diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..cc17777 Binary files /dev/null and b/.DS_Store differ diff --git a/Sections/.DS_Store b/Sections/.DS_Store new file mode 100644 index 0000000..c4d3e16 Binary files /dev/null and b/Sections/.DS_Store differ diff --git a/Sections/Section Information.md b/Sections/Section Information.md index 3ec3367..bc3925a 100644 --- a/Sections/Section Information.md +++ b/Sections/Section Information.md @@ -54,32 +54,32 @@ Each section represents a unique privacy signal, usually a unique jurisdiction. 7 usnat - US - national section (coming soon) + US - national section 8 usca - US - California section (coming soon) + US - California section 9 usva - US - Virginia section (coming soon) + US - Virginia section 10 usco - US - Colorado section (coming soon) + US - Colorado section 11 usut - US - Utah section (coming soon) + US - Utah section 12 usct - US - Connecticut section (coming soon) + US - Connecticut section diff --git "a/Sections/US-National/IAB Privacy\342\200\231s National Privacy Technical Specification.md" "b/Sections/US-National/IAB Privacy\342\200\231s National Privacy Technical Specification.md" index 53671e8..54b2446 100644 --- "a/Sections/US-National/IAB Privacy\342\200\231s National Privacy Technical Specification.md" +++ "b/Sections/US-National/IAB Privacy\342\200\231s National Privacy Technical Specification.md" @@ -1,11 +1,30 @@ -

GPP Extension: IAB Privacy’s National Privacy Technical Specification

+ +

GPP Extension: IAB Privacy’s US National Privacy Technical Specification

About this document

-

The global standard GPP defines a way for local standards to "plug-in" into the existing mechanics defined by GPP and the GPP client side API. This document outlines the technical specification for using the GPP specifications with the IAB Privacy Multi-State Privacy Agreement legal requirements.

+

The global standard GPP defines a way for local standards to "plug-in" into the existing mechanics defined by GPP and the GPP client side API. This document outlines the technical specification for using the GPP specifications with the IAB Privacy Multi-State Privacy Agreement legal requirements.

-

National Privacy Section

-

The National Privacy Section is a string that consists of the following components. Users should employ the National Privacy Section only if they will adhere to the National Approach for their processing of a consumer’s personal data.

+

Version History 

+
+ + + + + + + + + + + + + +
DateVersionComments
November 20221.0Version 1.0 released
+
+ +

US National Privacy Section

+

The US National Privacy Section is a string that consists of the components described below. Users should employ the US National Privacy Section only if they will adhere to the National Approach for their processing of a consumer’s personal data.

Summary

@@ -22,15 +41,17 @@ - - + +
Client side API prefixuspnatThe National Privacy section is registered with client side API prefix “uspnat” in the GPP Client Side API.usnatThe US National Privacy section is registered with client side API prefix “usnat” in the GPP Client Side API.
+

Section encoding

Core Segment

The core segment must always be present. Where terms are capitalized in the ‘description’ field they are defined terms in applicable State Privacy Laws and the MSPA. It consists of the following fields:

+
@@ -48,263 +69,254 @@ - + - + - + - +0 Not Applicable. The Business does not share Personal Data with Third Parties.

1 Yes, notice was provided

2 No, notice was not provided

- + - +0 Not Applicable. The Business does not Sell Personal Data.

1 Yes, notice was provided

2 No, notice was not provided

- + - + - + - +0 Not Applicable.The Business does not Process Personal Data for Targeted Advertising.

1 Yes, notice was provided

2 No, notice was not provided

- + - +0 Not Applicable. The Business does not Process Sensitive Data.

1 Yes, notice was provided

2 No, notice was not provided

- + - +0 Not Applicable. The Business does not use or disclose Sensitive Data.

1 Yes, notice was provided

2 No, notice was not provided

- + - - + - - + - - + - - + - - + - +0 Not Applicable. The Business does not use, retain, Sell, or Share the Consumer’s Personal Data for advertising purposes that are unrelated to or incompatible with the purpose(s) for which the Consumer’s Personal Data was collected or processed.

1 Consent

2 No Consent 

- + - + - + - + - + - +
VersionVersion Int(6)The version of this section specification used to encode the string.The version of this section specification used to encode the string.
SharingNoticeSharingNotice Int(2)Notice of the Sharing of the Consumer’s Personal Data with Third Parties. 

References: +

Notice of the Sharing of the Consumer’s Personal Data with Third Parties. 

