Blog

What’s the IAB Tech Lab’s Global Privacy Platform (GPP) framework?

Sourcepoint
September 14, 2021

It’s not just GDPR and CCPA anymore. Data protection laws are emerging all over the world. With so many US state-level data protection laws in the works and privacy laws in South America and Asia on the rise as well, a global standard could be extremely important to paving a sustainable path forward for driving transparency and user choice, all while honoring regional requirements. 

The Global Privacy Working Group of the IAB Tech Lab, a non-profit research and development consortium, has been working on a global technical standard to help the digital advertising industry meet the requirements of different jurisdictions: the Global Privacy Platform. (Not to be confused with the Global Privacy Control – that’s a browser-level opt-out standard for CCPA.) 

Let’s get into it.

What is the Global Privacy Platform (GPP)?

Developed by the IAB Tech Lab’s Global Privacy Working Group, the Global Privacy Platform is meant to streamline technical privacy standards into a singular schema and set of tools which can adapt to regulatory and commercial market demands across channels.

How is the GPP different from the TCF?  

The Transparency and Consent Framework (TCF) was developed by IAB as a set of technical standards for complying with the GDPR. But since then, regional data protection authorities (DPAs)  have specified requirements for GDPR compliance for their own jurisdictions that are not addressed under the TCF. 

Furthermore, working towards a Global Privacy Platform moves beyond GDPR compliance to set up the industry to more easily adapt to data protection regulations as they emerge around the world. The TCF and the concept of a consent string is just the starting point.

What does it look like for a consent management platform (CMP)  to support GPP?

In practice, CMPs that support the GPP would be able to identify the user’s jurisdiction(s), apply the relevant policy framework to show the correct legal bases and permissions, and generate a section in the GPP string specific to that jurisdiction. Because GPP strings will have sections to specify jurisdiction, downstream vendors that receive a GPP signal will also get an indication of the context in which user preferences were set.

How will the GPP deal with jurisdictional overlap?

Jurisdictional overlap is a natural consequence of the extra-territorial nature of most data protection laws. In situations where a user interaction falls under two jurisdictions— maybe they live in Europe but are visiting a website in another country— a GPP consent signal will be able to accommodate multiple sections to indicate multiple jurisdictions and their specific legal bases.

What’s the benefit of establishing global technical privacy standards?

For users, participation in the GPP across as many jurisdictions as possible will make it easier to predict how data protections are met and enforced. 

For businesses—but especially publishers, advertisers, and ad tech firms—a global technical standard can reduce the cost of maintaining and updating privacy controls for users. In particular, the ability for the GPP consent signal to accommodate different jurisdictions could make it a lot easier for the digital media ecosystem to keep up with technical requirements as they evolve.


Want to learn more? Our Chief Privacy Officer, Julie Rubash, is joining the IAB Tech Lab panel discussion on the Global Privacy Platform project as part of their Addressability Solutions Roadshow series. Register for the event here

Latest Blog Posts

What’s the IAB Tech Lab’s Global Privacy Platform (GPP) framework?

September 14, 2021

It’s not just GDPR and CCPA anymore. Data protection...

A little privacy: week of July 20

July 27, 2021

California's new Consumer Privacy Interactive Tool lets consumers notify...

A little privacy: week of July 16

July 23, 2021

CA attorney general reinforces requirements to honor GPC. Ohio...

Latest White Papers

Ebook: A Publisher’s Guide to Vendor List Curation

August 16, 2021

This guide covers everything you need to know about...

Keep in touch

Sign up for our newsletter to keep up with the latest privacy and media news.

Let's explore what we can do together.

We’ll be in touch within 48 hours

    First name *

    Last name *

    Email address *

    Company *

    LeadRegion *

    Country *

    Message *

    * indicates required fields

    This site is registered on wpml.org as a development site.