This article is especially important for you, as you may be required to implement the Global Privacy Control for compliance if your website serves visitors based in the United States. Please make sure to consult with your legal or compliance team to ensure adherence to relevant regulations.
Table of contents
Basic information
The Global Privacy Platform (GPP) is a framework created by the Interactive Advertising Bureau (IAB). Its primary objective is to standardize the process of collecting and disclosing visitor consents through Consent Management Platforms (CMPs) to vendors. For more information, please refer to the official framework documentation.
Global Privacy Control (GPC) is a browser-level signal that enables visitors to opt out of sharing of their personal information. This means publishers must recognize and honor it.
For further details, please refer to the official documentation.
This article outlines how to utilize the GPP API on your website to detect and expose the user’s GPC signal to various third-party vendors.
Prerequisites
Configuring GPC using the GPP framework requires specific technical knowledge and capabilities. It involves adding scripts to the source code of your website and the ability to designate a static folder and files for your site. Cookie Information will not be able to assist you with these tasks, as they require direct access to your website's server and modifications to its source code. Please consult your web developer or the agency responsible for your website's maintenance for assistance.
Installation
The GPP configuration script
The GPP configuration script should be placed in the source code of your website before your regular Cookie Information script (the one that calls the uc.js library). Please see the example script below:
<script>
window.cookieInformationCustomConfig = {
GPP: {
applicableSections: [
{ id: 8, name: 'uscav1'},
],
},
};
</script>
You can dynamically determine the applicableSections property based on your needs and requirements. At a bare minimum, this involves defining the applicable GPP section (jurisdiction). The Cookie Information GPP API supports four sections:
[
{ id: 7, name: 'usnatv1'}, // US - national section
{ id: 8, name: 'uscav1'}, // US - California section
{ id: 10, name: 'uscov1'}, // US - Colorado section
{ id: 12, name: 'usctv1'}. // US - Connecticut section
]
Please ensure you adapt the example script to your needs, based on your jurisdiction.
Updating the basic Cookie Information pop-up script
Please update the basic Cookie Information pop-up script to include a new attribute called data-gpp-enabled
set to 'true'
. Please refer to the example below:
<script
id="CookieConsent" type="text/javascript" src="https://policy.app.cookieinformation.com/uc.js"
data-culture="DA" data-gpp-enabled="true" >
</script>
Please make sure to adapt the data-culture attribute in the example script to your needs.
Creating the gpc.json in the well-known path
GPC utilizes the .well-known
identifiers, enabling sites to demonstrate their adherence to the GPC specification. The presence of a specific file within this directory is a clear indication of a site’s commitment to incorporating GPC in its privacy compliance measures. For those looking to implement .well-known
files, various tools may be available across different Content Management Systems (CMS). While ready-made solutions for specific CMS platforms might exist, they should be employed by individuals capable of assessing their appropriateness and accuracy.
Here's a basic guideline for setting up a GPC file, provided you have the ability to manage static folders and files on your website. Begin by creating a folder named .well-known
at the root of your site, resulting in a path similar to yoursite.com/.well-known/
. Within this folder, you should create a file named gpc.json
. The contents of this file should follow the example provided, including a lastUpdate
field reflecting the most recent date of modification.
{
"gpc": true,
"lastUpdate": "2024-03-21"
}
By following these steps, you will establish a valid GPC file, signaling your compliance with GPC as understood within your specific context.
Moreover, it's advisable to complement the .well-known
file with a detailed statement in your Privacy Policy, clarifying your interpretation and implementation of GPC. The precise wording of this statement should be tailored to your site's needs and developed in consultation with your legal team. This ensures that your compliance is not only technically sound but also legally robust, aligning with your organization’s interpretation of GPC requirements.
Consent pop-up
The look and feel of the consent solution popup is up to you. The Global Privacy Platform sets no specific requirements, as it largely depends on the website’s business model and jurisdiction. The website should clearly describe its privacy policy, either within the consent popup or elsewhere on the site. Since there is no dedicated Cookie Information popup template available, you are free to use one that meets your other functional and legal requirements.
Validation
To validate your GPC setup, please refer to this article.