References:

    -
  • Virginia Code 59.1-578(C)(4) – (5)
    • -
  • Colo. Rev. Stat. 6-1-1308(1)(1)(IV) – (V)
    • -
  • Utah Code 13-61-302(1)(1)(iv) – (v)
    • -
  • Conn. PA No. 22-15, Sec. 6(3)(4)-(5)
    • +
  • Virginia Code 59.1-578(C)(4) – (5)
    • +
  • Colo. Rev. Stat. 6-1-1308(1)(1)(IV) – (V)
    • +
  • Utah Code 13-61-302(1)(1)(iv) – (v)
    • +
  • Conn. PA No. 22-15, Sec. 6(3)(4)-(5)
-0 Not Applicable. The Business does not share Personal Data with Third Parties.

1 Yes, notice was provided

2 No, notice was not provided

SaleOptOutNoticeSaleOptOutNotice Int(2)Notice of the Opportunity to Opt Out of the Sale of the Consumer’s Personal Data.

References:  +

Notice of the Opportunity to Opt Out of the Sale of the Consumer’s Personal Data.

References: 

    -
  • Cal. Civ. Code 1798.100(1)(1), (3), Cal. Civ. Code 1798.135(1), and/or Cal. Civ. Code 1798.135(2), and rules promulgated thereunder.
    • -
  • Virginia Code 59.1-578(D)
    • -
  • Colo. Rev. Stat 6-1-1308(1)(2) and Colo. Rev. Stat. 6-1-1306(1)(1)(III)
    • -
  • Utah Code 13-61-302(1)(2)(i)
    • -
  • Conn. PA No. 22-15, Sec. 6(4) and Conn. PA No. 22-15, Sec. 4(2)
    • +
  • Cal. Civ. Code 1798.100(1)(1), (3), Cal. Civ. Code 1798.135(1), and/or Cal. Civ. Code 1798.135(2), and rules promulgated thereunder.
    • +
  • Virginia Code 59.1-578(D)
    • +
  • Colo. Rev. Stat 6-1-1308(1)(2) and Colo. Rev. Stat. 6-1-1306(1)(1)(III)
    • +
  • Utah Code 13-61-302(1)(2)(i)
    • +
  • Conn. PA No. 22-15, Sec. 6(4) and Conn. PA No. 22-15, Sec. 4(2)
-0 Not Applicable. The Business does not Sell Personal Data.

1 Yes, notice was provided

2 No, notice was not provided

SharingOptOutNoticeSharingOptOutNotice Int(2)Notice of the Opportunity to Opt Out of the Sharing of the Consumer’s Personal Data.

References: (i) Cal. Civ. Code 1798.100(1)(1), (3), (ii) Cal. Civ. Code 1798.135(1) and/or (iii) Cal. Civ. Code 1798.135(2) 0 Not Applicable.The Business does not Share Personal Data.

1 Yes, notice was provided

2 No, notice was not provided

Notice of the Opportunity to Opt Out of the Sharing of the Consumer’s Personal Data.

References: (i) Cal. Civ. Code 1798.100(1)(1), (3), (ii) Cal. Civ. Code 1798.135(1) and/or (iii) Cal. Civ. Code 1798.135(2) 0 Not Applicable.The Business does not Share Personal Data.

1 Yes, notice was provided

2 No, notice was not provided
TargetedAdvertisingOptOutNoticeTargetedAdvertisingOptOutNotice Int(2)Notice of the Opportunity to Opt Out of Processing of the Consumer’s Personal Data for Targeted Advertising

References:  +

Notice of the Opportunity to Opt Out of Processing of the Consumer’s Personal Data for Targeted Advertising

References: 

    -
  • Virginia Code 59.1-578(D)
    • -
  • Colo. Rev. Stat 6-1-1308(1)(2) and Colo. Rev. Stat. 6-1-1306(1)(1)(III)
    • -
  • Utah Code 13-61-302(1)(2)(ii)
    • -
  • Conn. PA No. 22-15, Sec. 6(4) and Conn. PA No. 22-15, Sec. 4(2)
    • +
  • Virginia Code 59.1-578(D)
    • +
  • Colo. Rev. Stat 6-1-1308(1)(2) and Colo. Rev. Stat. 6-1-1306(1)(1)(III)
    • +
  • Utah Code 13-61-302(1)(2)(ii)
    • +
  • Conn. PA No. 22-15, Sec. 6(4) and Conn. PA No. 22-15, Sec. 4(2)
-0 Not Applicable.The Business does not Process Personal Data for Targeted Advertising.

