The IAB has released version 1.0 of the IAB CCPA Compliance Framework for publishers and technology companies involved in the programmatic ecosystem. This follows the recent publication of version 1.0 of the Framework’s technical specifications last month.

The IAB CCPA Compliance Framework seeks to be comprehensive though not a substitute for individual company due diligence or legal advice. Similar to the group’s GDPR Compliance Framework, the initiative is the result of a months-long process involving input from multiple stakeholders, lawyers and other experts. It’s “intended to be used by those publishers who ‘sell’ personal information and those technology companies that they sell it to.”

The Agreement. There are two component elements to the IAB Compliance Framework:

  • Technical specifications (previously released)
  • A “Limited Service Provider Agreement” (.pdf) that binds supply chain partners to conduct that fulfills CCPA’s rules and requirements.

Any company “that engages in (e.g., submits bid requests/responses) or supports (e.g., measurement and fraud, analytics, and reporting) an RTB or Direct Transaction in the digital advertising industry is eligible to become a Signatory [to the Limited Service Provider Agreement]. Membership in IAB is not a predicate to participation or Signatory status.”

Providing compliance confidence. In a blog post, Michael Hahn SVP and General Counsel of IAB, said, “We believe that the Framework and Agreement [support CCPA compliance] by providing ad tech companies with assurances that participating publishers provide California consumers with explicit notice and the opportunity to opt-out of the sale of their personal information. Participating publishers will also have assurances that ad tech companies and vendors use personal information pursuant to limited CCPA permitted ‘business purposes’ when California consumers exercise the right to opt-out of the sale of their personal information.”

All companies covered by CCPA must “[p]rovide a clear and conspicuous link on the business’s Internet homepage, titled ‘Do Not Sell My Personal Information,’ to an Internet Web page that enables a consumer, or a person authorized by the consumer, to opt-out of the sale of the consumer’s personal information.”

Sending opt-out signals downstream. If a user opts-out – and there are early indications opt-out rates will be high – publishers must send a signal to downstream technology companies of that opt-out request. The IAB Agreement “will [then] require the sale of personal information to cease in such instance [and] cause downstream technology companies to become service providers of the publisher.” That designation imposes specific rules on data usage, unless otherwise permitted by CCPA.

There are also a growing number of third party software solutions in the market that seek to help publishers comply and are compatible with the IAB Framework.

Why we should care. The IAB says there are “two significant benefits” from use of the Framework: 1) “It creates a simple and efficient vehicle from which to create service provider relationships in the data supply chain without the need of having to enter into hundreds of separate contracts” and 2) “It provides participants with the opportunity to demonstrate accountability.”

The IAB’s Hahn added that the IAB Framework “represents a tremendous opportunity for the digital advertising industry to demonstrate that it recognizes the importance of privacy and data protection, and the clear message it is receiving from the market and consumers in particular.” However, the industry really has no choice.

More about CCPA and consumer privacy regulation

About The Author

Greg Sterling is a Contributing Editor at Search Engine Land. He writes about the connections between digital and offline commerce. He previously held leadership roles at LSA, The Kelsey Group and TechTV. Follow him Twitter or find him on LinkedIn.


iPhone Screenshots

craigslist – The original online classifieds. Established 1995.

Find jobs. Hire employees. Post your resume. Offer your skills/services.

Buy & sell cars, trucks, boats, RVs, motorcycles, trailers, auto parts.

Offer your services, locate contractors, find short term gigs and odd jobs.

Buy & sell furniture, household items, electronics, computers, clothing, bikes, art, any and all kinds of used items.

Activity partners, artists & musicians, pets for rehoming, local events.

Save your favorite postings for later, save searches, set search alerts.

Post, edit, renew your own ads.

Ratings and Reviews

Nice and Clean

Interface is smooth, not clunky. Liking the ability to Swipe left on the title in order to favorite or hide a listing. Images are sharp and overall usability is pretty straight forward. Quite frankly, it’s a simplistic style that many of us have been waiting on and expected from Craigslist (which is already known for its usability by even the most novice of users). No longer do we have to use 3rd party apps that we’re trying to do what we knew CL could do themselves. Good job!

