Following the enforcement of CCPA that began on July 1, Facebook has rolled out a new feature called Limited Data Use (LDU) that clarifies the role they wish to play in this new regulatory environment. LDU is a Facebook tool that will make it easier for businesses to apply restrictions with respect to CCPA. The tool is meant to specify when Facebook should process data in accordance with its role as a service provider but is not synonymous with users opting out of data being shared.
KEY COMPONENTS OF LIMITED DATA USE
- It Puts Advertisers In Control: LDU gives advertisers a mechanism to request that Facebook act as a Service Provider for California residents.
- It Defines Facebook’s Service Provider Role: LDU defines the legal framework for the services Facebook provides as a Service Provider for custom audiences and event products at a state-level.
- It Lays Out Advertiser Responsibilities: LDU introduces requirements that advertisers must follow when they request that Facebook act as a Service Provider.
Facebook has long been investing in a wide range of ad transparency products, including “Off-Facebook Activity” and "Why Am I Seeing This Ad?” Both of these features give users more visibility into the source of data being sent to Facebook — data often sent by advertisers. The platform also released optimization products that rely on fewer signals directly provided by advertisers, such as audience liquidity and value-based audiences. Advertisers have had to account for these changes in both their data governance and media departments. Limited Data Use falls into a similar category.
The new feature is simple on the surface but alters the data dynamics in complex ways. Fundamentally, it gives advertisers the ability to control when Facebook will act as a Service Provider with respect to California data. Put another way, it requires advertisers to request when Facebook should act as a Service Provider. In the new environment, Facebook will act as a Service Provider for California data that is sent with the Limited Data Use flag.
WHAT DOES THIS MEAN FOR ADVERTISERS?
- CCPA Compliance: Facebook acting as a Service Provider answers a key regulatory question in the ecosystem, but the Limited Data Use feature means that advertisers must explicitly request Facebook act in that capacity.
- Measurement: Reporting and Analytics are explicitly supported under the Service Provider role, though it remains to be seen what the true impact will be on attribution.
- Targeting: People-based targeting that uses off-Facebook data signals could be impacted in a different magnitude, given the regulatory scrutiny that is likely looming. Facebook has suggested that events sent by products like Server-Side Events and Offline Conversions will not be available for targeting. Therefore, for some period of time, the role of Off-Facebook Activity targeting may diminish — e.g., Website Custom Audiences — to the benefit of tactics like audience liquidity, value-based targeting, and CRM segmentation. Merchants may also reconsider investments in Facebook’s commerce tools, like Instagram Shopping, as events within the walled garden should be unaffected.
- Optimization: Optimization towards off-Facebook events, such as website purchases and leads, may see performance changes as Facebook modifies how they use these signals. Clearly the impact will vary depending on their use of Server Side Event, Offline Events, and other business tools; how advertisers choose to implement Limited Data Use; and broader market conditions like the advertiser boycotts.
- Geolocation: Facebook will geolocate on the advertiser's behalf, but with a key limitation. Initially, Facebook will require an IP address to geolocate. Neither Offline Conversions nor Server-Side Events always have an IP address; Pixel events should. So, advertisers that want Facebook to act as a service provider must geolocate before transfer or choose a global application of Limited Data Use (either on or off) for certain products.
- Implementation: Occasionally advertisers will fall outside the scope of CCPA (non-profits, for example). Others have consent management tools that can help set event-level Limited Data Use, while some would prefer to globally apply LDU for all California residents.
Facebook's Limited Data Use feature further solidifies the platform’s identification as a Service Provider under CCPA, and mirrors other Service Provider frameworks such as Google's Restricted Data Processing. The policy also may move more commerce into Facebook’s walled garden.
In addition, the policy puts additional responsibility on the advertiser to participate in this framework. Whether it will withstand regulatory scrutiny is to be seen, but Facebook's defense will undoubtedly be stronger because of Limited Data Use.
Advertisers must have a tool set that supports segmentation, analytics, compliance, and onboarding — not just reliance on platform-provided products. To access a decision tree which goes deeper into each of the areas of Limited Data use, please download our POV below and get in touch to discuss.