California Consumer Privacy Act (CCPA) | Frequently Asked Questions

California Consumer Privacy Act (CCPA)

Frequently Asked Questions

InMobi is committed to data privacy and complying with all legislative and regulatory requirements that ensure data protection. As the California Consumer Privacy Act (CCPA) goes into effect, we are fully committed to require compliance across every aspect of our business. As a trusted partner of leading brands across the globe, InMobi is dedicated to protecting consumer privacy while generating value for our publisher partners and creating a safe and transparent marketplace for advertisers.

This document will provide you with information on InMobiu2019s compliance with CCPA and include details about our products and its scope of compliance under CCPA regulations among other details. Please note that this document includes terms as defined by CCPA.

Disclaimer: This document is only intended to be a general FAQ and must not be read or treated as legal advice. Please consult your lawyers to determine your position and compliance requirements under CCPA.


1. What is CCPA?

California Consumer Privacy Act (CCPA) is a comprehensive data privacy regulation applicable to the users based in the State of California in the United States. CCPA becomes effective from January 2020 and at a high level imposes transparency with regard to the collection, processing and use of consumeru2019s personal information and provides consumers with certain rights regarding such usage.

2. Do you as a partner to InMobi or its affiliates need to comply with CCPA?

If you are partnering with InMobi or any of its affiliates(s), whereby you are either providing or obtaining personal information of users based in U.S., then, yes, you need to be compliant with requirements under CCPA (u201cPartnersu201d).

  • In the context of CCPA, personal data or personal information includes without limitation online identifiers such as device identifiers, IP address, ad-ids, gpid etc. and any inferences drawn from the same used to create audience profiles.
  • De-identified/Anonymized, aggregated consumer information is not deemed to be personal information under CCPA.
  • Please note that while CCPA is intended to be applicable to users based in California, InMobi requires its partners to implement certain measures for users across the entire U.S.

Please consult your lawyers to determine your position and compliance requirements under CCPA.

3. What happens if the app/network is not compliant with the requirements of CCPA?

Intentional violation of the CCPA can bring civil penalties of up to $7500 for each violation in a lawsuit brought by the California Attorney General on behalf of the people of the State of California.

The maximum fine for other violations is $2500 per violation. Other impacts comprise of claims, action for damages, termination of the engagement, loss of reputation, business and revenue. InMobi may also only elect to run anonymized traffic.

4. What broad measures must you take as a Partner to InMobi in the context of CCPA?

There are certain requirements that have to be fulfilled by Partners to comply with CCPA. Such requirements include (but are not limited to):

  • privacy policy update such that the policy clearly indicates the consumer data sets collected,
  • how such data is used or processed,
  • disclosure regarding further sharing, transferring or u2018sellingu2019 of consumer data to third parties and
  • establish or update practices for addressing consumer rights such as consumeru2019s right to know, access, seek correction or deletion of personal information or elect to opt-out of u2018sale of personal informationu2019 etc.

5. What is the definition of sale under CCPA?

Definition of sale has been broadened in the CCPA.

u201cSell,u201d u201cselling,u201d u201csale,u201d or u201csold,u201d means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumeru2019s personal information by the business to another business or a third party for monetary or other valuable consideration.

6. What is InMobiu2019s position under CCPA?

InMobi has taken the position of u2018Businessu2019 for its supply side engagement(s) on the network/SSP side, data management platform and owned and operated applications. For demand side engagements including InMobi DSP integration, InMobi has taken the position of a u2018Service Provideru2019 where it obtains personal information from its demand partners. InMobi has taken the position of a u2018Service Provideru2019 for its affiliate promotion channel.

7. Does InMobi view the disclosure of personal information in an integration with third-party mediation partners (or SSPs) as u201csaleu201d under the CCPA? Why?

Yes, InMobi considers the exchange of personal information from sources as sale, as InMobi uses personal information for targeting which is beyond just attribution and measurement. If you are a publisher, we would recommend that you check with your mediation partner (referred to as third-party mediation partners/SSPs in this case) for their specific stance under CCPA.

8. How long will user data be stored at InMobi?

There is no change in InMobiu2019s data retention policy as part of this update. Personal information will not be stored for more than 13 months.

9. How does InMobi plan on receiving consumer opt-outs, data access or deletion requests from supply partners?

InMobi, as a part of phase 1 implementation, will receive opt-out information from publishers via manual but secure means (password protected data rooms, data dumps, emails (with locked folders) etc) and act upon the request. Further, as a part of phase 2 implementation, InMobi will integrate with the IAB CCPA framework for data transfers.

InMobi will follow the same approach to send this information to our downstream partners.

10. Should the in-app advertising partners obtain prior consent from users under CCPA guidelines?

There is no requirement of obtaining prior consent in the CCPA. CCPA imposes a default opt-in but has defined clear notice and mechanism for users to exercise their rights such as the right to access, the right to opt-out of services, the right to opt-out of sale, the right to delete.

11. Do you have plans to join the IABu2019s CCPA framework?

Yes, we will be integrating with the IAB framework for data transfers soon.

12. Where do I find InMobiu2019s updated Terms of Service that incorporates CCPA clauses?

Terms of Service

13. Where can I learn more about how and for what purposes InMobi is using user data for?

Privacy Policy

14. What are the differences between CCPA and GDPR?

While the objective of both legislations is to give users the control over how his or her personal data is processed, both have their own approach to achieve this. Following are the key differences:

Domain

GDPR

CCPA

Definition of u201cPersonal Datau201d

Any information relating to an identified or identifiable person.

Ex. Device ID, Advertising ID, Location information etc.

Information that u201cidentifies, relates to, describes, is capable of being associated with a particular consumer or householdu201d u2013 potentially broader than GDPR definition

Ex. Device ID, Advertising ID, Location, IP Address, lat-long, etc.

Consent

Consent has to be sought before collection of personal data

Default opt-in

Data Protection Officer

Yes

No

Childrenu2019s Data

Parental consent required for children under 16; EU member states may lower the age to 13

Businesses cannot sell the data of consumers under 16 unless the consumer has opted into the sale if the child is 13-16 or the parent has opted-in if the child is under 13

Fines

Up to 4% of global revenue or 20 million euros

Private actions: $100-$750 per consumer per incident

Attorney General actions: up to $7,500 per violation

Data Breach Notification

Yes

No

If you have any questions, please contact ccpa@inmobi.com