Worth the wait?!

Free stuff to a house in how many trades?

Clearly, this app has been a long time coming…about 7 years longer than most of us wanted, I expect.

After only a little use, this app looks very polished. Clearly Craigslist worked hard on getting this right. The fonts are big and clear. The interface is responsive and seems to have all the functionality I want – not just search, but also favorites (saved postings), posting creation and Craigslist account access. I’m also pleased to see a feedback form right up front, as well, which hopefully means they are looking to be responsive to improvement ideas and reported problems.

Way to go, Craigslist! Well done!

Too Little, Too Late

This app does nothing to solve ongoing problems in using Its online classifieds: no identity verification. No escrow. No proof required you own the place you’re listing the ad for. No action from an employee if you can prove a rental listing is a scam.

Craigslist has held back online classifieds back using its market position for too long. Releasing this app, in late 2019 shows how desperate it is as it’s market position is eroded by FB marketplace, and a litany of other apps that actually care about user experience.

Hope Craig enjoyed his run because it is just about over and this app won’t do much to change that.


craigslist, inc.

23.9 MB


Requires iOS 9.0 or later. Compatible with iPhone, iPad, and iPod touch.

Age Rating

Infrequent/Mild Sexual Content and Nudity

Infrequent/Mild Alcohol, Tobacco, or Drug Use or References

Infrequent/Mild Profanity or Crude Humor

Infrequent/Mild Mature/Suggestive Themes

© craigslist



  • Family Sharing

    With Family Sharing set up, up to six family members can use this app.


Facebook is bringing more machine learning-driven capabilities to its ads platform to improve personalization, the company announced this week.

Dynamic formats and ad creative for Dynamic Ads. Advertisers will now be able to automatically serve different ad formats to audiences based on the machine learning model’s prediction of a user’s format preference. Campaign managers can access this capability from the Facebook Dynamic Ad unit when creating ads for the catalog sales, traffic and conversions objectives in Ads Manager or the API.

“The dynamic formats and ad creative solution aims to meet people where they are in the customer journey by delivering a personalized version of the ad to everyone who sees it,” Facebook said.

Multiple text optimization in single-media ads. As we reported last month, Facebook has also rolled out a responsive ad feature that allows advertisers to input multiple text options for the primary text, headline and description fields when building single-media ads for traffic, app installs, and conversions objectives. Facebook said it uses this data to optimize for delivery and performance using variations of the text options provided, based on individual preferences identified by its machine learning models.

Auto-translated languages for single-media ads. In Ads Manager, advertisers can now add different languages to be auto-translated for international audiences. By automatically producing translations for key languages, this feature can help speed up the campaign setup process while still giving advertisers control over the review process.

Why we should care. For smaller organizations, creating highly personalized content can be challenging if time and resources are limited. By leveraging machine learning to dynamically select ad formats, creative, and text on the ad impression-level, advertisers can more efficiently deliver campaigns that reach the right audience, at the right time, with less effort.

More on the news. Facebook machine learning blends data from its platform with target audience insights in order to predict which people might be most receptive to a brand’s message. As people take different actions on and off Facebook, the company explained, intent signals are created to help achieve a more one-to-one experience for consumers served with both organic and paid content. Facebook said it’s committed to its investment in prediction models that can help build stronger business outcomes and better digital experiences for customers.

In a test of 12 e-commerce and retail advertisers, Facebook reported that dynamic formats and dynamic ad creative outperformed carousel-only ads in driving lift across content views, add-to-cart, purchases, and sales. Facebook said the showed an average of 34% improvement in incremental ROAS, 10% improvement in lift and 6% lower cost per incremental purchase, compared to carousel-only ads.