1 Yes, notice was provided

2 No, notice was not provided

SensitiveDataProcessingOptOutNoticeSensitiveDataProcessingOptOutNotice Int(2)Notice of the Opportunity to Opt Out of the Processing of the Consumer’s Sensitive Data

References:  +

Notice of the Opportunity to Opt Out of the Processing of the Consumer’s Sensitive Data

References: 

    -
  • Utah Code 13-61-302(3)(1)
    • +
  • Utah Code 13-61-302(3)(1)
-0 Not Applicable. The Business does not Process Sensitive Data.

1 Yes, notice was provided

2 No, notice was not provided

SensitiveDataLimitUseNoticeSensitiveDataLimitUseNotice Int(2)Notice of the Opportunity to Limit Use or Disclosure of the Consumer’s Sensitive Data

References:  +

Notice of the Opportunity to Limit Use or Disclosure of the Consumer’s Sensitive Data

References: 

    -
  • Cal. Civ. Code 1798.100(1)(2)-(3), (ii) Cal. Civ. Code 1798.135(1), and/or (iii) Cal. Civ. Code 1798.135(2) and rules promulgated thereunder
    • +
  • Cal. Civ. Code 1798.100(1)(2)-(3), (ii) Cal. Civ. Code 1798.135(1), and/or (iii) Cal. Civ. Code 1798.135(2) and rules promulgated thereunder
-0 Not Applicable. The Business does not use or disclose Sensitive Data.

1 Yes, notice was provided

2 No, notice was not provided

SaleOptOutSaleOptOut Int(2)Opt-Out of the Sale of the Consumer’s Personal Data

References: +

Opt-Out of the Sale of the Consumer’s Personal Data

References:

    -
  • Cal. Civ. Code 1798.135(1) and/or 1798.135(2)
    • -
  • Virginia Code 59.1-578(D)
    • -
  • Colo. Rev. Stat. 6-1-1306(1)(1)(III) or 6-1-1306(1)(1)(IV)
    • -
  • Utah Code 13-61-302(1)(2)(i)
    • -
  • Conn. PA No. 22-15, Sec. 4(5)(i) or (ii)
    • +
  • Cal. Civ. Code 1798.135(1) and/or 1798.135(2)
    • +
  • Virginia Code 59.1-578(D)
    • +
  • Colo. Rev. Stat. 6-1-1306(1)(1)(III) or 6-1-1306(1)(1)(IV)
    • +
  • Utah Code 13-61-302(1)(2)(i)
    • +
  • Conn. PA No. 22-15, Sec. 4(5)(i) or (ii)
0 Not Applicable. SaleOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out
SharingOptOutSharingOptOut Int(2)Opt-Out of the Sharing of the Consumer’s Personal Data

References:  +

Opt-Out of the Sharing of the Consumer’s Personal Data

References: 

    -
  • Cal. Civ. Code 1798.120(1) using a method that adheres to Cal. Civ. Code 1798.135(1) and/or 1798.135(2)
    • +
  • Cal. Civ. Code 1798.120(1) using a method that adheres to Cal. Civ. Code 1798.135(1) and/or 1798.135(2)
0 Not Applicable. SharingOptOutNotice value was not applicable or no notice was provided.

1 Opted Out

2 Did Not Opt Out
TargetedAdvertisingOptOutTargetedAdvertisingOptOut Int(2)Opt-Out of Processing the Consumer’s Personal Data for Targeted Advertising

References: +

Opt-Out of Processing the Consumer’s Personal Data for Targeted Advertising

References:

    -
  • Virginia Code 59.1-578(D)
    • -
  • Colo. Rev. Stat. 6-1-1306(1)(1)(III) or 6-1-1306(1)(1)(IV)
    • -
  • Utah Code 13-61-302(1)(2)(ii)
    • -
  • Conn. PA No. 22-15, Sec. 4(5)(i) or (ii)
    • +
  • Virginia Code 59.1-578(D)
    • +
  • Colo. Rev. Stat. 6-1-1306(1)(1)(III) or 6-1-1306(1)(1)(IV)
    • +
  • Utah Code 13-61-302(1)(2)(ii)
    • +
  • Conn. PA No. 22-15, Sec. 4(5)(i) or (ii)
0 Not Applicable. TargetedAdvertisingOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out
SensitiveDataProcessingSensitiveDataProcessing N-Bitfield(2,12)Two bits for each Data Activity:0 Not Applicable. The Business does not Process the specific category of Sensitive Data.

1 Consent

2 No Consent (1). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin. 

References: +

Two bits for each Data Activity:0 Not Applicable. The Business does not Process the specific category of Sensitive Data.

1 Consent

2 No Consent (1). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin. 

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Colo. Rev. Stat. 6-1-1308(7)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Colo. Rev. Stat. 6-1-1308(7)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(2). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Religious or Philosophical Beliefs. 

