Salesforce

Global Privacy Platform FAQ

« Go Back
Information
Global Privacy Platform FAQ
UUID-17eaccf6-8a65-cd6f-e61d-e58a4e1790f6
Article Content

See below for answers to frequently asked questions related to the IAB Global Privacy Platform.

1.

Why would I use IAB Global Privacy Platform (GPP)?

The GPP enables advertisers, publishers, and technology vendors to adapt to regulatory requirements across markets. The framework enables companies to use a consent management platform (CMP), such as OneTrust, to capture and communicate consent signals throughout the digital ad supply chain. The creation of GPP consolidates the management of different consent signals from multiple global privacy jurisdictions and also supports the Global Privacy Control (GPC), a browser-level signal that enables individuals to opt out of the sale or sharing of information. The GPP currently supports the US Privacy and IAB Europe TCF consent strings.

2.

What's new for IAB GPP?

IAB GPP attempts to create a unified approach for consent signaling for US stakeholders. The global privacy platform looks to streamline US consent by introducing state-specific strings and the Multi State Privacy Agreement (MSPA).

IAB GPP has been designed to give enhanced transparency and choice to consumers while providing better control to publishers. This is accomplished by incorporating the following:

Application of Sections

IAB GPP looks to unify consent signaling by creating incorporating subsections for different US privacy laws while also supporting existing frameworks such as IAB Europe TCF. The consent signal generated allows for publishers/vendors to identify which section will apply to them. You can learn more here.

Multi State Privacy Agreement

The MSPA creates a contractual framework intended to aid advertisers, publishers, agencies, and ad tech intermediaries in complying with five state privacy laws that are already effective in 2023. You can learn more here.

3.

What is the Multi State Privacy Agreement (MSPA)?

The IAB Multi-State Privacy Agreement (MSPA) is an industry contractual framework intended to aid advertisers, publishers, agencies, and ad tech intermediaries in complying with five state privacy laws that will become effective in 2023 (in California, Virginia, Colorado, Connecticut, Utah).

4.

Do I need to have MSPA enabled to use GPP?

No, MSPA is not a requirement to use GPP. Publishers can confirm whether they would like to adhere to the MSPA. Please see documentation here for more detail.

5.

Where can I access the full IAB GPP documentation?

You can find all of the documentation for IAB GPP here.

6.

Is IAB GPP compatible with the US Privacy String?

The IAB recommends companies transition away from the US Privacy Specifications and adopt GPP. GPP will be the only platform to accommodate upcoming and future privacy and consent management requirements in the US. There will be a grace period before this full transition.

7.

Can I configure the look and feel of the Banner and Preference Center?

Unlike the EU TCF framework, the new IAB US privacy strings do not have specific UI requirements for the banner and preference center. However, it is important to consider that some US states require notices to users.

8.

Are cookies required for working with the Universal Consent & Preference Management Provider API?

Yes, IAB GPP relies on cookies to store consent data. The consent data is stored in the OTGPPConsent cookie.

9.

Does a vendor have to be part of TCF 2.0 framework to claim Legal Basis outside of TCF? Who declares the Legal Basis, the vendor or the publisher?

Yes, the vendor must register with the IAB TCF because this signal is relayed by a vendor ID, which comes from the IAB Global Vendor List.

10.

How are vendors that have not joined the IAB framework reflected in the TC string?

These vendors are not relayed in the GPP string. OneTrust can disclose these separately if desired and will leverage the base tracking control tools to manage these vendors.

11.

If a user provided consent to a site, then visited a second site and rejected consent, which user consent status will be applicable to the first site?

The consent given on the first site will be taken from the OTGPPConsent third-party cookie.

12.

What if I don't receive the Transparency and Consent string?

If the string is not received, you will not be able to process the user's data.

13.

What’s the GPP Consent String format?

The format is [Header]~[Discrete Section]. See IAB TCF GPP Consent String for further detail.

14.

Do we need to establish data processing purposes for our own uses via CMP consent?

You can do this for enhanced transparency and consolidation. This may also be achieved through the standard cookie categories and controls.

15.

Will OneTrust still be ending support for US Privacy strings on January 31, 2024?

OneTrust's official stance is for publishers to adopt GPP. Google plans to still support US Privacy strings after the deadline communicated by IAB. In light of this, we will not prevent users from writing the USP. Once Google fully supports GPP for Ad Manager, they will deprecate USP.

 
Article Visibility
1,746
Translation
English
Checked

Powered by