Google Data Privacy Changes: Key Updates in July 2024

UniConsent

6 min read
Table of contents

Google will support the US National string within the Interactive Advertising Bureau’s (IAB) Global Privacy Platform (GPP) beginning July 2024. This move aims to enhance flexibility for publishers and their partners in adhering to US state privacy regulations. Notably, this change aligns with ongoing efforts to streamline consent management and privacy compliance. In this article, we help you understand what this update means and how UniConsent is supporting this transition.

Google Data Privacy Changes: Key Updates in July 2024Google Data Privacy Changes: Key Updates in July 2024

Understanding GPP and the US National String

Previously, advertising data was managed through various IAB privacy strings, each addressing a specific aspect of privacy compliance. While with the growing complexity of the advertising ecosystem and the increasing number of privacy regulations, a more unified and adaptable solution became necessary. This led to the introduction of the IAB Global Privacy Platform (GPP), designed to streamline and simplify these processes.

The IAB’s Global Privacy Platform (GPP) stands as a pivotal initiative by the IAB Tech Lab, revolutionizing privacy and consent management across digital media landscapes. This platform is designed to harmonize technical standards in privacy, offering a unified framework that ensures compliance with various privacy laws and regulations worldwide. By doing so, GPP aims to simplify adherence to privacy norms for online advertising businesses operating globally.

The GPP will support all existing privacy and more in the future, including:

The US National string is part of the IAB Privacy’s National Privacy Technical Specification, which outlines how consent signals should be communicated to ensure compliance with diverse state-level privacy requirements. This update facilitates a more coherent approach to managing user data and privacy preferences across the United States, addressing the patchwork of state laws such as the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA).

Google’s Integration with the US National String

Google Global Privacy Platform v1.1 (GPP v1.1) for compliance with US privacy laws, though its use is not mandatory for US states.

For users in the European Economic Area or the UK, Google will continue using the IAB Europe TCF with a certified CMP, like UniConsent CMP, and TCF strings sent through GPP will not be accepted.

Despite IAB deprecating the US Privacy String in January 2024 in favor of GPP, Google will still read the US Privacy String to support web and app partners.

It’s important to note that Google does not mandate the use of a Consent Management Platform (CMP), GPP, or the US National specification for compliance in US states. Publishers and CMPs are recommended to adopt GPP strings for US state privacy law compliance.

Google's GPP specifications

Google accepts only the following strings within GPP: US National, California, Virginia, Colorado, and Connecticut.

Google does not accept the IAB Canada TCF, US Privacy String, US State Utah, or IAB EU TCF v2 as part of GPP support.

Publishers should collaborate with their CMP partners to ensure that IAB EU TC strings are generated according to the IAB EU TCF v2 specification.

For US National, Google will activate restricted data processing (RDP) if any of the following criteria are met, Google only reads these fields:

  • The user opted out of the Sale of the Consumer's Personal Information.
  • The user opted out of the Sharing of the Consumer's Personal Information.
  • The user opted out of Processing the Consumer's Personal Data for Targeted Advertising.

US States string for California, Google will activate restricted data processing (RDP) if any of the following criteria are met, Google only reads these fields):

  • The user opted out of the Sale of the Consumer's Personal Information.
  • The user opted out of the Sharing of the Consumer's Personal Information.

US States string for Virginia, Connecticut, and Colorado will activate restricted data processing (RDP) if any of the following criteria are met, Google only reads these fields:

  • The user opted out of the Sale of the Consumer's Personal Information.

  • The user opted out of Processing the Consumer's Personal Data for Targeted Advertising. Google will activate restricted data processing (RDP) if any of the following criteria are met:

  • The user opted out of the Sale of the Consumer's Personal Information.

  • The user opted out of Processing the Consumer's Personal Data for Targeted Advertising.

Using UniConsent CMP now to meet All of these requirements.

Google recommends that publishers continue to use their tools for tagging sites, apps, and requests for child-directed treatment to ensure compliance with COPPA and other relevant regulations.

For US National, Requests will be marked for child-directed treatment (TFCD) if any of the following criteria are met:

  • Consent or no consent to process the consumer’s personal data or sensitive data for consumers younger than 13 years of age.

Requests will trigger restricted data processing (RDP) if any of the following criteria are met:

  • No consent to process the consumer’s personal data or sensitive data for consumers aged 13 to 16.

For California, Requests will be marked for child-directed treatment (TFCD) if any of the following criteria are met:

  • Consent or no consent to sell the personal information of consumers less than 16 years of age.
  • Consent or no consent to share the personal information of consumers less than 16 years of age.

For Virginia, Colorado, Requests will be marked for child-directed treatment (TFCD) if the following criteria are met:

  • Consent or no consent to process sensitive data from a known child.

For Connecticut, Requests will be marked for child-directed treatment (TFCD) if any of the following criteria are met:

  • Consent or no consent to process sensitive data from a known child.

Requests will trigger restricted data processing (RDP) if any of the following criteria are met:

  • No consent to sell the personal data of consumers aged 13 to 16.
  • No consent to process the personal data of consumers aged 13 to 16 for purposes of targeted advertising.

Using UniConsent CMP now to meet All of these recommends.

About UniConsent

UniConsent CMP is a globally recognized and certified Consent Management Platform (CMP) catering to leading publishers and serving tens of millions of users daily. By providing a seamless privacy experience, UniConsent CMP helps businesses navigate the post-GDPR era and meet the evolving demands of data protection regulations. Contact us to learn more: hello@uniconsent.com

Activate Google Consent Mode UniConsent to enhance the accuracy of your Google Analytics and Google Ads conversion data.

Set up Google Consent Mode →

Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

Sign up

Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

Sign up