Privacy compliance becomes a more complicated and costly issue for organizations with each new law passed. IAB Tech Lab, a non-profit research firm that focuses on the marketing industry, has introduced its Global Privacy Platform (GPP) in an attempt to streamline this process for organizations in the digital advertising space. The project uses a single protocol that presently assists with existing European Union (EU) and California Consumer Privacy Act (CCPA) privacy compliance requirements. The platform essentially acts as a middleman to ensure that inbound customer traffic has had local privacy and consent requirements applied to it properly, and move that traffic between the various involved parties (such as tech platforms and digital advertising firms) in a way that ensures compliance is maintained throughout the process.
IAB attempts to streamline international privacy compliance, but platform still in development
The GPP is a portion of the “Project Rearc” initiative, launched by IAB in 2020 to address how digital advertising will proceed as the traditional tracking cookie is increasingly filtered out of the ecosystem. The project involves experts in various aspects of digital advertising and privacy regulation from over 480 companies around the world, and has announced plans for a variety of future projects https://iabtechlab.com/project-rearc/ such as an open source universal user ID token standard and a platform that allows companies in a supply chain to more easily verify that they are meeting privacy compliance obligations.
For now, the GPP is looking to automate the handling of two of the biggest privacy regulations that international firms are required to deal with: Europe’s Transparency & Consent Framework, and California’s CCPA. The project is currently in a public comment period that will last until August 1, and further details are scheduled to be revealed at the IAB Tech Lab Summit: Transcend taking place on June 9.
Anthony Katsur (CEO of IAB Tech Lab) described this as the “first version” of the GPP, implying future expansion. Jason J. Raqueno (Senior Director of Privacy at IAB Tech Lab) specifically named California’s upcoming CPRA (slated to replace the CCPA on January 1 2023) and Canada’s PIPEDA as regulatory frameworks the GPP was built to address, along with “numerous new local privacy laws.” Katsur added that the organization is seeking to work with Brazil, which passed its General Data Protection Law (LGPD) in 2020.
In addition to checking data in motion to ensure that the required local privacy compliance elements have been collected at each stage, the GPP will automate the checking of other elements that can trip an organization up in terms of data storage. It will also incorporate a global list of vendors that have registered with IAB at both regional and global levels. The GPP’s specifications indicate it will function by having a global API that accesses a set of localized IAB APIs, which in turn each address a particular privacy compliance law. This structure allows for new APIs to be created and quickly onboarded for new privacy and digital advertising regulations as they emerge. This is to include support for “non-web” devices such as mobile apps and streaming services.
