IAB CCPA Compliance Framework For Publishers & Technology Companies

Last updated: February 1, 2024

The CCPA technical specifications have been deprecated as of January 31, 2024.

As data privacy regulation in the US has evolved and more states have signed laws, an updated compliance framework is needed. The Multi-State Privacy Agreement (MSPA), formerly known as the IAB Limited Service Provider Agreement, has been released to help publishers, advertisers, agencies, and ad tech companies meet their compliance obligations with respect to state privacy laws in the US. The MSPA is intended to be used with the US State Signals of the Global Privacy Platform (GPP)

Technical Specifications

To support CCPA compliance for website and app owners and the digital ad tech ecosystem, the IAB Privacy & Compliance Unit, gathering legal, public policy, and tech experts from IAB, IAB Tech Lab, and member companies representing the digital advertising, marketing, and media ecosystem, have developed the IAB CCPA Compliance Framework for Publishers and Technology Companies. As part of the CCPA Compliance Framework, the IAB Tech Lab released the final v1.0 U.S. Privacy Technical Specifications on November 18, 2019. Since the v1.0 release, the IAB Tech Lab added support for data deletion request handling in June 2020 and the spec is now considered v1.1.


The audience for the technical specifications is product and engineering representatives. Teams implementing the tech specs for the IAB CCPA Compliance Framework should also become familiar with the framework policies outlined in the IAB CCPA Compliance Framework for Publishers and Technology Companies.

Access V1.1 Final Technical Specifications

U.S. Privacy Specs and resources can be found here.

There are four technical specifications that are ready for industry adoption:

Note, v1.1 of all IAB Tech Lab U.S. Privacy technical specifications serve only CCPA compliance.

Implementation Support

  • For a quick overview of the technical specifications in the IAB CCPA Compliance Framework, you can reference a summary presentation deck available here.

    For a CCPA reference implementation, please click here.

    For more information on policies of the IAB CCPA Compliance Framework, visit https://www.iab.com/guidelines/ccpa-framework/.

    For more information about the IAB Privacy & Compliance Unit’s work on the California Consumer Privacy Act and U.S. privacy regulations, read here: https://iab.com/ccpa.

Related News