Consent Management: Configuring the Global Privacy Platform

Fides includes comprehensive support for the IAB's Global Privacy Platform (GPP). This feature is enabled when Fides is provisioned for you by Ethyca's Privacy Deployment Team. Please contact your Ethyca solutions team if you require support for GPP with Fides. To learn more about GPP, read our GPP user guide.

When GPP is enabled, the first step is to ensure you have correctly configured GPP for your business requirements.

To do this, login to Fides and navigate to Management → Consent.

First configure whether you will use a US national or a state-by-state approach. Read about the difference between US National and state-by-state approaches here.

You can make that selection in the management screen shown below:

You can also choose whether or not you want all transactions to be covered by the MSPA. Learn more about the MSPA here. You can also leave this unchecked.

Privacy notice configuration

After you select either US national or state-by-state, you can navigate to Consent → Notices to configure the notices that are served to users. Depending on the approach you select, you may see many privacy notices, as shown below for US State-by-state:

You can enable the notices that apply for your business and edit them to serve them on sites configured with fides.js. Read this guide to learn how to install fides.js on your site.

If you see a status of “Inactive” on a privacy notice, it means that you don’t have any systems on your data map that correspond to that notice. As a reminder, notices can only be activated when the same data use is associated with a system on your data map.

To read more about adding systems and associating data uses, review the tutorial, "Configuring Data Uses for Consent."

Some notices, such as data sales, data sharing, and notices related to sensitive personal data and children's data require that you configure the data use associated with your organizations business activities. Since different businesses are likely to use or sell information for different purposes, these notices are not initially assigned a data use, so you may select the data use that best matches your businsses data procssing activities. You can see an example of setting a data use for Children's sensitive data below:

The example below shows a sample configuration that presents data sales, sharing and targeted advertising notices in the five US states covered by GPP as of March 2024.

Configuring the privacy experience

Once you have configured your privacy notices, you must assign the notices to privacy experiences. US GPP notices can generally be assigned to a modal experience. Recommended assignments of notices to experiences are provided below. By default, Ethyca recommends assigning the targeted advertising and data sales and sharing notices for the state by state and US national approaches. The additional notices that require you to assign data uses are listed as "optional" in the tables below.

State by state - required notices

State by state - optional notices

US National - required notice

US National - optional notices

Testing the implementation

After you have configured your privacy notices and experiences to enable GPP, you can test the implementation on your site that includes Fides.js. Read more about the GPP API supported by fides.js on the Fides JavaScript APIs page.