References: +(2). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Religious or Philosophical Beliefs. 

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Colo. Rev. Stat. 6-1-1308(7)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Colo. Rev. Stat. 6-1-1308(7)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(3). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Concerning a Consumer’s Health (including a Mental or Physical Health Condition or Diagnosis; Medical History; or Medical Treatment or Diagnosis by a Health Care Professional).

References: +(3). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Concerning a Consumer’s Health (including a Mental or Physical Health Condition or Diagnosis; Medical History; or Medical Treatment or Diagnosis by a Health Care Professional).

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Colo. Rev. Stat. 6-1-1308(7)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Colo. Rev. Stat. 6-1-1308(7)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(4). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation.

References: +(4). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation.

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Colo. Rev. Stat. 6-1-1308(7)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Colo. Rev. Stat. 6-1-1308(7)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(5). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status.

References: +(5). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status.

References:

    -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Colo. Rev. Stat. 6-1-1308(7)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Colo. Rev. Stat. 6-1-1308(7)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(6). Consent to Process the Consumer’s Sensitive Data Consisting of Genetic Data for the Purpose of Uniquely Identifying an Individual / Natural Person.

References: +(6). Consent to Process the Consumer’s Sensitive Data Consisting of Genetic Data for the Purpose of Uniquely Identifying an Individual / Natural Person.

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Colo. Rev. Stat. 6-1-1308(7)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Colo. Rev. Stat. 6-1-1308(7)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(7). Consent to Process the Consumer’s Sensitive Data Consisting of Biometric Data for the Purpose of Uniquely Identifying an Individual / Natural Person.

References: +(7). Consent to Process the Consumer’s Sensitive Data Consisting of Biometric Data for the Purpose of Uniquely Identifying an Individual / Natural Person.

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Colo. Rev. Stat. 6-1-1308(7)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Colo. Rev. Stat. 6-1-1308(7)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(8). Consent to Process the Consumer’s Sensitive Data Consisting of Precise Geolocation Data.

References: +(8). Consent to Process the Consumer’s Sensitive Data Consisting of Precise Geolocation Data.

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(9). Consent to Process the Consumer’s Sensitive Data Consisting of a Consumer’s Social Security, Driver’s License, State Identification Card, or Passport Number.

References: +(9). Consent to Process the Consumer’s Sensitive Data Consisting of a Consumer’s Social Security, Driver’s License, State Identification Card, or Passport Number.

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
-(10). Consent to Process the Consumer’s Sensitive Data Consisting of a Consumer’s Account Log-In, Financial Account, Debit Card, or Credit Card Number in Combination with Any Required Security or Access Code, Password, or Credentials Allowing Access to an Account.

References: +(10). Consent to Process the Consumer’s Sensitive Data Consisting of a Consumer’s Account Log-In, Financial Account, Debit Card, or Credit Card Number in Combination with Any Required Security or Access Code, Password, or Credentials Allowing Access to an Account.

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
-(11). Consent to Process the Consumer’s Sensitive Data Consisting of Union Membership.

References: +(11). Consent to Process the Consumer’s Sensitive Data Consisting of Union Membership.

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
-(12). Consent to Process the Consumer’s Sensitive Data Consisting of the contents of a Consumer’s Mail, Email, and Text Messages unless You Are the Intended Recipient of the Communication.

References: +(12). Consent to Process the Consumer’s Sensitive Data Consisting of the contents of a Consumer’s Mail, Email, and Text Messages unless You Are the Intended Recipient of the Communication.

References:

    -
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
    • +
  • Cal. Civ. Code 1798.100(a)(2), 1798.121(a), and 1798.135(a)
KnownChildSensitiveDataConsentsKnownChildSensitiveDataConsents N-Bitfield(2,2)Two bits for each Data Activity:0 Not Applicable. The Business does not have actual knowledge that it Processes Personal Data or Sensitive Data of a Consumer who is a known child.

1 Consent

2 No Consent (1). Consent to Process the Consumer’s Personal Data or Sensitive Data for Consumers from Age 13 to 16.

References: +

Two bits for each Data Activity:0 Not Applicable. The Business does not have actual knowledge that it Processes Personal Data or Sensitive Data of a Consumer who is a known child.

1 Consent

2 No Consent (1). Consent to Process the Consumer’s Personal Data or Sensitive Data for Consumers from Age 13 to 16.

References:

    -
  • Cal. Civ. Code Cal. Civ. Code 1798.120(c)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code Cal. Civ. Code 1798.120(c)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
-(2). Consent to Process the Consumer’s Personal Data or Sensitive Data for Consumers Younger Than 13 Years of Age.

