GPP - Privacy Policy Guidance

There are no GPP specific privacy policy changes aside from what is already required under the relevant state privacy laws. The MSPA (which is the agreement tied to GPP) requires a notice of the ability to opt-out of the sale of data and/or targeted advertising. It also requires that you disclose in your privacy policy that your site honors the state law’s required opt-outs. You’ll want to be sure that your privacy policy contains the opt-out language for all applicable states. 


Typically, these are contained in a section related to the individual's data rights like in USA Today’s privacy policy.   


It’s worth noting that if you’re using the TCF in the EU, the IAB requires the following statement in your privacy policy (see Section 17). Note that we have entered the Admiral’s CMP ID for you:

“<Organisation> participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. <Organisation> [operates|uses] the Consent Management Platform with the identification number 9.” 


Let’s take for example a fictional publisher called Beachlife Today. On their Privacy Policy there is a section called “Information we collect” and a subsection called “Cookies.” Within the Cookies section, they outline the technologies used and the visitor’s opt-out rights. At the bottom of this section they put the following.


Beachlife Today participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Beachlife Today uses the Consent Management Platform with the identification number 9.


The above is general best practices as it relates to the IAB’s policies. Admiral is not a law firm and cannot provide legal advice so we recommend that you run these changes by counsel to ensure your privacy policy is in alignment with the company’s stance on privacy.