The Global Privacy Platform (GPP) enables privacy preferences to be communicated between participating parties. Adform processes personal data in accordance with the privacy signals received through supported GPP specifications and applicable law. Depending on the jurisdiction, these signals may represent consent, opt-out choices, or other legally recognized user preferences.
GPP combines privacy signals from Europe's Transparency and Consent Framework (TCF) for GDPR compliance and the Multi-State Privacy Agreement (MSPA) for US privacy laws in California, Virginia, Connecticut, Colorado, and Utah.
The benefits of the GPP include:
-
Helping advertisers, publishers, and adtech providers meet regulatory requirements in different markets.
-
Reducing the costs of managing privacy compliance.
-
Assisting publishers in minimizing privacy risks.
GPP provides Consent Management Platforms (CMPs) with a single framework to encode and transmit consumer privacy preferences. This framework can be used globally and across various platforms and channels. Adform DSP, SSP, Ad Server, and DMP all support the GPP framework.
Tip
To better understand data privacy regulations, see Adform Academy course Understand Evolving Privacy Regulations.
The GPP signaling process is a way for users to signal their privacy preferences to websites and adtech providers. The process includes these steps:
-
Publishers and advertisers use CMP to manage user consent for data processing activities on their web pages. The CMP captures a visitor's preferences and packages them into a standard payload called the GPP string.
-
The CMP sends a request to Adform in one of the following ways:
-
OpenRTB: Adds the GPP string into the field within the
regsobject. -
URL Parameters and Macros: Replaces a dedicated macro in the URL request. IAB has defined a set of URL parameters and macros that can be used to pass the GPP string.
-
-
Adform receives a GPP signal and retrieves a user's privacy preferences.
-
Adform processes the user's data based on their preferences.
The GPP string contains sections that represent a unique privacy signal, usually a unique jurisdiction. Current sections in the GPP string are US Privacy (United States), TCF (European Union), and CTC (Canadian Trust Centre).
Adform supports two out of nine privacy signals.
|
GPP Section ID |
Description |
Supported by Adform |
Comment |
|---|---|---|---|
|
1 |
EU TCF v1 section |
No |
Deprecated |
|
2 |
EU TCF v2 section |
Yes |
|
|
3 |
GPP header section |
- |
This is a technical section that contains encoded concentrated information on the privacy signals present within the whole GPP string. |
|
4 |
GPP signal integrity section |
- |
This is a technical section that contains encoded concentrated information on the privacy signals present within the whole GPP string. |
|
5 |
Canadian TCF section |
No |
|
|
6 |
US privacy string (CCPA) |
No |
Deprecated |
|
7 |
US national section (MSPA) |
Yes |
|
|
8 |
US California section (CPRA) |
No |
|
|
9 |
US Virginia section (VCDPA) |
No |
|
|
10 |
US Colorado section (CPA) |
No |
|
|
11 |
US Utah section (CPA) |
No |
|
|
12 |
US Connecticut section (CTDPA) |
No |