References: +(2). Consent to Process the Consumer’s Personal Data or Sensitive Data for Consumers Younger Than 13 Years of Age.

References:

    -
  • Cal. Civ. Code Cal. Civ. Code 1798.120(c)
    • -
  • Virginia Code 59.1-578(A)(5)
    • -
  • Colo. Rev. Stat. 6-1-1308(7)
    • -
  • Utah Code 13-61-302(3)(a)
    • -
  • Conn. PA 22-15, Sec. 6(a)(4)
    • +
  • Cal. Civ. Code Cal. Civ. Code 1798.120(c)
    • +
  • Virginia Code 59.1-578(A)(5)
    • +
  • Colo. Rev. Stat. 6-1-1308(7)
    • +
  • Utah Code 13-61-302(3)(a)
    • +
  • Conn. PA 22-15, Sec. 6(a)(4)
PersonalDataConsentsPersonalDataConsents Int(2)Consent to Collection, Use, Retention, Sale, and/or Sharing of the Consumer’s Personal Data that Is Unrelated to or Incompatible with the Purpose(s) for which the Consumer’s Personal Data Was Collected or Processed 

References: +

Consent to Collection, Use, Retention, Sale, and/or Sharing of the Consumer’s Personal Data that Is Unrelated to or Incompatible with the Purpose(s) for which the Consumer’s Personal Data Was Collected or Processed 

References:

    -
  •  Cal. Civ. Code 1798.100(c) 
    • +
  •  Cal. Civ. Code 1798.100(c) 
-0 Not Applicable. The Business does not use, retain, Sell, or Share the Consumer’s Personal Data for advertising purposes that are unrelated to or incompatible with the purpose(s) for which the Consumer’s Personal Data was collected or processed.

1 Consent

2 No Consent 

MspaCoveredTransactionMspaCoveredTransaction Int(2)Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a “Covered Transaction” as defined in the MSPA. 0 Not Applicable

1 Yes

2 No

Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a “Covered Transaction” as defined in the MSPA. 

1 Yes

2 No
MspaOptOutOptionModeMspaOptOutOptionMode Int(2)Publisher or Advertiser, as applicable, has enabled “Opt-Out Option Mode” for the “Covered Transaction,” as such terms are defined in the MSPA.0 Not Applicable.

1 Yes

2 No

Publisher or Advertiser, as applicable, has enabled “Opt-Out Option Mode” for the “Covered Transaction,” as such terms are defined in the MSPA.

0 Not Applicable.

1 Yes

2 No
MspaServiceProviderModeMspaServiceProviderMode Int(2)Publisher or Advertiser, as applicable, has enabled “Service Provider Mode” for the “Covered Transaction,” as such terms are defined in the MSPA.0 Not Applicable

1 Yes

2 No

Publisher or Advertiser, as applicable, has enabled “Service Provider Mode” for the “Covered Transaction,” as such terms are defined in the MSPA.

0 Not Applicable

1 Yes

2 No
-

GPC Segment

-
+ +

GPC Sub-section

+

GPC is signaled in user agent headers(Sec-GPC) and a simple javascript API (globalPrivacyControl). Entities creating GPP strings should check for whether GPC is set and pass along the value they find (from the headers or javascript API) in this sub-section.

+ - - - - - - + - - - + + + - -
Field NameGPP Field TypeDescription
GpcBoolean0 false

1 true

Field NameGPP Field TypeDescription
-
-

Client side API

-

Key Names

-

In the mobile or CTV context, the key names to be used in GPP are listed below.

-
- + - - + + + - - + + +
GPP Key NameValue(s)SubsectionTypeInt(2)

0 Core

1 GPC
IABGPP_7_StringString: Full encoded USPNAT stringGpcBoolean

0 false

1 true
-
diff --git a/Sections/US-National/README.md b/Sections/US-National/README.md index 8a8ada7..9f0ec37 100644 --- a/Sections/US-National/README.md +++ b/Sections/US-National/README.md @@ -1,5 +1,4 @@

IAB Privacy’s National Privacy Technical Specification

-

The section specifications included in this directory are in public comment until October 27, 2022. Comments may be submitted to support@iabtechlab.com

