Global Privacy Platform (GPP) for U.S. Businesses

The MSPA US National Section of the IAB Global Privacy Platform — now the Global Privacy Protocol — standardizes how privacy signals are encoded and transmitted across U.S. state laws and ad tech systems.

Start Free Contact sales

Are you managing privacy across multiple U.S. states?

More than 20 states now have comprehensive privacy laws in effect. Each defines opt-out rights, signal requirements, and data handling obligations differently.

Without a standardized approach, businesses end up with fragmented tools, inconsistent consent logic, and compliance gaps across vendors and systems.

GPP MSPA US National provides a single technical framework to manage privacy signals across all of them.

Learn about the Global Privacy Protocol →

What Is the GPP MSPA US National?

In early 2025, IAB Tech Lab renamed the Global Privacy Platform to the Global Privacy Protocol. The new name clarifies what it is: a technical standard for encoding and transmitting privacy signals across the digital advertising supply chain.

GPP MSPA US National gives publishers, advertisers, and ad tech vendors a consistent way to communicate visitor consent and opt-out preferences across systems, regardless of which U.S. state laws apply.

GPP works alongside your CMP, not instead of it. Usercentrics captures visitor consent preferences. GPP standardizes how those preferences are encoded and passed to downstream vendors and systems.

What GPP MSPA US National Implementation Involves

Implementing GPP MSPA US National involves two things: a technical specification and a contractual commitment. The technical side is the GPP string itself, a standardized format for encoding and transmitting privacy signals across your systems and vendors.

The contractual side is the MSPA. Unlike a pure signaling standard, the MSPA creates binding legal obligations among all signatories across the digital advertising supply chain.

A standardized signal format

Privacy preferences need to be encoded and transmitted consistently, across your systems and every vendor in your supply chain. GPP provides a single structured consent string, governed by the MSPA contractual framework, carrying the relevant state-law signals wherever data flows downstream.

Alignment across vendors and partners

Ad tech vendors, publishers, and internal systems all need to interpret GPP signals the same way. Inconsistency creates compliance gaps. The MSPA is the contractual framework that governs how all signatories handle those signals consistently.

A framework that evolves with the law

GPP is updated by IAB Tech Lab as new state laws take effect. Your implementation needs to keep pace automatically. As an IAB Tech Lab member, Usercentrics is involved in implementing new state sections, making them available to customers as they are released.

See Usercentrics CMP in Action

GPP support is built into Usercentrics CMP. See how it handles consent capture, signal encoding, and privacy preference management.

Explore the demo

GPP Works Across Your Whole Organization

Implementing the Global Privacy Protocol isn’t just a technical decision. It affects how teams operate, and how well they stay aligned as U.S. privacy requirements evolve.

For publishers and ad-supported media

GPP MSPA US National is foundational to your ad monetization stack. Ad tech buyers increasingly require valid GPP signals for programmatic transactions. Consistent MSPA signaling protects ad revenue and meets partner expectations.

For legal and compliance teams

The MSPA contractual framework, combined with standardized GPP signal handling, reduces the complexity of managing opt-out requirements across 20-plus U.S. states. Documented signal handling supports audit readiness and regulatory inquiries.

For marketing and adtech teams

Consistent GPP signal handling across vendors reduces signal loss, protects campaign performance, and keeps your ad tech stack aligned as state laws expand.

For engineering and technical teams

integrates into your existing consent infrastructure via Usercentrics CMP. No custom signal handling required. IAB Tech Lab updates the framework on a bi-annual release cycle, so your implementation stays current without rebuilding.

How Usercentrics Supports Global Privacy Protocol (GPP)

Usercentrics App CMP already supports GPP and Web CMP support is coming soon. Create a U.S. template for any applicable state, activate GPP, and configure your MSPA signatory status. No custom development required.

