IAB MSPA: UniConsent CMP for IAB Multi-State Privacy Agreement API and MSPA Consent Signal


4 min read
Table of contents

Several state privacy laws will take effect in 2023, including the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), the Utah Consumer Privacy Act (UCPA), and the Connecticut Data Protection Act (CTDPA).

IAB MSPA: Support IAB Multi-State Privacy Agreement API in UniConsent CMPIAB MSPA: Support IAB Multi-State Privacy Agreement API in UniConsent CMP

To learn more about each law, please visit the following links: CPRA, CPA, VCDPA, UCPA, and CTDPA.

To ensure compliance with these upcoming privacy laws in California, Virginia, Colorado, Connecticut, and Utah, you may be wondering what steps you should take. You can find more information about how to comply with these laws at us-states-privacy-laws.

The Interactive Advertising Bureau's (IAB) Multi-State Privacy Agreement (MSPA) seeks to create a consistent privacy signaling standard that allows companies to respect consumer preferences throughout the online marketing ecosystem.

UniConsent CMP offers MSPA API and supports consent signals. By enabling MSPA consent signals in US states, you can comply with the forthcoming privacy laws in the United States.

What is the MSPA?

The Multi-State Privacy Agreement (MSPA) is a framework created by the Interactive Advertising Bureau (IAB) to assist advertisers, publishers, agencies, and ad tech intermediaries in complying with the privacy laws of five states that went into effect in 2023: California, Virginia, Colorado, Connecticut, and Utah. By adopting the MSPA, these companies can help ensure compliance with these upcoming privacy regulations.

It is worth noting that the MSPA consent signal is a component of the Global Privacy Platform (GPP) consent signals. You can learn more about the GPP at https://www.uniconsent.com/gpp.

Why is the MSPA Needed to Comply with State Privacy Laws?

The Multi-State Privacy Agreement (MSPA) is essential for compliance with the state privacy laws that will be enforced in 2023. These laws present significant challenges for ad tech vendors involved in targeting, delivering, and measuring digital advertising. The MSPA is uniquely positioned to help these vendors overcome these challenges and ensure compliance with the upcoming privacy regulations.

What Publishers Need to Know About Implementing the MSPA?

If you are a publisher, it is crucial to understand how to implement the MSPA correctly. For instance, the California Privacy Rights Act (CPRA) defines ad delivery, measurement, and frequency capping as "sales" of user data between partners. Therefore, publishers need to be aware of these common practices and implement the MSPA to comply with the CPRA and other forthcoming privacy laws.

Distinguishing Third Parties from Service Providers in the MSPA

In the context of the Multi-State Privacy Agreement (MSPA), it is essential to distinguish between third parties and service providers. Third parties are entities that receive personal data but do not directly collect it from customers. Examples of third-party entities include website analytics providers.

Service providers, on the other hand, process personal information on behalf of a business that is acting as a first party. Both third parties and service providers are subject to contractual requirements.

If classified as a service provider by a first party, a company is allowed to receive personal data for purposes such as measurement, ad delivery confirmation, and frequency capping. Service providers can also receive an IP address for contextual ad targeting, even if a user opts out. However, if a user opts out, service providers cannot receive data for "cross-context behavioral advertising," which includes ad targeting based on a user's personal information.

To comply with state laws, companies must provide users with an easy way to opt out of having their data sold. UniConsent offers a consent management platform (CMP) that can help companies achieve this goal. By enabling UniConsent's Global Privacy Platform (GPP) and Multi-State Privacy Agreement (MSPA) features, companies can deliver notices to users and provide them with a straightforward opt-out process through the UniConsent CMP user interface.

Upon installation on your system, UniConsent will automatically transmit consent signals to ad servers, prebid.js, oRTB vendors and other vendors support GPP signals.

As of today, the following companies are supporting GPP signals

  • AppNexus
  • GumGum
  • Improve Digital
  • Index Exchange (Prebid.js)
  • KueezRTB
  • OneTag
  • OpenX
  • Seedtag
  • Smaato
  • Smart AdServer
  • Taboola
  • TripleLift
  • The Trade Desk

Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

Sign up

Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

Sign up