Contained in this directory are technical specifications for the National privacy strings to support the National Approach as defined in the MSPA. diff --git a/Sections/US-States/.DS_Store b/Sections/US-States/.DS_Store new file mode 100644 index 0000000..f6f8431 Binary files /dev/null and b/Sections/US-States/.DS_Store differ diff --git "a/Sections/US-States/CA/GPP Extension: IAB Privacy\342\200\231s California Privacy Technical Specification.md" "b/Sections/US-States/CA/GPP Extension: IAB Privacy\342\200\231s California Privacy Technical Specification.md" index 18e01cd..5691743 100644 --- "a/Sections/US-States/CA/GPP Extension: IAB Privacy\342\200\231s California Privacy Technical Specification.md" +++ "b/Sections/US-States/CA/GPP Extension: IAB Privacy\342\200\231s California Privacy Technical Specification.md" @@ -1,8 +1,29 @@

GPP Extension: IAB Privacy’s California Privacy Technical Specification

About this document

-

The global standard GPP defines a way for local standards to "plug-in" into the existing mechanics defined by GPP and the GPP client side API. This document outlines the technical specification for using the GPP specifications with the IAB Privacy Multi-State Privacy Agreement legal requirements.

+

The global standard GPP defines a way for local standards to "plug-in" into the existing mechanics defined by GPP and the GPP client side API. This document outlines the technical specification for using the GPP specifications with the IAB Privacy Multi-State Privacy Agreement legal requirements.

+ +

Version History 

+
+ + + + + + + + + + + + + +
DateVersionComments
November 20221.0Version 1.0 released
+
+ + +

California Privacy Section

-

The California Privacy Section consists of the following components. Users should employ the California Privacy String only if they have determined the CPRA applies to their processing of a consumer's personal information.

+

The California Privacy Section consists of the components described below. Users should employ the California Privacy String only if they have determined the CPRA applies to their processing of a consumer's personal information.

Summary

@@ -20,14 +41,14 @@ - - + +
Client side API prefixuspcaThe California Privacy Section is registered with client side API prefix "uspca" in the GPP Client Side API.uscaThe California Privacy Section is registered with client side API prefix "usca" in the GPP Client Side API.

Section encoding

-

Core Segment

-

The core segment must always be present. Where terms are capitalized in the ‘description’ field they are defined terms in Cal. Civ. Code 1798.140. It consists of the following fields: +

Core Sub-section

+

The core sub-section must always be present. Where terms are capitalized in the ‘description’ field they are defined terms in Cal. Civ. Code 1798.140. It consists of the following fields:

@@ -46,61 +67,65 @@ - + - + - + - + - + - + - + - + - + - + - +
SaleOptOutNotice Int(2)Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Information

0Not Applicable. The Business does not Sell Personal Data.

1 Yes, notice was provided

2 No, notice was not provided

Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Information

0 Not Applicable. The Business does not Sell Personal Data.

1 Yes, notice was provided

2 No, notice was not provided
SharingOptOutNotice Int(2)Notice of the Opportunity to Opt Out of the Sharing of the Consumer's Personal Information

0Not Applicable.The Business does not Share Personal Data.

1 Yes, notice was provided

2 No, notice was not provided

Notice of the Opportunity to Opt Out of the Sharing of the Consumer's Personal Information

0 Not Applicable.The Business does not Share Personal Data.

1 Yes, notice was provided

2 No, notice was not provided
SensitiveDataLimitUseNotice Int(2)Notice of the Opportunity to Limit Use or Disclosure of the Consumer's Sensitive Personal Information

0Not Applicable. The Business does not use or disclose Sensitive Data.

1 Yes, notice was provided

2 No, notice was not provided

Notice of the Opportunity to Limit Use or Disclosure of the Consumer's Sensitive Personal Information

0 Not Applicable. The Business does not use or disclose Sensitive Data.

1 Yes, notice was provided

2 No, notice was not provided
SaleOptOut Int(2)Opt-Out of the Sale of the Consumer's Personal Information

0Not Applicable. SaleOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out

Opt-Out of the Sale of the Consumer's Personal Information

0 Not Applicable. SaleOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out
SharingOptOut Int(2)Opt-Out of the Sharing of the Consumer's Personal Information

0Not Applicable. SharingOptOutNotice value was not applicable or no notice was provided.

1 Opted Out

2 Did Not Opt Out

Opt-Out of the Sharing of the Consumer's Personal Information

0 Not Applicable. SharingOptOutNotice value was not applicable or no notice was provided.

1 Opted Out

2 Did Not Opt Out
SensitiveDataProcessing N-Bitfield(2,9)Two bits for each Data Activity:

0Not Applicable. SensitiveDataLimitUseNotice value was not applicable or no notice was provided.

1 Did Not Opt Out

2 Opted Out

(1) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Social Security, Driver's License, State Identification Card, or Passport Number.

(2) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Account Log-In, Financial Account, Debit Card, or Credit Card Number in Combination with Any Required Security or Access Code, Password, or Credentials Allowing Access to an Account.

(3) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Precise Geolocation.

