IAB Tech Lab Advances Privacy with GPP & DDRF Updates
▼ Summary
– IAB Tech Lab updated the Global Privacy Protocol to include new sections for Maryland, Indiana, Kentucky, and Rhode Island, reflecting recent U.S. state privacy laws.
– The GPP will adopt a bi-annual release cycle starting in 2026 to provide companies with a predictable schedule for adapting to privacy regulations.
– Version 2 of the Data Deletion Request Framework introduces standardized formats and security enhancements to improve interoperability and reduce compliance risk.
– Both updates are part of Project Rearc, an initiative to develop privacy-centric standards that support accountability in digital advertising.
– Public comments on these updates are open through December 1 for industry feedback.
The IAB Tech Lab has rolled out two significant updates focused on enhancing privacy and transparency in digital advertising: a refreshed Global Privacy Protocol (GPP) and the second version of the Data Deletion Request Framework (DDRF). Both are now available for public review and feedback until December 1.
This GPP release addresses the growing complexity of state-level privacy laws across the United States. It now includes dedicated sections for Maryland, Indiana, Kentucky, and Rhode Island, aligning with their respective enforcement dates. These changes are part of a broader restructuring of the protocol, intended to boost signal clarity and prepare for future legislative shifts at the state level. Starting in 2026, the IAB Tech Lab will transition to a twice-yearly update schedule for GPP, giving businesses a clearer timeline for adapting to new privacy rules. Anthony Katsur, CEO of IAB Tech Lab, emphasized that this predictable cycle helps companies maintain transparency and prioritize user choice while planning ahead with greater certainty.
Additionally, the GPP update proposes two implementation paths aimed at resolving confusion for downstream vendors regarding which sections apply in server-side environments. The organization is actively seeking industry input to finalize the most effective approach.
DDRF V2 introduces several improvements to streamline how companies handle consumer data deletion requests. It features standardized object formats, updated encoding techniques, and stronger security measures, all designed to increase compatibility across systems and lower compliance risks. Rowena Lam, Senior Director of Product at IAB Tech Lab, noted that DDRF V2 was developed to simplify operations and reduce legal exposure, helping organizations meet regulatory obligations while upholding consumer data rights. Already adopted by many in the industry and acknowledged by regulators, the framework ensures uniform processing of deletion requests throughout the advertising supply chain. This latest version solidifies its position as a foundational privacy standard.
Both the GPP and DDRF updates fall under the umbrella of Project Rearc, an IAB Tech Lab initiative dedicated to creating privacy-forward standards that support accountability and addressability in digital advertising. By establishing regular release timelines and refining essential frameworks, the Tech Lab aims to provide the tools needed for the industry to comply with regulations and preserve consumer confidence.
Public comments on both updates will be accepted through December 1.
(Source: MarTech)