Global Privacy Platform (GPP): W...
Global Privacy Platform (GPP): What This...

Global Privacy Platform (GPP): What This Means for Ad Tech and US Privacy Laws

GPP will be an invaluable tool to navigate the complexities of global privacy

Ashlea Cartee Product Marketing Manager, OneTrust

clock4 Min Read

Featured Image

IAB Tech Lab, the digital advertising technical standards-setting body, recently announced the launch of its Global Privacy Platform (GPP). As part of IAB Tech Lab’s Project Rearc, GPP is designed to streamline transmitting privacy, consent, and consumer choice signals from websites and applications to ad tech vendors. The GPP was created after years of collaboration with the industry including technical and legal experts across the globe. Managing privacy regulations across multiple jurisdictions is complicated and GPP is set to become an invaluable tool to navigate the complexities of global privacy. 

What is the GPP?

The GPP enables advertisers, publishers, and technology vendors to adapt to regulatory requirements across markets. The framework enables companies to use a consent management platform (CMP), such as OneTrust, to capture and communicate consent signals throughout the digital ad supply chain. The creation of GPP consolidates the management of different consent signals from multiple global privacy jurisdictions and also supports the Global Privacy Control (GPC), a browser-level signal that enables individuals to opt out of the sale of share of information. The GPP currently supports the US Privacy and IAB Europe TCF consent strings.  

How will GPP impact the TCF v2.0 framework?

The IAB Europe TCF v2.0, IAB Europe’s second iteration of the Transparency and Consent Framework, is still available and supported. However, the IAB is advising those who need to consider consent signaling across multiple jurisdictions, especially due to the rise of US privacy laws, to adopt the GPP as it will be the only framework where future global user consent and preference signaling will be made available. If and when changes are made to the TCF framework, those changes will be updated and reflected in GPP, further emphasizing the need to adopt GPP in the future.  

What does the GPP mean for upcoming US privacy laws?  

Historically, the US Privacy Specifications created by IAB Tech Lab have been used to support the IAB CCPA Compliance Framework, which included specifications for the creation and transport of privacy strings as well as data deletion request handling. However, the US Privacy Specifications will not be updated to include the US state-specific privacy strings that come into effect in 2023; instead, these will only be available using the GPP. 

The IAB recommends companies transition away from the US Privacy Specifications and adopt GPP, as this will be the only platform to accommodate upcoming and future privacy and consent management requirements in the US. 

How will OneTrust support GPP?

OneTrust’s CMP enables companies to capture, manage, and sync individual’s consent choices across the ecosystem. OneTrust’s product team is working to fully support the GPP framework in its user consent banner templates, designed with specific language from the OneTrust legal team for each applicable regulation.  

GPP support will include options using this framework through consent banners and signaling for US state-level privacy regulations as well as broader consent frameworks via signals for US National Consent, TCF 2.0, and the newly released Canada TCF.  

Main takeaways and resources

  • IAB Tech Lab, the digital advertising technical standards-setting body, created the Global Privacy Platform (GPP) 
  • The framework enables companies to use a consent management platform (CMP), such as OneTrust, to capture and consent signals throughout the digital ad supply chain  
  • The creation of GPP consolidates the management of different consent signals from multiple global privacy jurisdictions and supports the Global Privacy Control (GPC) signal  
  • IAB’s existing US Privacy framework will not be updated to align with new state-level privacy laws, and will be deprecated as GPP is adopted  
  • IAB recommends organizations to adopt GPP, as this will be the only platform to accommodate US privacy law consent signaling 

For more information on the latest timelines and guidelines for your transition, please reach out to your account manager or request a demo here 

 

Tags:

You Might Also Be Interested In


NOVEMBER 28, 2022

From Sapin II to Sapin III: France’s anti-corruption fight

NOVEMBER 25, 2022

7 myths about SOC 2 compliance

NOVEMBER 18, 2022

What every Chief Privacy Officer should know  about third-party risk management

NOVEMBER 17, 2022

The role of disclosures in risk assessment and mitigation 

NOVEMBER 15, 2022

US climate risk rule could affect more than 5,700 federal suppliers

NOVEMBER 14, 2022

The COP27 climate summit: What to expect and why it matters

NOVEMBER 10, 2022

CSRD update: EU approves new ESG disclosure rules

NOVEMBER 9, 2022

SOC 2: Starting your audit process

BackToTop
Onetrust All Rights Reserved