(4) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Racial or Ethnic Origin, Religious or Philosophical Beliefs, or Union Membership.

(5) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals the contents of a Consumer's Mail, Email, and Text Messages unless You Are the Intended Recipient of the Communication.

(6) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Genetic Data.

(7) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Biometric Information tor the Purpose of Uniquely Identifying a Consumer.

(8) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Personal Information Collected and Analyzed Concerning a Consumer's Health.

(9) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Personal Information Collected and Analyzed Concerning a Consumer's Sex Life or Sexual Orientation.

Two bits for each Data Activity:

0 Not Applicable. SensitiveDataLimitUseNotice value was not applicable or no notice was provided.

1 Opted Out

2 Did Not Opt Out

Data Activities:

(1) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Social Security, Driver's License, State Identification Card, or Passport Number.

(2) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Account Log-In, Financial Account, Debit Card, or Credit Card Number in Combination with Any Required Security or Access Code, Password, or Credentials Allowing Access to an Account.

(3) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Precise Geolocation.

(4) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Racial or Ethnic Origin, Religious or Philosophical Beliefs, or Union Membership.

(5) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals the contents of a Consumer's Mail, Email, and Text Messages unless You Are the Intended Recipient of the Communication.

(6) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Genetic Data.

(7) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Biometric Information tor the Purpose of Uniquely Identifying a Consumer.

(8) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Personal Information Collected and Analyzed Concerning a Consumer's Health.

(9) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Personal Information Collected and Analyzed Concerning a Consumer's Sex Life or Sexual Orientation.
KnownChildSensitiveDataConsents N-Bitfield(2,2)Two bits for each Data Activity:

0Not Applicable. The Business does not have actual knowledge that it Processes Personal Data or Sensitive Data of a Consumer who is at least 13 years of age but younger than 16 years of age.

1 Consent

2 No Consent

(1) Consent to Sell the Personal Information of Consumers Less Than 16 years of Age

(2) Consent to Share the Personal Information of Consumers Less Than 16 years of Age

Two bits for each Data Activity:

0 Not Applicable. The Business does not have actual knowledge that it Processes Personal Information of Consumers Less Than 16 years of Age.

1 Consent

2 No Consent

Data Activities:

(1) Consent to Sell the Personal Information of Consumers Less Than 16 years of Age

(2) Consent to Share the Personal Information of Consumers Less Than 16 years of Age
PersonalDataConsents Int(2)Consent to Collection, Use, Retention, Sale, and/or Sharing of the Consumer's Personal Data that Is Unrelated to or Incompatible with the Purpose(s) for which the Consumer's Personal Data Was Collected or Processed

0Not Applicable. The Business does not use, retain, Sell, or Share the Consumer's Personal Data for advertising purposes that are unrelated to or incompatible with the purpose(s) for which the Consumer's Personal Data was collected or processed.

1Consent

0No Consent

Consent to Collection, Use, Retention, Sale, and/or Sharing of the Consumer's Personal Data that Is Unrelated to or Incompatible with the Purpose(s) for which the Consumer's Personal Data Was Collected or Processed

0 Not Applicable. The Business does not use, retain, Sell, or Share the Consumer's Personal Data for advertising purposes that are unrelated to or incompatible with the purpose(s) for which the Consumer's Personal Data was collected or processed.

1 Consent

2 No Consent
MspaCoveredTransaction Int(2)Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a "Covered Transaction" as defined in the MSPA.

0Not Applicable

1 Yes

2 No

Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a "Covered Transaction" as defined in the MSPA.

1 Yes

2 No
MspaOptOutOptionMode Int(2)Publisher or Advertiser, as applicable, has enabled "Opt-Out Option Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0Not Applicable

1 Yes

2 No

Publisher or Advertiser, as applicable, has enabled "Opt-Out Option Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0 Not Applicable

1 Yes

2 No
MspaServiceProviderMode Int(2)Publisher or Advertiser, as applicable, has enabled "Service Provider Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0Not Applicable

1 Yes

2 No

Publisher or Advertiser, as applicable, has enabled "Service Provider Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0 Not Applicable

1 Yes

2 No
-

GPC Segment

+ + +

GPC Sub-section

+

GPC is signaled in user agent headers(Sec-GPC) and a simple javascript API (globalPrivacyControl). Entities creating GPP strings should check for whether GPC is set and pass along the value they find (from the headers or javascript API) in this sub-section.

+ @@ -111,26 +136,16 @@ + + + + +
SubsectionTypeInt(2)

0 Core

1 GPC

Gpc Boolean

0 false

1 true
-

Client side API

-

Key Names

-

In the mobile or CTV context, the key names to be used in GPP are listed below.

