IAB Tech Lab Finalizes Global Privacy Platform and Advises the Industry to Prepare for Updated US State-Level Signaling

We are excited to announce that the Global Privacy Platform (GPP) has been finalized and is ready for industry adoption. The finalization of the GPP would not have been possible without the collaborative efforts of the members of the Global Privacy Working Group and Privacy & Rearc Commit Group representing a cross-section of the ad ecosystem.  

The GPP forms part of a portfolio of solutions developed by IAB Tech Lab, as part of the Project Rearc initiative, to help the industry solve for the challenges that come with the need to address differing and evolving privacy regulations worldwide. The GPP specifically, enables user consent signals to be communicated throughout the digital ad supply chain, and provides the protocol to help consolidate the management of different consent signals from multiple global privacy jurisdictions. The GPP also supports the Global Privacy Control (GPC). The GPP specifications include details on how existing privacy signals are incorporated into one platform. This includes the standard data types that are used for encoding privacy strings and standard mechanisms for senders and receivers of privacy strings.  

The GPP currently supports the: US Privacy and IAB Europe TCF consent strings. In the coming weeks, support for US state-specific privacy strings for California, Virginia, Utah, Colorado, and Connecticut, will also be made available. Later this year, support for the IAB Canada TCF consent string will be made available.

Check out the full GPP specifications for more detail.  

What does this mean for the TCF v2.0 Specifications?

The IAB Europe TCF v2.0 specifications are still available and supported. Most importantly, the TC string, including its encoding format, remains the same. While the adoption of the GPP is underway, there will be a period of time where the TC string may be retrieved from more than one location; either the TCF-specific or GPP interfaces. We advise the industry, especially those who need to consider consent signaling across multiple jurisdictions,  to adopt the GPP as it will be the primary framework where future global user consent and preference signaling will be made available. 

What does this mean for the US Privacy Specifications? 

Until this point the US Privacy Specifications have been used to support the IAB CCPA Compliance Framework, which included specifications for the creation and transport of privacy strings as well as data deletion request handling.

It is important to note that the US Privacy Specifications will not be updated to include the state-specific privacy strings that come into effect in 2023, instead these will only be available using the GPP. 

At this time, we urge that the industry begin transitioning away from the U.S Privacy Specifications and adopt GPP; as this will be the only platform to accommodate upcoming and future privacy and consent management requirements in the US. In addition to the US state-specific strings, IAB Tech Lab will expand the scope of GPP-supported signals to include strings for additional regions starting with IAB Canada’s TCF later this year.

Managing privacy regulations across multiple jurisdictions is complicated to say the least. IAB Tech Lab is proud to launch the GPP as it is set to become an invaluable tool in the arsenal to navigate the complexities of global privacy. 

We look forward to continued collaboration with the industry to iterate on the Global Privacy Platform.


About the Author

Rowena Lam
Senior Director, Privacy & Data
IAB Tech Lab