IAB Tech Lab, the digital advertising technical standards-setting body, announced the launch of its Global Privacy Platform (GPP) in 2022. As part of IAB Tech Lab’s Project Rearc, GPP is designed to streamline transmitting privacy, consent, and consumer choice signals from websites and applications to ad tech vendors. The GPP was created after years of collaboration with the industry including technical and legal experts across the globe. Managing privacy regulations across multiple jurisdictions is complicated and GPP is set to become an invaluable tool to navigate the complexities of global privacy.
The GPP enables advertisers, publishers, and technology vendors to adapt to regulatory requirements across markets. The framework enables companies to use a consent management platform (CMP), such as OneTrust, to capture and communicate consent signals throughout the digital ad supply chain. The creation of GPP consolidates the management of different consent signals from multiple global privacy jurisdictions and also supports the Global Privacy Control (GPC), a browser-level signal that enables individuals to opt out of the sale of share of information. The GPP currently supports the US Privacy and IAB Europe TCF consent strings.
The IAB Europe TCF v2.0, IAB Europe’s second iteration of the Transparency and Consent Framework, is still available and supported. However, the IAB is advising those who need to consider consent signaling across multiple jurisdictions, especially due to the rise of US privacy laws, to adopt the GPP as it will be the only framework where future global user consent and preference signaling will be made available. If and when changes are made to the TCF framework, those changes will be updated and reflected in GPP, further emphasizing the need to adopt GPP in the future.
Historically, the US Privacy Specifications created by IAB Tech Lab have been used to support the IAB CCPA Compliance Framework, which included specifications for the creation and transport of privacy strings as well as data deletion request handling. However, the US Privacy Specifications will not be updated to include the US state-specific privacy strings that come into effect in 2023; instead, these will only be available using the GPP.
The IAB recommends companies transition away from the US Privacy Specifications and adopt GPP, as this will be the only platform to accommodate upcoming and future privacy and consent management requirements in the US.
The multi-state privacy agreement (MSPA) is an evolution of the IAB Limited-Service Provider Agreement (LSPA). While the LSPA, introduced in 2020, focused on consumer privacy rights and standards for companies to follow to be in line with the CCPA, it has been overhauled to account for new state law requirements and the GPP (including its state-specific privacy strings) to facilitate compliance for digital advertising transactions.
The MSPA, in combination with IAB Tech Lab’s Global Privacy Platform (GPP), will help member companies address the increasingly complex challenges of global privacy and manage different consent signals from multiple jurisdictions.
OneTrust’s consent management platform (CMP) enables companies to capture, manage, and sync individual’s consent choices across the ecosystem.
OneTrust is excited to announce the support for the GPP framework. Our CMP includes support for the US National and CCPA (as amended by the CPRA) template and consent signals with more regional support launching in upcoming releases.
Main takeaways and resources
To learn more about how your organization can take advantage of this new framework and adopt GPP effectively, register for our webinar, “IAB Global Privacy Platform (GPP): What to Know & How to Adopt the Framework”, where OneTrust privacy experts break down what this new framework means for the privacy landscape and the best practices for GPP adoption.
Book your spot today.