市場應用
🇺🇸
North America
United States
CCPA / CPRA + a fast-growing patchwork of state privacy laws
Regulator: Federal Trade Commission (FTC) + state attorneys general (CA, VA, CO, CT, UT, TX, MT, OR, etc.)
此市場的獨特之處
- Per-state privacy law fragmentation makes single-policy approach impossible — must layer
- High AOV verticals (SaaS, finance, insurance, B2B) carry largest measurement-gap dollar cost in the world
- CCPA private right of action + class-action environment means measurement-pipeline failures are existential
- Health, finance, ed-tech sectors face overlapping HIPAA/GLBA/FERPA on top of state privacy law
TopAdsROI 如何契合
- Data plane in us-central1 (Iowa) or us-east1 (S. Carolina) — US residency by default
- CCPA/CPRA + multi-state DSAR pipeline pre-built; opt-out propagation + UOOM signal honoring native
- GPC (Global Privacy Control) header detection wired into the consent banner
- Audit-grade event log (365-day forensic retention) covers FTC investigation requirements
隨產品交付的法規對齊範本
California Consumer Privacy Act + California Privacy Rights Act
Cal. Civ. Code §1798.100 et seq. + CPPA regulations
- Right to know, delete, correct, opt-out of sale/share, limit use of sensitive PI
- Mandatory "Do Not Sell or Share My Personal Information" link + Global Privacy Control honoring
- Cure period eliminated for minors' data; penalties up to USD 7,500 per intentional violation
- Audit + risk assessment obligations rolling in via CPPA regulations 2026
State privacy law patchwork (16+ states by 2026)
VCDPA (VA) · CPA (CO) · CTDPA (CT) · UCPA (UT) · TDPSA (TX) · OCPA (OR) · DPDPA (DE) · NHPA (NH) · NJDPA (NJ) · MCDPA (MN) · MTCDPA (MT) · others
- Common pattern: notice + opt-out (sale/targeted ads/profiling) + DSAR + DPIA
- Sensitive data tier (race, religion, health, precise geolocation, biometric) requires opt-IN in most
- Universal Opt-Out Mechanism (UOOM) recognition spreading — must honor browser-level signals
- Private right of action growing (CA + new states); class-action exposure non-trivial
Children's Online Privacy Protection Act
15 U.S.C. §6501 et seq. + 16 CFR Part 312
- Verifiable parental consent required for under-13 data collection
- 2025 amendments: tighter retention limits + ed-tech "school-authorized" defined
- FTC enforcement aggressive — settlements regularly exceed USD 10 million
FTC Section 5 + state UDAP statutes
15 U.S.C. §45 + state-level Unfair and Deceptive Acts and Practices
- Privacy promises in policies + consent UIs are legally enforceable claims
- Ad-tracking misrepresentation has produced 7-figure FTC orders (Drizly, Avast, Kochava)
- TCPA (47 U.S.C. §227) governs SMS / autodialed marketing — opt-in mandatory
此市場可用的廣告平台能力
Meta CAPI TikTok Events API Google Ads CAPI LinkedIn Conversions API