This article details the implementation steps for Privacy Management in Campaign Standard.

For a general presentation on Privacy Management, refer to this page.

The configuration and usage of Access and Delete requests are common to GDPR, CCPA, PDPA, and LGPD. For more on these regulations, see this section. Turorials on Privacy management are also available here.

The opt-out for the Sale of Personal Information, which is specific to CCPA, is explained in this section.

注意:

Starting 19.4, the use of the Campaign API and interface for Access and Delete requests is deprecated. For all Access and Delete requests, you need to use the Privacy Core Service integration method. See this section.

Implementation steps for Adobe Campaign Classic are detailed on this page.

About Privacy Requests

In order to help you facilitate your Privacy readiness, Adobe Campaign now allows you to handle Access and Delete requests.

  • The Right to Access is the right for a Data Subject to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. The Data Controller shall provide a copy of the personal data, free of charge, in an electronic format.
  • The Right to be Forgotten (Delete request, also known as Data Erasure) entitles the Data Subject to have the Data Controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

注意:

For more on personal data and on the different entities that manage data (Data Controller, Data Processor and Data Subject), see Personal data and Personas.

Let's see how you can create Access and Delete requests and how Adobe Campaign processes them.

Principles

Adobe Campaign offers Data Controllers three possibilities for performing Privacy Access and Delete requests:

  • Via the Privacy Core Service integration: Privacy requests pushed from the Privacy Core Service to all Experience Cloud solutions are automatically handled by Campaign via a dedicated workflow.
  • Via the Adobe Campaign interface: for each Privacy request, the Data Controller creates a new privacy request in Adobe Campaign.
  • Via the API: Adobe Campaign provides an API that allows the automatic process of Privacy requests using REST.

注意:


The Privacy Core Service integration is the method you should use for all Access and Delete requests. See this section.

Starting 19.4, the use of the Campaign API and interface for Access and Delete requests is deprecated. Use the Core Privacy Service for any GDPR, CCPA, PDPA, or LGPD Access and Delete requests.

Prerequisites

Adobe Campaign offers Data Controllers tools to create and process Privacy requests for data stored in Adobe Campaign. However, it is the Data Controller's responsibility to handle the relationship with the Data Subject (email, customer care or a web portal).

It is therefore your responsibility as a Data Controller to confirm the identity of the Data Subject making the request and to confirm that the data returned to the requester is about the Data Subject.

Managing Privacy Requests

Namespaces

Before creating Privacy requests, you need to define the namespace you will use. The namespace is the key that will be used to identify the Data Subject in the Adobe Campaign database. Out-of-the-box, two namespaces are available: email and mobile phone. If you need a different namespace (a profile custom field, for example), follow these steps.

Also refer to this tutorial on how to create a namespace.

注意:

If you use several namespaces, you will need to create one Privacy request per namespace.

  1. Click the Adobe Campaign logo in the top left corner, then select Administration > Namespaces.

    GDPR Namespace
  2. In the list of namespaces, click Create.

    GDPR Namespace 2
  3. Enter a Label.

    GDPR Namespace 3
  4. If you want to use an existing identity service namespace, choose Map from Identity Namespace Service and select a namespace in the Identity Service Namespaces field.

    If you want to create a new namespace in Identity Service and map it in Campaign, select Create new and enter a name in the Identity namespace name field.

    To learn more about identity namespaces, refer to this page.

  5. One Identity Service Namespace is mapped to one namespace in Campaign. You need to specify how the namespace will be reconciled in Campaign.

    Select a target mapping (Recipients, Real-time event or Subscriptions to an application). If you want to use several target mappings, you need to create one namespace per target mapping.

  6. Choose the Reconciliation key. This is the field that will be used to identify the Data Subject in the Adobe Campaign database.

  7. Click Create. You can now create Privacy requests based on your new namespace. If you use several namespaces, you will need to create one Privacy request per namespace.

Using the Privacy Core Service integration

注意:

The Privacy Core Service integration is the method you should use for all Access and Delete requests.

Starting 19.4, the use of the Campaign API and interface for Access and Delete requests is deprecated. Use the Core Privacy Service for any GDPR, CCPA, PDPA, or LGPD Access and Delete requests.

Privacy Core Service Integration allows you to automate your Privacy requests in a multi-solution context through a single JSON API call. Privacy requests pushed from the Privacy Core Service to all Experience Cloud solutions are automatically handled by Campaign via a dedicated workflow.

