Consent Management: Configuring the Global Privacy Platform

10minFidesConsent Management

This tutorial requires Fides Cloud or Fides Enterprise. For more information, talk to our solutions team.

Fides includes comprehensive support for the IAB's Global Privacy Platform (GPP). This feature is enabled when Fides is provisioned for you by Ethyca's Privacy Deployment Team. Please contact your Ethyca solutions team if you require support for GPP with Fides. To learn more about GPP, read our GPP user guide.

When GPP is enabled, the first step is to ensure you have correctly configured GPP for your business requirements.

To do this, login to Fides and navigate to Management → Consent.

First configure whether you will use a US national or a state-by-state approach. Read about the difference between US National and state-by-state approaches here.

You can make that selection in the management screen shown below:

You can also choose whether or not you want all transactions to be covered by the MSPA. Learn more about the MSPA here. You can also leave this unchecked.

Privacy notice configuration

After you select either US national or state-by-state, you can navigate to Consent → Notices to configure the notices that are served to users. Depending on the approach you select, you may see many privacy notices, as shown below for US State-by-state:

You can enable the notices that apply for your business and edit them to serve them on sites configured with fides.js. Read this guide to learn how to install fides.js on your site.

Please note state–by-state notices will only be shown to users in the states where those notices apply, while the US National notices will be displayed to users located anywhere in the United States.

If you see a status of “Inactive” on a privacy notice, it means that you don’t have any systems on your data map that correspond to that notice. As a reminder, notices can only be activated when the same data use is associated with a system on your data map.

To read more about adding systems and associating data uses, review the tutorial, "Configuring Data Uses for Consent."

Some notices, such as data sales, data sharing, and notices related to sensitive personal data and children's data require that you configure the data use associated with your organizations business activities. Since different businesses are likely to use or sell information for different purposes, these notices are not initially assigned a data use, so you may select the data use that best matches your businsses data procssing activities. You can see an example of setting a data use for Children's sensitive data below:

Assigning a data use to childrens sensitive data notice

The example below shows a sample configuration that presents data sales, sharing and targeted advertising notices in the five US states covered by GPP as of March 2024.

Configuring the privacy experience

Once you have configured your privacy notices, no additional configuration is required on your privacy experience to serve GPP notices. When Fides.js is installed on your site, users will see the appropriate GPP notices either through a banner prompt or when opening the CMP modal by clicking on a link to manage their privacy preferences.

Testing the implementation

After you have configured your privacy notices and experiences to enable GPP, you can test the implementation on your site that includes Fides.js. Read more about the GPP API supported by fides.js on the Fides JavaScript APIs page.

Configuring Global Privacy Control (GPC)Configure TCF 2.2