Generates and manages the GPP string across the MSPA US National Section
Transmits consent and opt-out signals to ad tech vendors automatically
Supports IAB Multi-State Privacy Agreement (MSPA) requirements
Adapts to GPP updates from IAB Tech Lab
Works within your existing consent infrastructure

View our MSPA National documentation

Get expert help with GPP implementation

Our team can walk you through what GPP requires, how the MSPA applies to your business, and how Usercentrics fits into your existing setup.

Talk to our team

Learn more about GPC

Article

Apr 14, 2026

Introduction to the IAB Global Privacy Platform (GPP): What U.S. publishers need to know

The Global Privacy Platform (GPP) enables publishers to signal consent and preference information obtained from users to third parties. This IAB initiative helps publishers evolve their compliance efforts and stay ahead of the rapidly evolving privacy landscape in a cost- and resource-friendly way.

Article

Feb 7, 2025

U.S. data privacy laws by state: rights and requirements

In 2025 more U.S. state privacy laws came into effect than in any previous year. Three more followed in 2026 and new ones continue to be passed. We compare what U.S. state-level data privacy laws mean for businesses and consumer rights in light of increasing regulation and enforcement.

Article

Mar 27, 2026

CPPA Enforcement Is Escalating: The Legal and Financial Risks U.S. Businesses Face Now

CalPrivacy’s enforcement apparatus has expanded dramatically: a new Audits Division, automated website scanning, the nine-state Consortium of Privacy Regulators, and a deterrence-first penalty philosophy. For U.S. businesses, the risk is no longer theoretical as investigations can open without warning, and fixing a violation before agency contact doesn’t guarantee avoiding a fine. Learn about the 10 areas driving enforcement.

Frequently asked questions

The Global Privacy Protocol is a technical standard developed by IAB Tech Lab for encoding and transmitting privacy signals across the digital advertising supply chain.

It was renamed from the Global Privacy Platform in early 2025 to clarify that it is a technical standard, not a software product. The acronym GPP remains unchanged.

For U.S. businesses, the relevant implementation is the MSPA US National section of the GPP, which works in conjunction with the IAB Multi-State Privacy Agreement.

The Multi-State Privacy Agreement (MSPA) is a contractual framework developed by IAB Privacy for advertisers, publishers, agencies, and ad tech intermediaries operating under U.S. state privacy laws.

The MSPA US National section of the GPP implements a “national approach,” applying the highest common standard across all applicable states rather than managing each separately. Businesses using the MSPA US National string must be MSPA signatories or certified partners. Resources are available atiabprivacy.com.

GPP is a framework for encoding and transmitting privacy signals across vendors and systems. Global Privacy Control (GPC) is a browser-based signal that communicates a visitor’s opt-out preference. The two work together: GPC signals can be encoded and transmitted via GPP.
Colorado is currently the only state with a formal application and approval process for recognized UOOMs. California, Colorado, and Connecticut have each explicitly confirmed that GPC qualifies as an approved mechanism under their respective laws.

No, businesses are not legally required to use GPP. However, it is the recommended framework by IAB Tech Lab for managing U.S. state privacy signals, and it is the only framework that currently supports all active state-specific privacy strings.
That September, California, Colorado, and Connecticut launched a joint investigative sweep targeting businesses failing to honor GPC signals. More multistate sweeps are expected in 2026. Regulators use automated tools to scan for non-compliant sites at scale.

No, GPP works alongside a CMP and consent banners. The CMP captures visitor consent and preferences. GPP standardizes how those signals are encoded and passed to downstream vendors and systems.

GPP currently includes state-specific sections for California, Virginia, Colorado, Utah, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Oregon, Montana, Texas, Maryland, Indiana, Kentucky, Florida, and Rhode Island. This list is updated by IAB Tech Lab as new state laws take effect.

Usercentrics CMP generates and manages the GPP string, transmits consent and opt-out signals to ad tech vendors automatically, and adapts to GPP updates from IAB Tech Lab. No custom development required.

Usercentrics CMP automatically detects and honors GPC signals as part of your consent management setup. Your team doesn’t have to manage it manually, and you won’t risk missing signals.