Skip to content

Consent Management: IAB USPrivacy Explained

What is the IAB USPrivacy string (USP)?

Similar to the IAB TCF in Europe, the USPrivacy string was established by the IAB (Interactive Advertising Bureau) initially in response to the California Consumer Privacy Act (CCPA).

Similar again to TCF, the U.S. privacy string is a consent signal and standard that provides an agreed way for a website, such as a publisher, to obtain a consumer’s consent, record that consent, and distribute it in a format that all other downstream processors of that consumer’s personal data can understand and correctly enforce on their data processes.

Publishers and advertisers can use this to pass information about a consumer’s data privacy preferences to the vendors processing data on behalf of the publisher such as advertisers. The benefit for the consumer experience is preferencing the need to have multiple opt-outs on one website for all vendors processing personal data.

What are the differences between IAB TCF and IAB USP?

IAB TCF is a more comprehensive standard supporting a complex list of data processing activities and various lawful basis for processing data whereas US Privacy string is a simpler framework intended to reflect the requirements of the CCPA in California and as such, specifies only whether a consumer has seen an explicit notices (such as a pop up) and if the user has opted out of the use of their data for purposes that might be defined as a “sale” under the CCPA. This definition of “data sales” is often related to the use of personal data for analysis or advertising purposes.