What’s the IAB Tech Lab’s Global Privacy Platform (GPP) framework?
September 14, 2021
It’s not just GDPR and CCPA anymore. Data protection laws are emerging all over the world. With so many US state-level data protection laws in the works and privacy laws in South America and Asia on the rise as well, a global standard could be extremely important to paving a sustainable path forward for driving transparency and user choice, all while honoring regional requirements.
The Global Privacy Working Group of the IAB Tech Lab, a non-profit research and development consortium, has been working on a global technical standard to help the digital advertising industry meet the requirements of different jurisdictions: the Global Privacy Platform. (Not to be confused with the Global Privacy Control – that’s a browser-level opt-out standard for CCPA.)
Let’s get into it.
What is the Global Privacy Platform (GPP)?
Developed by the IAB Tech Lab’s Global Privacy Working Group, the Global Privacy Platform is meant to streamline technical privacy standards into a singular schema and set of tools which can adapt to regulatory and commercial market demands across channels.
How is the GPP different from the TCF?
The Transparency and Consent Framework (TCF) was developed by IAB as a set of technical standards for complying with the GDPR. But since then, regional data protection authorities (DPAs) have specified requirements for GDPR compliance for their own jurisdictions that are not addressed under the TCF.
Furthermore, working towards a Global Privacy Platform moves beyond GDPR compliance to set up the industry to more easily adapt to data protection regulations as they emerge around the world. The TCF and the concept of a consent string is just the starting point.
What does it look like for a consent management platform (CMP) to support GPP?
In practice, CMPs that support the GPP would be able to identify the user’s jurisdiction(s), apply the relevant policy framework to show the correct legal bases and permissions, and generate a section in the GPP string specific to that jurisdiction. Because GPP strings will have sections to specify jurisdiction, downstream vendors that receive a GPP signal will also get an indication of the context in which user preferences were set.
How will the GPP deal with jurisdictional overlap?
Jurisdictional overlap is a natural consequence of the extra-territorial nature of most data protection laws. In situations where a user interaction falls under two jurisdictions— maybe they live in Europe but are visiting a website in another country— a GPP consent signal will be able to accommodate multiple sections to indicate multiple jurisdictions and their specific legal bases.
What’s the benefit of establishing global technical privacy standards?
For users, participation in the GPP across as many jurisdictions as possible will make it easier to predict how data protections are met and enforced.
For businesses—but especially publishers, advertisers, and ad tech firms—a global technical standard can reduce the cost of maintaining and updating privacy controls for users. In particular, the ability for the GPP consent signal to accommodate different jurisdictions could make it a lot easier for the digital media ecosystem to keep up with technical requirements as they evolve.
Want to learn more? Our Chief Privacy Officer, Julie Rubash, is joining the IAB Tech Lab panel discussion on the Global Privacy Platform project as part of their Addressability Solutions Roadshow series. Register for the event here.
Latest Blog Posts
It’s not just GDPR and CCPA anymore. Data protection...
California's new Consumer Privacy Interactive Tool lets consumers notify...
CA attorney general reinforces requirements to honor GPC. Ohio...
Latest White Papers
This guide covers everything you need to know about...
Keep in touch
Sign up for our newsletter to keep up with the latest privacy and media news.