In a world where online privacy is increasingly at the forefront of consumers' and regulators' minds, complying with new and evolving privacy laws can be a formidable challenge for global businesses. To support the growing number of privacy laws the ad tech industry needs a uniform way to honour and transmit a user’s privacy choices throughout the ad ecosystem.
The IAB Technology Laboratory (IAB Tech Lab) has introduced the Global Privacy Platform (GPP) to respond to this growing need for a unified tech approach to compliance.
It is challenging to keep up with evolving privacy regulations across Europe, Canada, and a growing list of US States. Especially in the US, in the absence of an overarching federal framework, states are stepping in to establish individual data privacy laws. Currently, out of the seventeen states that have passed comprehensive data privacy laws, five states (California, Colorado, Connecticut, Virginia, and Utah) have effective laws.
The emphasis on consent for sensitive data is an emerging trend among US state laws. Various state privacy laws that have been recently implemented have broadened the scope of sensitive data by incorporating different interpretations. Two recent developments highlight the growing federal scrutiny of sensitive data processing:
There are numerous substantive differences across US state privacy laws. To help ad tech players address the challenges of managing consent signals for multiple states across the US, the Interactive Advertising Bureau (IAB) and IAB Tech Lab have introduced - the IAB’s Multi-State Privacy Agreement (MSPA) which works in conjunction with IAB Tech Lab’s US State Signals initiatives, which was released as part of the Global Privacy Platform (GPP).
Let’s understand each of these and how they are interconnected.
The MSPA is an industry contractual framework intended to aid advertisers, publishers, agencies, and ad tech intermediaries in complying with multiple state laws. It is a set of privacy-protective terms that spring into place among a network of signatories, that follow the data as it flows through the digital ad supply chain.
The MSPA expands the scope of opt-outs and grants consumers the ability to opt out when their personal information will be “sold” to a third party or “shared” or “processed” for purposes of targeted advertising.
The US National Privacy String was specifically designed to support the MSPA and transport user opt-ins and opt-outs between partners in the US. The MSPA creates interoperability among all state privacy laws by providing a national approach and works together with the GPP.
The GPP supports MSPA by including a section on MSPA’s national approach and was developed to simplify the transmission of privacy signals throughout the ad ecosystem.
The erstwhile US Privacy Specifications which have previously been used by companies to address the CCPA has been deprecated, and IAB Tech Lab encourages the industry to shift towards using the GPP and US State Signals specifications.
The US State Signals are a set of privacy string specifications for five US states (California, Virginia, Colorado, Utah, and Connecticut) that must be used in conjunction with the GPP.
IAB strongly recommends that a company be a signatory to the MSPA, though it is not a prerequisite to use the new state-level signals. MSPA signatories can send either the US National Privacy String or US State Signals; the MSPA accommodates both approaches. But if you’re not an MSPA signatory, you should only send or receive US State Signals with your partners.
In a nutshell:
The new US state-level signals, when used in conjunction with the MSPA, will aid the industry in complying with the five new state privacy laws. The IAB recommends and urges publishers to implement the GPP and the US State Signals, and also read and determine if they will be signing the MSPA.
The GPP is a technical protocol designed to streamline the transmission of privacy and consumer choice signals to all downstream partners and help its participants adapt to regulatory demands across markets.
Publishers can enable the GPP by using a Consent Management Platform (CMP). A global API enables seamless integration of the GPP with the CMP used by publishers to collect user consent from websites and apps. It provides mechanisms for obtaining and recording user consent, as well as respecting user preferences for data processing.
By participating in the GPP, publishers can:
The GPP eliminates the need to integrate with multiple privacy signal standards and instead provides a signal standard that currently supports:
The IAB Europe TCF v2.0 specifications are still available and supported. IAB advises the industry, especially those who need to consider consent signaling across multiple jurisdictions, to adopt the GPP as it will be the primary framework where future global user consent and preference signaling will be made available.
Having a certified CMP on board is key to working smoothly with the GPP. It ensures that consumer privacy remains at the core of everything through a single platform.
We are glad to announce that our InMobi CMP can help publishers achieve all IAB recommendations through a single platform as InMobi CMP supports the GPP for both websites and app! Discover the InMobi CMP >
Register to our blog updates newsletter to receive the latest content in your inbox.