IAB Tech Lab’s Global Privacy Platform (GPP) enables publishing businesses to comply with several privacy regulations via a standardized framework. Such laws include the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Digital Advertising Alliance (DAA).
This article answers several frequently asked questions about the IAB Global Privacy Platform, such as the following:
- What is the IAB Global Privacy Platform?
- How does the GPP Work?
- What are the Key Aspects of the GPP?
- What does GPP’s adoption mean for current data privacy technical specifications?
- What is the difference between the GPP and the IAB CCPA Compliance Framework?
- How does Admiral support the IAB Global Privacy Platform (GPP)?
What Is the IAB Global Privacy Platform?
The IAB Global Privacy Platform is a comprehensive framework that helps digital ad publishing businesses to collect user data while maintaining and improving brand trust with data privacy compliance.
Publishers can increase their revenue with Visitor Relationship Management (VRM) by leveraging data to deliver personalized ad experiences.
The GPP was announced on June 1st, 2022, two years after IAB Tech Lab launched Project Rearc, which involved industry collaboration and consultations with global technical and legal experts. IAB announced the framework with a 60-day public comment period, which was extended to August 15th and completed on September 28th, 2022.
From adapting to regulatory requirements across regions to supporting privacy consent, the GPP enables publishers to use consent management platforms (CMPs) like Admiral to collect and communicate consent signals throughout their visitor journey. This solution simplifies managing evolving privacy regulations across multiple markets, so publishers find it easier to comply with regional privacy laws.
What is the IAB Multi-State Privacy Agreement?
The IAB Multi-State Privacy Agreement is a collaborative effort among state governments in the United States to establish standardized privacy regulations for the digital advertising industry. It aims to address concerns regarding consumer data privacy and create a consistent framework for data collection, consent mechanisms, and consumer rights.
By streamlining compliance efforts and reducing the burden of navigating different state-specific regulations, it helps businesses operating in multiple jurisdictions adhere to a common set of rules.
The agreement is facilitated by the Interactive Advertising Bureau (IAB), a leading trade association in the industry. It promotes transparency, accountability, and responsible data-driven advertising practices while protecting consumer privacy. Businesses and advertisers should regularly monitor the evolving guidelines provided by the IAB and participating states to ensure compliance with the latest developments.
How Does the IAB GPP Work?
With the IAB Tech Lab’s Global Privacy Platform, publishers have the flexibility to meet their individual needs to comply with different regulations without negatively impacting user experience.
You can use the GPP for better consent management by integrating its Application Programming Interface (API) with your CMP.
The compliance protocol and APIs provide a streamlined framework for publishers to signal user privacy consent and preference through the visitor journey. From making it easier to adhere to global data privacy regulations to helping publishers manage user data on all channels and devices, the GPP provides a comprehensive end-to-end solution.
The platform can communicate users’ privacy preferences across jurisdictions via its GPP string. GPP links these preferences from all jurisdictions, like USPrivacy and TCF, into a single string. The privacy signals do not change for existing signals but become a section of the GPP string.
IAB Global Privacy Platform has a classification of all known data purposes and data uses to accommodate new consent signals and create manifests for any given jurisdiction.
The GPP CMP APIs allow publishers to expose and retrieve privacy signal details. This API acts as a bridge for existing privacy signals, so a new API definition is unnecessary to determine if the user consents.
What Are the Key Aspects of the IAB GPP for Publishers?
The IAB Global Privacy Platform has several aspects that help publishers to comply with different jurisdictions for efficient data privacy and consent management.
Such fundamental elements include the following:
- Consent signals
- Consent records
Publishers can find it easier to get user consent by using customizable templates that clearly outline how they will use the visitor’s data. In addition, the GPP leverages consent signals to streamline the communication of user consent for publishers, technology providers and users in the digital ecosystem.
Consent signals allow seamless communication of users’ consent and preferences across various channels and devices, enabling you to maintain an enhanced user experience and improve customer loyalty.
The GPP generates a receipt after a user gives their consent. This aspect helps publishers to collect and keep accurate consent records, as the receipt can be shared with regulatory authorities if required.
With consent records, publishers can show their compliance with various privacy regulations. The records contain details including the user consent preferences, the type of data collected, the reason for collecting such data and the third-party entities with whom the data is being shared.
What Does GPP’s Adoption Mean for Current Data Privacy Technical Specifications?
The IAB Global Privacy Platform supports technical specifications, including TCF v2.0 and US Privacy. Publishers can continue to use these frameworks for consent and preference signaling, but experts encourage adopting the GPP for their processes to remain seamless.
According to Rowena Lam, Sr. Director of Product, Privacy and Data, at IAB Tech Lab, “While the adoption of the GPP is underway, there will be a period where the TC string may be retrieved from more than one location; either the TCF-specific or GPP interfaces. We advise the industry, especially those considering consent signaling across multiple jurisdictions, to adopt the GPP as it will be the primary framework where future global user consent and preference signaling will be made available.”
What Is the Difference Between the GPP and the IAB CCPA Compliance Framework?
The IAB Tech Lab developed IAB CCPA Compliance Framework and the GPP to help publishers comply with privacy regulations.
The main difference between these two protocols is that the CCPA Compliance Framework is designed to comply with the California Consumer Privacy Act (CCPA). At the same time, the GPP is a more comprehensive framework publishers can use to comply with various privacy regulations.
The IAB CCPA Compliance Framework depends on the US Privacy Specifications, which will not be modified to comply with upcoming state privacy laws in the United States that will take effect in 2023.
How Does Admiral Support the IAB Global Privacy Platform?
Admiral's supports the IAB's Global Privacy Platform and the Multi-State Privacy Agreement (MSPA), with a US National approach that addresses VCPDA and California's CCPA.
As one of the industry’s first IAB-compliant CMPs, Admiral helps identify users’ jurisdictions and collect and transmit consent signals to secure online data privacy. From zero vendor limit to complete conversion and visitor consent state reporting, Admiral enables you to ensure compliance with privacy regulations and drive revenue.
With Admiral CMP’s customizable CTAs, you can improve your privacy consent rates, build trust and transparency with visitors, and comply with regulatory mandates. Schedule a demo today.