Prepping for CDPA Targeted Advertising: Transcend's Focused Approach

March 4, 20212 min read

Share this article

We believe that privacy choices are a good thing and represent an opportunity for businesses to lead on privacy and build trust with their users. We applaud the global push for broader controls for users. As your provider of data privacy infrastructure, our job is to make it simple for you to offer any privacy choice to your users.

On that front, Virginia has now joined California in passing a modern consumer privacy act, the Consumer Data Protection Act (CDPA), which will come into effect on January 1st, 2023.

You can read more about the components of the new law from the IAPP here, but we wanted to spotlight how we’re preparing for the CDPA’s new Opt Out of Targeted Advertising requirement.

On a technical level, targeted advertising occurs through third parties such as Google and Facebook, meaning we’ll be waiting on specifications from them for how they plan to programmatically receive the signal to suppress targeted advertising toward a particular user.

As the data controller, you will have a new requirement to propagate your Opt Out of Targeted Advertising requests downstream to these third parties, encoding the User ID of the opted out user onto these third parties’ suppression lists for targeted advertising. This is something that Transcend has accommodated in the past with Opt Out of Communications, Do Not Sell My Personal Information, and more.

Over the next year, we’ll be working with these third parties to make this new opt out flow an out-of-the-box feature for Transcend customers, so that when the time comes for you to enable this choice for Virginians, there’ll be a simple “On” button available to you in the Admin Dashboard.

Please don’t hesitate to reach out to the Transcend team in the interim with any questions.


How does Transcend keep my company ahead of incoming laws like CPDA, wherever they might arise? Our platform is architected to be regulation agnostic, and is built on an arbitrary governance layer across the SaaS and internal systems we integrate with, that allows us to operate on data wherever it sits, and whatever operation is required on it—be it read, write, redact, update, allow or block data flows, etc.

With this framework in place, we can then respond to the unique requirements of any incoming legislation via new workflows on top, whatever the rights that are codified into new state or federal laws.


Share this article