Helping publishers comply with US privacy laws through a standards framework.
Starting in September 2025, Google will support National GPP v2. We will also continue to support National GPP v1.
Google does not require publishers to sign the IAB Multi-State Privacy Agreement {MSPA} to work with Google. AdSense is certified under the IAB Privacy Multi-State Privacy Agreement (MSPA) Certified Partner Program {CPP}. MSPA Certified Partners are permitted to process MSPA Covered Transactions without signing the MSPA.
- Use of the GPP is not required by Google and is simply one method publishers can use to support their compliance with US state privacy laws.
Developed by the IAB Tech Lab, the Global Privacy Platform {GPP} is a standard framework for storing and transmitting user privacy preferences.
AdSense supports GPP for publishers and consent management platforms {CMPs} that wish to use the framework to comply with US privacy laws. Using {GPP} or a consent management platform is not a requirement for US states that have privacy laws.
For ads served to users in the European Economic Area or the UK, {AdSense} will continue to use the IAB European Privacy String {TCF} through the use of a certified Consent Management Platform. TCF strings submitted via GPP will not be accepted.
Although the IAB discontinued the use of the US Privacy String in January 2024 and switched to GPP, AdSense will continue to read the US Privacy String to support web partners. We recommend that publishers and CMPs switch to using the GPP string instead of the US Privacy String if they choose to use the IAB framework to comply with US state privacy laws.
Note: GPP v1.0 is not supported and displays an error in the publisher console GPP_ERROR_STRING_IS_DEPRECATED_SPEC,
Global Privacy Platform Specifications,
AdSense only accepts the following strings in {GPP} US National, California, Colorado, Connecticut, Florida, and Virginia.
{AdSense} does not accept Canadian {IAB TCF} strings, United States Privacy Strings, United States State of Utah strings, or EU {IAB TCF} v2.2 strings as part of {GPP} support.
Publishers should work with their {CMP} partners to ensure EU {IAB} TC strings are built based on the EU {IAB TCF} v.2.2 specification.
US National,
- Google will trigger restricted data processing {RDP} if any of the following criteria are met:
The user does not consent to the sale of consumer personal information.
The user does not consent to the sharing of consumer personal information.
The user does not consent to the processing of consumer personal data for targeted advertising.
Google only reads the fields above the US National string.
California,
-
Google will trigger restricted data processing {RDP} if any of the following criteria are met:
The user does not consent to the sale of consumer personal information.
The user does not consent to the sharing of consumer personal information.
Google only reads the above field from the US State string for California.
Colorado, Connecticut, Virginia,
- Google will trigger restricted data processing {RDP} if any of the following criteria are met:
The user does not consent to the sale of consumer personal information.
The user does not consent to the processing of consumer personal data for targeted advertising.
Google only reads the above fields from the US State strings for Colorado, Connecticut, and Virginia.
Florida,
- Google will trigger restricted data processing {RDP} if any of the following criteria are met:
The user does not consent to the sale of consumer personal information.
The user does not consent to the processing of consumer personal data for targeted advertising.
Google only reads the above fields from the US State string for Florida.
Consent signals for Minors using the Global
Privacy Platform,
- Google's consent management solution does not support the ability to collect the {Known Child Sensitive Data Consents} field. Publishers using Google's consent management solution for US state regulations should review the information in the US state regulation message summary help center article.
US National ,
A request will be marked as child-related {TFCD} if one of the following criteria is met;
- Consent or no consent to Process Personal Information or Sensitive Consumer Information for Consumers Under 13 Years of Age.
- A request will trigger restricted data processing {RDP} if one of the following criteria is met:
- No consent to Process Personal Information or Sensitive Consumer Information for Consumers Ages 13 to 16.
- No consent to Process Personal Information or Sensitive Consumer Information for Consumers Ages 16 to 17.
California,
- A request will be marked as child-friendly {TFCD} if any of the following criteria are met:
- Consent or No Consent to Sell Personal Information of Consumers Under 16
- Consent or No Consent to Share Personal Information of Consumers Under 16.
Colorado, Virginia,
A request will be marked as child-friendly {TFCD} if the following criteria are met;
Consent or lack of consent to process sensitive data from a known child,
Connecticut,
A request will be flagged as child-friendly {TFCD} if any of the following criteria are met:
Consent to Process Sensitive Data of a Known Child,
A request will trigger restricted data processing {RDP} if any of the following criteria are met:No consent to Sell Personal Data of Consumers Aged at Least 13 but Under 16
No consent to Process Personal Data of Consumers Aged at Least 13 but Under 16 for Targeted Advertising Purposes.
Florida,
A request will be flagged as child-friendly {TFCD} if any of the following criteria are met:
Consent or no consent to Process Personal Data or Sensitive Consumer Data for Consumers Under 13 Years of Age.
A request will trigger restricted data processing {RDP} if any of the following criteria are met:
No consent to Process Sensitive Data for Consumers At Least 13 Years of Age, but Under 16 Years of Age
No consent to Process Sensitive Data for Consumers At Least 16 Years of Age, but Under 18 Years of Age..
GlobalNews....