Set up the Global Privacy Platform with Global Privacy Control
Note: This article is important if your website serves visitors in the United States and you need to support Global Privacy Control. Check with your legal or compliance team to confirm which regulations apply to your website.
The Global Privacy Platform (GPP) is a framework created by the Interactive Advertising Bureau (IAB). It helps websites share consent information with vendors in a standardized way. For technical details about the framework, see the Global Privacy Platform specification.
Global Privacy Control (GPC) is a browser signal that allows visitors to opt out of sharing their personal information. Your website must recognize and respect this signal when it applies.
In this article, we’ll show you how to use the GPP API to detect a visitor’s GPC signal and share it with third-party vendors.
Before you start
Here are a few things to know before you start:
- You need access to your website’s source code.
- You need permission to create files on your server.
Set up the Global Privacy Platform with Global Privacy Control
To set up the Global Privacy Platform with Global Privacy Control, follow these steps:
- Place the GPP configuration script in your website’s source code before the Cookie Information script (the script that loads the
uc.jslibrary).
Example
<script> window.cookieInformationCustomConfig = { GPP: { applicableSections: [ { id: 8, name: 'usca'}, ], }, };</script>- Set the
applicableSectionsvalue based on the jurisdiction that applies to your website.
Note: The Cookie Information GPP API supports the following sections:
- US – national section (usnatv1)
- US – California section (uscav1)
- US – Colorado section (uscov1)
- US – Connecticut section (usctv1)
[ { id: 7, name: 'usnatv1'}, // US - national section { id: 8, name: 'uscav1'}, // US - California section { id: 10, name: 'uscov1'}, // US - Colorado section { id: 12, name: 'usctv1'}. // US - Connecticut section ]Choose the section that matches your legal requirements.
- Update your Cookie Information popup script to enable GPP support by adding the following attribute:
data-gpp-enabled="true".
Example:
<script id="CookieConsent" type="text/javascript" src="https://policy.app.cookieinformation.com/uc.js" data-culture="DA" data-gpp-enabled="true" ></script>Note: Make sure that the data-culture value matches the language used on your website.
- Global Privacy Control uses a standard location called the
.well-knownidentifiers. To create the required file, go to the root directory of your website.
Note:
.well-knownidentifiers show that your website supports the GPC specification.- Many content management systems (CMS) offer tools to help you implement
.well-knownfiles. Only use ready-made solutions if you can verify they are accurate and suitable for your configuration.
- Create a folder named:
.well-known. Your path should look like this:
yoursite.com/.well-known/- Inside this folder, create a
gpc.jsonfile.
- Add the following content to the file:
{
"gpc": true,
"lastUpdate": "2024-03-21"
}Update the lastUpdate value whenever you change this file.
Note: This file signals that your website supports Global Privacy Control.
- Done.
Add a statement to your privacy policy
We recommend adding a short statement to your privacy policy about how your website supports Global Privacy Control.
Ask your legal team to review the wording before you publish it.
Consent popup design
You can choose the design and layout of your consent popup. The Global Privacy Platform sets no specific requirements.
The right setup depends on:
- Your business model.
- Your jurisdiction.
- Your legal requirements.
Make sure your website clearly explains your privacy policy in the consent popup or on another page.
Check your setup
Make sure Global Privacy Control is working correctly.
See the validation guide for testing steps.
