IAB GPP Overview

Multi-market privacy signal transmission across environments including CTV.

What is the GPP?

The IAB Global Privacy Platform (GPP) is a protocol designed to transmit privacy and consent signals across markets and technology environments. It provides a single, extensible container that can carry:

  • TCF EU string (EU/UK GDPR and ePrivacy)
  • US state privacy strings (CCPA/CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, etc.)
  • Canadian consent signals
  • Future privacy law sections as they are added

GPP is increasingly the preferred approach for multi-market OTT platforms because it handles the complexity of different jurisdictions in a single signal.

Why GPP Matters for OTT/CTV

Multi-market coverage

If your platform operates in both EU/UK (requiring TCF) and US states (requiring opt-out signals under CCPA/CPRA), GPP provides a single signal container that carries both.

CTV environment support

GPP was designed with non-web environments in mind. Unlike TCF, which relies on browser cookies and the window.__tcfapi JavaScript interface, GPP supports:

  • URL-based signal passing in ad requests (key-value pairs)
  • Server-side signal transmission between platforms
  • SDK-based signal access on CTV devices

This makes GPP more practical for CTV ad delivery, where browser-style consent APIs are unavailable.

Industry momentum

Major US ad platforms (The Trade Desk, Google, Amazon Publisher Services) have adopted GPP for US privacy law compliance. If you run US CTV advertising, you are likely already touching GPP signals.

GPP Structure

A GPP string consists of:

  1. Header section — identifies which sections are present in the string
  2. Section strings — one per applicable jurisdiction (TCF EU, CPRA, etc.), each encoding the relevant consent/opt-out signals for that market

Your CMP generates the GPP string. Ad tech partners read it via the IAB GPP API or URL parameters.

US State Privacy Strings (US National Section)

For US-based OTT platforms and those serving US audiences, the GPP US National section allows you to signal:

  • Whether a user has opted out of sale / sharing of personal data
  • Whether targeted advertising opt-out has been applied
  • Sensitivity data signals (health, children's data, etc.)

This is particularly relevant for CTV platforms targeting US consumers under CCPA/CPRA and other state privacy laws.

Practical Implementation Steps

  1. Confirm your CMP supports GPP string generation (most major CMPs do as of 2024)
  2. Identify which GPP sections apply based on your target markets
  3. Confirm your ad tech partners support GPP signal reading (check their technical documentation)
  4. Implement GPP string passing in your ad requests (URL parameters or server-side)
  5. Test signal propagation end-to-end across web and CTV environments
  6. See the full implementation checklist

Implementing GPP for your CTV ad stack?

Book a call to review your multi-market consent signal requirements and implementation approach.

Book a GPP implementation call
IAB TCF Overview Consent Signal Checklist