The Global Privacy Platform (GPP) by IAB Tech Lab is a framework that simplifies the process of sharing privacy, consent, and consumer choice information between websites, apps, and adtech vendors. It combines privacy signals from Europe's Transparency and Consent Framework (TCF) for GDPR compliance and the Multi-State Privacy Agreement (MSPA) for US privacy laws in California, Virginia, Connecticut, Colorado, and Utah.
The benefits of GPP include:
-
Helping advertisers, publishers, and adtech vendors meet regulatory requirements in different markets.
-
Reducing the costs associated with managing privacy compliance.
-
Assisting publishers in minimizing privacy risks.
GPP provides Consent Management Platforms (CMPs) with a single framework to encode and transmit consumer privacy preferences. This framework can be used globally and across various platforms and channels. Adform DSP, SSP, Ad Server, and DMP support the GPP framework.
Tip
To better understand data privacy regulations, see Adform Academy course Understand Evolving Privacy Regulations.
The GPP signaling process is a way for users to signal their privacy preferences to websites and adtech providers. The process includes these steps:
-
Publishers and advertisers use CMP to manage user consent for data processing activities on their webpages. The CMP captures a visitor's preferences and packages them into a standard payload called the GPP string.
-
The CMP sends a request to Adform in one of the following ways:
-
OpenRTB: Adds the GPP string into the field within the
regsobject. -
URL Parameters and Macros: Replaces a dedicated macro in the URL request. IAB has defined a set of URL parameters and macros that can be used to pass the GPP string.
-
-
Adform receives a GPP signal and retrieves a user's privacy preferences.
-
Adform processes the user's data based on their preferences.
The GPP string contains sections that represent a unique privacy signal, usually a unique jurisdiction. Current sections in the GPP string are USPrivacy (United States), TCF (European Union), and CTC (Canadian Trust Center).
Adform supports two out of nine privacy signals.
|
GPP Section ID |
Description |
Supported by Adform |
Comment |
|---|---|---|---|
|
1 |
EU TCF v1 section |
No |
Deprecated |
|
2 |
EU TCF v2 section |
Yes |
|
|
3 |
GPP header section |
- |
This is a technical section that contains encoded concentrated information on the privacy signals present within the whole GPP string. |
|
4 |
GPP signal integrity section |
- |
This is a technical section that contains encoded concentrated information on the privacy signals present within the whole GPP string. |
|
5 |
Canadian TCF section |
No |
|
|
6 |
US privacy string (CCPA) |
No |
Deprecated |
|
7 |
US national section (MSPA) |
Yes |
|
|
8 |
US California section (CPRA) |
No |
|
|
9 |
US Virginia section (VCDPA) |
No |
|
|
10 |
US Colorado section (CPA) |
No |
|
|
11 |
US Utah section (CPA) |
No |
|
|
12 |
US Connecticut section (CTDPA) |
No |