);
String ccpaString = mPreferences.getString("IABUSPrivacy_String", "");
How to Migrate from Legacy to Latest Version
Prerequisites
In order to setup US Privacy String on your app, you will first need to follow the set up guidance for Configuring the CCPA US Privacy String in your OneTrust tenant.
Note: Make sure to publish your changes for them to take effect.
Configuring the Codebase
- Remove all Legacy method calls from your codebase. These are no longer needed because the OneTrust SDK handles all this logic on your behalf.
initializeCCPA()
optIntoSaleOfData()
optOutOfSaleOfData()
- Download the latest SDK data using
startSDK()
- Test your app for quality to ensure proper functionality.
Implement the US Privacy String (Legacy)
- Create a CCPA Template in the OneTrust Admin Console
- By default, a
Sale of Personal Data
category will be created as a "Parent" category and other categories will be nested underneath as children.
- By default, a
- In the CCPA template, disable the AllowHostOptOut option
- Assign that Template to a Geolocation Rule
- Most users select California for their Geolocation Rule locale, however there is no restriction to selecting additional US States or Countries to apply this template to as well.
- Assign the Geolocation Rule Group to a Mobile App
- Publish the Mobile App
Initialize the US Privacy String (Legacy)
After you have called startSDK()
, you will make a call to initializeCCPA()
for the first time.
`new OTPublishersHeadlessSDK(MainActivity.this).initializeCCPA(new String[]{"9005", "C0004" }, OTCCPAGeolocationConstants.ALL, false, false);`
Param | Type | Description |
---|---|---|
groupIDs | [string] | An arrray of child category Ids nested under the Sale of Personal Data toggle. |
ccpaGeolocation | string | The geolocation for which IABUSPrivacy_String should be updated. Permissible values include: CCPAGeolocationConstants.ALL (all regions), CCPAGeolocationConstants.US (USA only), CCPAGeolocationConstants.CA (California only) |
explicitNotice | boolean | Boolean value to be passed when explicit notice been provided as required of the CCPA and the opportunity to opt out of the sale of their data. |
LSPACT | boolean | Boolean value to be passed when the Publisher is a signatory to the IAB Limited Service Provider Agreement (LSPA) and the publisher declares that the transaction is covered as a “Covered Opt Out Transaction” or a “Non Opt Out Transaction” as those terms are defined in the Agreement. |
Please note that if your application is configured with a single geolocation rule, OneTrust will save and update the IAB CCPA values for every location, regardless of the value provided for geolocation. This is because the OneTrust SDK does not make a geolocation API call when only one geolocation rule exists and we will be unable to determine which location to apply the IAB CCPA updates to.
When a User Withdraws Consent
Calling this method will:
- Update the US Privacy String to indicate the user has opted-out of the sale of personal information
- Broadcast the change to your app to alert 3rd party vendors of the change
`new OTPublishersHeadlessSDK(context).optOutOfSaleOfData();`
When a User Gives Consent
Calling this method will:
- Update the US Privacy String to indicate the user has opted-in to the sale of personal information
- Broadcast the change to your app to alert 3rd party vendors of the change
`new OTPublishersHeadlessSDK(context).optIntoSaleOfData();`
Access the US Privacy String
Per IAB Standards, the US Privacy String is saved to UserDefaults under the IABUSPrivacy_String
key.
Option 1
Context mContext = getApplicationContext();
SharedPreferences mPreferences = PreferenceManager.getDefaultSharedPreferences(mContext);
String ccpaString = mPreferences.getString("IABUSPrivacy_String", "");
Option 2
// You can also use OneTrust's OTIABCCPAKeys constant to access this value:
String ccpaString = mPreferences.getString(OTIABCCPAKeys.OT_IAB_US_PRIVACY_STRING, "");
Updated 9 months ago