The IAB GPP will operate alongside US privacy string until January 31, 2024 to allow for vendors to adopt GPP. IAB will continue to support the IAB TCF to allow Consent Management Provider (CMP) and vendors time to develop and implement any changes that may arise in IAB TCF 2.0.
What is the IAB Global Privacy Platform?
The IAB GPP helps address the challenges posed by the growing number of different privacy regulations worldwide. Implementing OneTrust with the IAB Global Privacy Platform Consent empowers publishers to streamline the vendors and advertising content which appears on their websites.
OneTrust has partnered with IAB Tech Lab to help publishers meet the transparency, notice, and choice requirements set out by the US Privacy Laws which came into play in 2023.
As an IAB Tech Lab-approved Consent Management Provider (CMP), OneTrust helps customers to pull vendor privacy declarations directly from the IAB Global Vendor List and provide necessary information about the approved Vendors. OneTrust customers can capture a website visitor's consent, where necessary, before personal data is collected, and when approved, share the preferences to Vendors to ensure adherence to the website visitor's choice.
OneTrust's partnership with IAB Tech Lab allows customers to seamlessly integrate their existing privacy notices and policies with the IAB Framework, simplifying transparency, notice, and consent capture, as well as demonstrating compliance across their first- and third-party content ecosystem.
Important
Google Ad Manager Support
Google Ad Manager will continue to support the US privacy string after the January 31end-of-support deadline communicated by the IAB (more information here) and will not support the US National String. OneTrust's official stance is to no longer use the USP past the IAB deprecation date.
Google has stated they will continue to support the USP after the deprecation date and we will not prevent users from writing the USP. Google is only adopting state-specific GPP strings for four states: California, Virginia, Colorado, and Connecticut. You may want to instead programmatically set the RDP and/or the TFCD signals in Ad Manager nationally. Once Google fully supports GPP for Ad Manager, they will deprecate USP and officially recommend that publishers move to GPP. No timeline has been given by Google.
You can find more information here.
Note
The following information is only applicable to the new US Privacy strings, not TCF EU.
IAB GPP attempts to create a unified approach for consent signaling for US stakeholders. The global privacy platform looks to streamline US consent by introducing state-specific strings and the Multi State Privacy Agreement (MSPA).
IAB GPP has been designed to give enhanced transparency and choice to consumers while providing better control to publishers. This is accomplished by incorporating the following:
Application of Sections
IAB GPP looks to unify consent signaling by creating incorporating subsections for different US privacy laws while also supporting existing frameworks such as IAB Europe TCF. The consent signal generated allows for publishers/vendors to identify which section will apply to them. You can learn more here.
The sections are defined purposes for the processing of data by a vendor. Each provides the Legal Basis for the vendor to process data. Publishers are able to configure which purposes are used for state-specific sections. Each US privacy regulation has various purposes to process data.
You can learn more here.
Multi State Privacy Agreement
The MSPA creates a contractual framework intended to aid advertisers, publishers, agencies, and ad tech intermediaries in complying with five state privacy laws that are already effective in 2023. You can learn more here.
Notices
A notice is an opportunity for the end user to shown adequate information about the processing (selling, sharing) of personal information.
Sensitive Data Processing
The GPP includes a purpose for sensitive data processing. Sensitive data include personal information related to religion, Social Security, sexuality, communication methods, and genetics, among other areas. You can learn more here.
Known Child Consent
The GPP includes purposes for personal or sensitive data on known children. The GPP defines two purposes based on age: one for children age 13–16, another for children younger than 13. You can learn more here.
For more information, see the GPP blogs from IAB Tech Lab here and here.
