Skip to content

Consent Management: IAB Global Privacy Platform (GPP)

What is the IAB Global Privacy Platform (GPP)?

In an effort to better standardize publisher and advertiser data privacy compliance, the IAB (Internet Advertising Bureau) developed the Global Privacy Platform, a standard framework and consent signal intended to provide compliance for General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Digital Advertising Alliance (DAA).

The GPP was announced in June 2022, two years after the announcement of Project Rearc which involved cross-industry collaboration to define and develop a single standard for consent compliance. The goal of GPP is to simplify managing evolving privacy regulations across multiple geographies and markets so that publishers can more easily and consistently comply with privacy regulations and afford their consumer’s greater transparency.

Like the IAB TCF and USP, GPP is a standard framework for obtaining consumer consent, recording that consent and syndicating, or transmitting a user’s preferences of consent to vendors processing the user’s data.

What is the benefit of IAB Global Privacy Platform (GPP)?

The GPP eliminates the need to integrate with multiple, varied privacy signal standards and instead provides a signal standard that supports both IAB TCF and IAB USPrivacy. The GPP provides a standard taxonomy that includes all known data purposes and uses to ensure it can function for any location in the world, simplifying legal requirements into a signal interoperable standard.

US Privacy and GPP

GPP supports US state privacy regulations through two methods, a US National approach or a state-by-state approach. Each approach will help you comply with consent and opt-out requirements of US laws and it's up to you to determine the approach that best suits your business.

US National approach

The US National approach seeks to provide consent preferences to users that meet or exceed the requirements of all applicable state privacy laws, as if users making choices were a resident of each and every applicable state. For companies that want to ensure coverage across the US with minimal customization, the US National approach may be the right choice.

State-by-state approach

The GPP also supports a more targeted state-by-state approach to US privacy laws. Under this approach, consent preferences are created individually for each applicable jurisdiction and consumers are provided with these consent options only when they are known to be located in an applicable state. For businesses that want to comply with each state law individually, while not treating all users as a resident of an applicable state, the state-by-state approach may be the right choice.

GPP and the MSPA

Another goal of the GPP is to support the IAB's Multi-State Privacy Agreement. Businesses can choose whether to indicate that transactions are covered by the MSPA or not when using GPP. Critically, the GPP does not require that you are a part of the MSPA. You can rely on the unified API and approach to consent preferences provided by the GPP with, or without, signing the MSPA.