There was an unexpected error authorizing you. Please try again.

US State Privacy Signals Finalized – IAB Tech Lab Urges the Industry to Start Building Now

When the Global Privacy Platform (GPP), a user consent and preference communication and transport protocol, was finalized at the end of September, we advised the industry to begin building to it and to prepare for new US state-level privacy signaling support to come shortly after. The state-level signals were released for public comment in October, and the new signals for California, Virginia, Utah, Colorado, and Connecticut, plus the US National signal, are now finalized and ready for adoption.

If you have not started building to the specifications, you need to start building to them and you need to do it now. Two new state privacy laws go into effect on January 1st, 2023 – that’s just a few short weeks away. Other state laws are going into effect throughout 2023:

  • January 1st, 2023 – Updates to California’s privacy law (CPRA) becomes effective
  • January 1st, 2023 – Virginia’s privacy law becomes effective and enforceable
  • July 1st, 2023 – California; civil and administrative enforcement of CPRA begins
  • July 1st, 2023 – Colorado’s privacy law becomes effective and enforceable
  • July 1st, 2023 – Connecticut’s privacy law becomes effective and enforceable
  • December 31st, 2023 – Utah’s privacy law becomes effective and enforceable

The new state-level signals, when used in conjunction with the IAB Multi-State Privacy Agreement (MSPA), will aid the industry in complying with the five new state privacy laws. While the GPP and signals may be used independent of the MSPA, the MSPA provides the industry with a binding policy framework that governs the signals. Read about how the MSPA can help the industry meet their 2023 privacy challenges to learn more. 

In summary, we urge you to make sure the following are on your to-do list:

  1. Implement the Global Privacy Platform 
  2. Implement the US state privacy signals 
  3. Read and determine if you will be signing the Multi-State Privacy Agreement

If your organization hasn’t started solving the privacy challenges coming in the new year, it’s time to start ringing the alarm bells. There are real implications to being out of compliance with these laws – financial penalties and legal costs associated with dealing with non-compliance. January 1st is right around the corner, so there is no time to waste.