There was an unexpected error authorizing you. Please try again.

Global Privacy Platform: Explained

As Project Rearc continues to move into its BUILD phase, the Global Privacy Platform (GPP) is next up for finalization. The Global Privacy Platform specification went into public comment in June with a 60-day public comment period. This has recently been extended for an additional two weeks to August 15th. Comments may be submitted to  

What is the Global Privacy Platform (GPP)?

So, what exactly is the Global Privacy Platform (GPP)? It’s a protocol and set of APIs that enable digital advertising supply chain participants to signal user privacy consent and choice through the digital ad supply chain. The GPP offers the industry a sustainable way to adapt to changes in existing privacy regulations and adopt new ones with its flexible, channel-agnostic, and open architecture. The GPP will ultimately reduce costs by eliminating the need to implement different, bespoke technologies for privacy signaling for every jurisdiction and every digital media channel, including browser, mobile (app & web), and CTV.

The GPP integrates with existing, highly-adopted, privacy signals, including USPrivacy and TCF.  It’s ready to support privacy signals for any other market today.

The platform can be divided into two main parts: the GPP string and the CMP APIs.

GPP String

The GPP string allows for communicating a user’s privacy preferences across jurisdictions. It concatenates user preferences for all jurisdictions into a single string. The privacy signals will not change for existing signals like USPrivacy and TCF; they will be a section in the GPP. For new signals, the GPP has a taxonomy that includes all known data purposes and data uses that can be combined to create manifests for any given jurisdiction. Policy bodies maintain governance over what must be included in a privacy string for a given jurisdiction, but a standard way to encode them makes it easier for the industry to adopt.

CMP API Specification

The GPP CMP APIs formalize a standard way for participants in the digital advertising ecosystem to expose and retrieve privacy signal details. For existing privacy signals, the CMP API is a bridge. For anything new, for example a privacy string in support of Canada’s Transparency and Consent Framework, a new API definition is not needed. In other words, no new JavaScript logic is needed, we would only need to specify the commands that are needed for that jurisdiction. The following example demonstrates how a vendor can listen to changes for TCF Canada and find out if consent is given for a specific vendor or purpose:

We can’t predict what privacy legislations around the globe will look like in the future but with the GPP, we have established a platform to quickly incorporate new legislative requirements and respond with faster speed to market.

For a deeper dive on the Global Privacy Platform, register for the upcoming webinar on August 24 at 12:30PM, ET.


Rowena Lam
Director, Privacy Technology Programs
IAB Tech Lab