About The Author

Taylor Peterson is Third Door Media’s Deputy Editor, managing industry-leading coverage that informs and inspires marketers. Based in New York, Taylor brings marketing expertise grounded in creative production and agency advertising for global brands. Taylor’s editorial focus blends digital marketing and creative strategy with topics like campaign management, emerging formats, and display advertising.


After having strongly criticized CCPA, The IAB has released a CCPA Compliance Framework for publishers and martech companies. The document, similar to the trade group’s GDPR compliance framework, has received input from multiple stakeholders, lawyers and other experts. It’s “intended to be used by those publishers who ‘sell’ personal information and those technology companies that they sell it to.”

Framework elements. There are two primary parts to the Framework:

  • A master contract that binds supply chain partners to specific behaviors that meet the law’s provisions.
  • A set of technical specifications that guide companies on how to implement the contract mechanically in their operations.

As a practical matter, the document provides guidance for publishers and technology companies participating in behavioral targeting and the programmatic ecosystem. CCPA doesn’t apply to all businesses handling data; there are a number of exceptions. Beyond this, there are some terms in the statute that are the focus of considerable scrutiny and strategizing. Chief among them is the word “sell,” as in “do not sell my information” — one of the core consumer protection features of CCPA.

Parsing the meaning of “sale.” The IAB document says, “This Framework is intended . . . to support those industry participants who choose to ‘sell’ and receive personal information in RTB transactions.” It further explains, “We recognize that participants in the digital advertising industry have different perspectives concerning the scope of the definition of ‘sale.’ For example, certain industry participants believe they can transfer certain personal information of Consumers to those who are not ‘service providers’ (as defined by CCPA) and not have that constitute a ‘sale.’”

As suggested above, some lawyers have seized upon the term “sell” to “shelter” from CCPA compliance. However, the statute itself defines “sale” and “sell” expansively:

“Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.

The term “valuable consideration” is also subject to potential interpretation, but could (and likely does) include any exchange of value, not just monetary payments — hence the “or other” language. The meaning and resolution of these “ambiguities” will probably be clarified by the California Attorney General or, ultimately, by a court.

Do not sell. All companies governed by CCPA must “[p]rovide a clear and conspicuous link on the business’s Internet homepage, titled ‘Do Not Sell My Personal Information,’ to an Internet Web page that enables a consumer, or a person authorized by the consumer, to opt-out of the sale of the consumer’s personal information.” Depending on how this is implemented and how many consumers choose to opt-out, “do not sell” could be disruptive to publisher ad revenues and data companies.

To that end, the Framework also offers publishers consumer-facing sample language for use on their websites:

We/Publisher/Advertiser/and our advertising partners collect personal information (such as the cookies stored on your browser, the advertising identifier on your mobile device, or the IP address of your device) when you visit our site (or use our app). We, and our partners, use this information to tailor and deliver ads to you on our site (or app), or to help tailor ads to you when you visit others’ sites (or use others’ apps). To tailor ads that may be more relevant to you, we and/or our partners may share the information we collect with third parties. To learn more about the information we collect and use for advertising purposes, please see our [link]Privacy Policy.

If you’re trying to keep people from opting out, there are probably more effective ways to suggest that consumers who do may get less relevant or interesting ads. But that’s a different discussion.

Those who wish to comment on the Framework should send their remarks to privacy@iab.com by November 5, 2019.

Why we should care. While we still don’t know how big an impact CCPA will have — GDPR has not had the radical effect on the market (so far) that many were predicting — all parties potentially subject to CCPA should take a close look at the IAB Compliance Framework. However, as the IAB itself points, out the documents are not a substitute for legal advice. Nor does adoption of the contractual provisions of the Framework ensure that companies will be deemed compliant by regulators in California. It’s likely the IAB’s Framework will be adopted by most affected companies in the runup to January and June 2020, when enforcement actually begins.

About The Author

Greg Sterling is a Contributing Editor at Search Engine Land. He writes about the connections between digital and offline commerce. He previously held leadership roles at LSA, The Kelsey Group and TechTV. Follow him Twitter or find him on LinkedIn.