Refer to Experience Platform Privacy Service documentation to learn how to create Privacy requests from the Privacy Core Service.

Each Privacy core service job is split into multiple Privacy requests in Campaign based on how many namespaces are being used, one request corresponding to one namespace. Also, one job can be run on multiple instances. Therefore, multiple files are created for one job. For example, if a request has two namespaces and is running on three instances, then a total of six files are sent. One file per namespace and instance.

The pattern for a file name is : <InstanceName>-<NamespaceId>-<ReconciliationKey>.xml

InstanceName: Campaign instance name

NamespaceId: Identity Service Namespace Id of the namespace used

Reconciliation key: Encoded reconciliation key

Create a Privacy request using Campaign's interface

注意:

The Privacy Core Service integration is the method you should use for all Access and Delete requests. See this section.

Starting 19.4, the use of the Campaign API and interface for Access and Delete requests is deprecated. Use the Core Privacy Service for any GDPR, CCPA, PDPA, or LGPD Access and Delete requests.

Also refer to this tutorial on how to create and track your Privacy requests.

Adobe Campaign allows you to create your Privacy requests and track their evolution. To create a new Privacy request, follow these instructions:

  1. Click the Adobe Campaign logo in the top left corner, then select Administration > Privacy tools.

    GDPR Creation
  2. This screen allows you to view all the current Privacy requests and their status. The left panel offers a search by label, status and type. Click Create to create a new Privacy request.

    GDPR Creation 2
  3. Enter a Label, select the Regulation (GDPR, CCPA, PDPA, or LGPD), the Request type (Access or Delete), select a Namespace and enter the Reconciliation value. If you're using email as the namespace, type in the Data Subject's email.

    GDPR Creation 3

    The Privacy technical workflows run once every day and process each new request:

    • Delete request: the recipient's data stored in Adobe Campaign is erased.
    • Access requests: the recipient's data stored in Adobe Campaign is generated and made available as an XML file in the left part of the request screen.

    Also refer to this tutorial on Privacy request worflows.

    GDPR Creation 7

List of resources

When performing a Delete or Access Privacy request, Adobe Campaign searches all the Data Subject's data based on the Reconciliation value in all the resources that have a link to the profiles resource (own type).

Here is the list of out-of-the-box resources that are taken into account when performing Privacy requests:

  • Profiles (recipient)

  • Profile delivery logs (broadLogRcp)

  • Profile tracking logs (trackingLogRcp)

  • Delivery logs (Subscriptions to an application) (broadLogAppSubRcp)

  • Tracking logs (Subscriptions to an application) (trackingLogAppSubRcp)

  • Subscriptions to an application (appSubscriptionRcp)

  • Subscription history of profiles (subHistoRcp)

  • Profile subscriptions (subscriptionRcp)

  • Visitors (visitor)

If you created custom resources that have a link to the profiles resource (own type), they will also be taken into account. For example, if you have a transaction resource linked to the profiles resource and a transaction details resource linked to the transaction resource, they will be both taken into account.

Also refer to this tutorial on how to modify custom resources.

For this to work, you need to select the Deleting the target record implies deleting records referenced by the link option in the custom resource:

  1. Click the Adobe Campaign logo in the top left corner, then select Administration > Development > Custom resources.

  2. Select a custom resource that has a link to the profiles resource (own type).

  3. Click on the Links section.

  4. For each link, click on the pencil icon (Edit properties).

  5. In the Behavior if deleted/duplicated section, select the Deleting the target record implies deleting records referenced by the link option.

    GDPR Custom resource

The different statuses of a request

Here are the different statuses for Privacy requests:

  • New / Retry pending: in progress, the workflow has not processed the request yet.
  • Processing / Retry in progress: the workflow is processing the request.
  • Delete pending: the workflow has identified all the recipient data to delete.
  • Delete in progress: the workflow is processing the deletion.
  • Delete Confirmation Pending (Delete request in 2-step process mode): the workflow has processed the Access request. Manual confirmation is requested to perform the deletion. The button is available for 15 days.
  • Complete: the processing of the request has finished without an error.
  • Error: the workflow has encountered an error. The reason appears in the list of Privacy requests in the Request status column. For example, Error data not found means that no recipient data matching the Data Subject's Reconciliation value has been found in the database.

2-step process

注意:

The Core Privacy Service does not support the 2-step process.

Before using the Core Privacy Service integration to manage your Privacy requests, you must disable the 2-step process for Delete requests from the Campaign Standard interface.

