Global Privacy Platform (GPP) – IAB Tech Lab’s Compliance Protocol

IAB Tech Lab’s Global Privacy Platform (GPP) enables publishing businesses to comply with several privacy regulations via a standardized framework. Such laws include the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Digital Advertising Alliance (DAA).

Admiral is excited to announce the support for the IAB GPP framework. Admiral's CMP includes support for the US National and CCPA (as amended by the CPRA) template. 

Deadline Update: IAB has announced extended support for their US Privacy Signal which covered CCPA, until Jan. 31, 2024. The Global Privacy Platform is available for implementation and addresses the new privacy regulations across five states and another six in development. IAB Update notice.

This article answers several frequently asked questions about the IAB Global Privacy Platform, such as the following:

What Is the IAB Global Privacy Platform?

The IAB Global Privacy Platform is a comprehensive framework that helps digital ad publishing businesses to collect user data while maintaining and improving brand trust with data privacy compliance.

The IAB GPP was announced on June 1st, 2022, two years after IAB Tech Lab launched Project Rearc, which involved industry collaboration and consultations with global technical and legal experts. IAB announced the framework with a 60-day public comment period, which was extended to August 15th and completed on September 28th, 2022.

From adapting to regulatory requirements across regions to supporting privacy consent, the GPP enables publishers to use consent management platforms (CMPs) like Admiral to collect and communicate consent signals throughout their visitor journey.

This solution simplifies managing evolving privacy regulations across multiple markets, so publishers find it easier to comply with regional privacy laws.

  • The GPP framework enables companies to use a consent management platform (CMP), such as Admiral, to capture consent signals throughout the digital ad supply chain.
  • The creation of GPP consolidates the management of different consent signals from multiple global privacy jurisdictions and supports the Global Privacy Control (GPC) signal.
  • IAB’s existing US Privacy framework will be deprecated by Jan 31, 2024. IAB recommends organizations adopt GPP, as this will be the only platform to accommodate US privacy law consent signaling.
  • Companies should also sign the Multi-State Privacy Agreement (MSPA) to keep up with the evolving privacy landscape across U.S. states.

  • GPP adoption is recommended by IAB, as it will be the only platform to accommodate US privacy law consent signaling.
What is the IAB Multi-State Privacy Agreement?

The IAB Multi-State Privacy Agreement is a collaborative effort among state governments in the United States to establish standardized privacy regulations for the digital advertising industry. It aims to address concerns regarding consumer data privacy and create a consistent framework for data collection, consent mechanisms, and consumer rights.

By streamlining compliance efforts and reducing the burden of navigating different state-specific regulations, it helps businesses operating in multiple jurisdictions adhere to a common set of rules.

The agreement is facilitated by the Interactive Advertising Bureau (IAB), a leading trade association in the industry. It promotes transparency, accountability, and responsible data-driven advertising practices while protecting consumer privacy.

Businesses and advertisers should regularly monitor the evolving guidelines provided by the IAB and participating states to ensure compliance with the latest developments.

How Does the IAB GPP Work?

With the IAB Tech Lab’s Global Privacy Platform, publishers have the flexibility to meet their individual needs to comply with different regulations without negatively impacting user experience.

You can use the GPP for better consent management by integrating its Application Programming Interface (API) with your CMP.

The compliance protocol and APIs provide a streamlined framework for publishers to signal user privacy consent and preference through the visitor journey. From making it easier to adhere to global data privacy regulations to helping publishers manage user data on all channels and devices, the GPP provides a comprehensive end-to-end solution.

The platform can communicate users’ privacy preferences across jurisdictions via its GPP string. GPP links these preferences from all jurisdictions, like USPrivacy and TCF, into a single string. The privacy signals do not change for existing signals but become a section of the GPP string.

IAB Global Privacy Platform has a classification of all known data purposes and data uses to accommodate new consent signals and create manifests for any given jurisdiction.

The GPP CMP APIs allow publishers to expose and retrieve privacy signal details. This API acts as a bridge for existing privacy signals, so a new API definition is unnecessary to determine if the user consents.

What Are the Key Aspects of the IAB GPP for Publishers?

The IAB Global Privacy Platform has several aspects that help publishers to comply with different jurisdictions for efficient data privacy and consent management. 
Such fundamental elements include the following:

  • Consent signals
  • Consent records
Consent Signals

Publishers can find it easier to get user consent by using customizable templates that clearly outline how they will use the visitor’s data. In addition, the GPP leverages consent signals to streamline the communication of user consent for publishers, technology providers and users in the digital ecosystem.

Consent signals allow seamless communication of users’ consent and preferences across various channels and devices, enabling you to maintain an enhanced user experience and improve customer loyalty.

Consent Records

The GPP generates a receipt after a user gives their consent. This aspect helps publishers to collect and keep accurate consent records, as the receipt can be shared with regulatory authorities if required.

With consent records, publishers can show their compliance with various privacy regulations. The records contain details including the user consent preferences, the type of data collected, the reason for collecting such data and the third-party entities with whom the data is being shared.

What Does GPP’s Adoption Mean for Current Data Privacy Technical Specifications?

The IAB Global Privacy Platform supports technical specifications, including TCF v2.0 and US Privacy. Publishers can continue to use these frameworks for consent and preference signaling, but experts encourage adopting the GPP for their processes to remain seamless.

According to Rowena Lam, Sr. Director of Product, Privacy and Data, at IAB Tech Lab, “While the adoption of the GPP is underway, there will be a period where the TC string may be retrieved from more than one location; either the TCF-specific or GPP interfaces.

We advise the industry, especially those considering consent signaling across multiple jurisdictions, to adopt the GPP as it will be the primary framework where future global user consent and preference signaling will be made available.”

What Is the Difference Between the GPP and the IAB CCPA Compliance Framework?

The IAB Tech Lab developed IAB CCPA Compliance Framework and the GPP to help publishers comply with privacy regulations.

The main difference between these two protocols is that the CCPA Compliance Framework is designed to comply with the California Consumer Privacy Act (CCPA). At the same time, the GPP is a more comprehensive framework publishers can use to comply with various privacy regulations.

The IAB CCPA Compliance Framework depends on the US Privacy Specifications, which will not be modified to comply with upcoming state privacy laws in the United States that will take effect in 2023.

How Does Admiral Support the IAB Global Privacy Platform?

Admiral supports the IAB's Global Privacy Platform and the Multi-State Privacy Agreement (MSPA), with a US National approach that addresses VCPDA and California's CCPA. 

As one of the industry’s first IAB-compliant CMPs, Admiral helps identify users’ jurisdictions and collect and transmit consent signals to secure online data privacy. From zero vendor limit to complete conversion and visitor consent state reporting, Admiral enables you to ensure compliance with privacy regulations and drive revenue.

With Admiral CMP’s customizable CTAs, you can improve your privacy consent rates, build trust and transparency with visitors, and comply with regulatory mandates. Schedule a demo today.

Schedule a Demo

Get a Free Account Now with Revenue Analytics Dashboard

Get Admiral Free