If this option is not disabled, all Delete requests managed with the Privacy Core Service will remain in pending state and will not complete.

By default, the 2-step process is activated. When you create a new Delete request using this mode, Adobe Campaign always performs an Access request first. This allows you to check the data before confirming the deletion.

To change this mode, click Edit properties, in the top right corner of the Privacy Requests screen. You can then uncheck or check the Activate the 2-step process option.

GDPR Creation 4

With the 2-step mode activated, the status of a new Delete request changes to Delete confirmation pending. Download the generated XML file from the left panel of the request screen and check the data. To confirm erasing the data, click the Confirm the deletion button.

GDPR Creation 6

Using the Campaign API

注意:

The Privacy Core Service integration is the method you should use for all Access and Delete requests. See this section.

Starting 19.4, the use of the Campaign API and interface for Access and Delete requests is deprecated. Use the Core Privacy Service for any GDPR, CCPA, PDPA, or LGPD Access and Delete requests.

Adobe Campaign provides an API which allows you to setup an automatic Privacy request process.

With the API, the general Privacy process is the same as using the interface. The only difference is the creation of the Privacy request. Instead of creating the request in Adobe Campaign, a POST containing the request information is sent to Campaign. For every request, a new entry is added in the Privacy tools screen. The Privacy technical workflows then process the request, the same way as for a request added using the interface.

If you're using the API to submit Privacy requests, we recommend that you leave the 2-step process activated for the first Delete requests, in order to test the returned data. When your tests are finished, you can deactivate the 2-step process so that the Delete request process can run automatically.

See the API documentation.

Opt-out for the Sale of Personal Information (CCPA)

CCPA (California Consumer Privacy Rights) provides California residents new rights in regards to their personal information and imposes data protection responsibilities on certain entities whom conduct business in California.

The configuration and usage of Access and Delete requests are common to both GDPR and CCPA. This section presents the opt-out for the sale of personal data, which is specific to CCPA.

In addition to the Consent Management tools provided by Campaign (see this page), you also have the possibility to track whether a consumer has opted-out for the sale of Personal Information. 

A consumer decides, through your system, that he/she does not allow his/her personal information from being sold to a third-party. In Adobe Campaign, you will be able to store and leverage this information.

注意:

You can leverage the opt-out for the sale of personal information via the Campaign interface and through the API. You cannot use it through the Privacy Core Service.

注意:

It is the responsibility of the customer to keep track of the request dates for CCPA. As a technology provider, we only provide a way to Opt-Out. It is the responsibility of the customer to receive the data subject's request and use the available capability.

Prerequisite for custom tables

Starting 19.4, the CCPA Opt-Out field is provided out-of-the-box in the Campaign interface and API. By default, the field is available for the standard Profile resource.

If you use a custom profile resource, you need to extend the resource and add the field. We recommend that you use a different name than the out-of-the-box field, for example:  Opt-Out for CCPA (optoutccpa). When a new field is created, it is automatically supported by the Campaign API.

For more detailed information on how to extend the profile resource, see this section.

注意:

Modifying resources is a sensitive operation which must be performed by expert users only.

  1. Go to Administration > Development > Custom Resources. Click on the custom profile resource. For more on extending a resource, see this section.

    ccpa1bis
  2. Click on Add field or Create Element, add the label, ID and choose the Boolean type. For the name, use Opt-Out for CCPA. For the ID, use: optOutCcpa.

    ccpa2biss
  3. In the Screen definition tab, under Detail screen configuration, add the field and select Input field. This will make the field available in the profiles list and details.  For more on configuring the screen definition, see this section.

    ccpa3biss
  4. Go to Administration > Development > Publishing, prepare the publication and publish the modifications. For more on this, see this section.

    ccpa4
  5. Verify that the field is available on a profile’s details (see the next section). 

Usage

It is the responsibility of the data controller to populate the value of the field and follow the CCPA guidelines and rules concerning data selling.

To populate the values, several methods can be used:

  • Using Campaign’s interface by editing the profile’s details (see below)
  • Using the Campaign Privacy API (see the API documentation)
  • Via a data import workflow

You should then ensure that you never sell to any third party the personal information of profiles who have opted-out.

In Campaign's interface, edit a profile to change the opt-out status.

ccpa6biss

When the value of the field is True, the information appears on the profile's details.

ccpa5biss

You can configure the profiles list to display the op-out column. To learn how to configure lists, refer to the detailed documentation.  

ccpa8biss

You can click on the column to sort recipients according to the opt-out information. 

ccpa7bis