- - - - - - - - - - - - - -
GPP Key NameValue(s)
IABGPP_8_StringString: Full encoded USPCA string
+ + diff --git a/Sections/US-States/CA/README.md b/Sections/US-States/CA/README.md index 95d4569..e48c0e0 100644 --- a/Sections/US-States/CA/README.md +++ b/Sections/US-States/CA/README.md @@ -1,5 +1,5 @@ # IAB Privacy’s California Privacy Technical Specification -

This section's specifications included in this directory are in public comment until October 27, 2022. Comments may be submitted to support@iabtechlab.com

+ Contained in this directory are technical specifications for California privacy strings to support CPRA compliance. diff --git "a/Sections/US-States/CO/GPP Extension: IAB Privacy\342\200\231s Colorado Privacy Technical Specification.md" "b/Sections/US-States/CO/GPP Extension: IAB Privacy\342\200\231s Colorado Privacy Technical Specification.md" index 9950836..d17d75c 100644 --- "a/Sections/US-States/CO/GPP Extension: IAB Privacy\342\200\231s Colorado Privacy Technical Specification.md" +++ "b/Sections/US-States/CO/GPP Extension: IAB Privacy\342\200\231s Colorado Privacy Technical Specification.md" @@ -1,8 +1,28 @@

GPP Extension: IAB Privacy’s Colorado Privacy Technical Specification

About this document

The global standard GPP defines a way for local standards to "plug-in" into the existing mechanics defined by GPP and the GPP client side API. This document outlines the technical specification for using the GPP specifications with the IAB Privacy Multi-State Privacy Agreement legal requirements.

+ +

Version History 

+
+ + + + + + + + + + + + + +
DateVersionComments
November 20221.0Version 1.0 released
+
+ +

Colorado Privacy Section

-

The Colorado Privacy Section consists of the following components. Users should employ the Colorado Privacy Section only if they have determined the CPA applies to their processing of a consumer's personal data.

+

The Colorado Privacy Section consists of the components described below. Users should employ the Colorado Privacy Section only if they have determined the CPA applies to their processing of a consumer's personal data.

Summary

@@ -20,8 +40,8 @@ - - + +
Client side API prefixuspcoThe Colorado Privacy Section is registered with client side API prefix "uspco" in the GPP Client Side API.uscoThe Colorado Privacy Section is registered with client side API prefix "usco" in the GPP Client Side API.
@@ -45,69 +65,77 @@ SharingNotice Int(2) -Notice of the Sharing of Personal Data with Third Parties.

0Not Applicable. The Business does not share Personal Data with Third Parties.

1 Yes, notice was provided

2 No, notice was not provided +Notice of the Sharing of Personal Data with Third Parties.

0 Not Applicable. The Controller does not share Personal Data with Third Parties.

1 Yes, notice was provided

2 No, notice was not provided SaleOptOutNotice Int(2) -Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Data

0Not Applicable. The Business does not Sell Personal Data.

1 Yes, notice was provided

2 No, notice was not provided +Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Data

0 Not Applicable. The Controller does not Sell Personal Data.

1 Yes, notice was provided

2 No, notice was not provided TargetedAdvertisingOptOutNotice Int(2) -Notice of the Opportunity to Opt Out of Processing of the Consumer's Personal Data for Targeted Advertising

0Not Applicable.The Business does not Process Personal Data for Targeted Advertising.

1 Yes, notice was provided

2 No, notice was not provided +Notice of the Opportunity to Opt Out of Processing of the Consumer's Personal Data for Targeted Advertising

0 Not Applicable.The Controller does not Process Personal Data for Targeted Advertising.

1 Yes, notice was provided

2 No, notice was not provided SaleOptOut Int(2) -Opt-Out of the Sale of the Consumer's Personal Data

0Not Applicable. SaleOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out +Opt-Out of the Sale of the Consumer's Personal Data

0 Not Applicable. SaleOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out TargetedAdvertisingOptOut Int(2) -Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising

0Not Applicable. TargetedAdvertisingOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out +Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising

0 Not Applicable. TargetedAdvertisingOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out SensitiveDataProcessing N-Bitfield(2,7) -Two bits for each Data Activity:

0Not Applicable. The Business does not Process the specific category of Sensitive Data.

1 Consent

0No Consent

(1) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin.

(2) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs.

(3) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing a Mental or Physical Health Condition or Diagnosis.

(4) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation.

(5) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Citizenship Status.

(6) Consent to Process the Consumer's Sensitive Data Consisting of Genetic Data that May Be Processed for the Purpose of Uniquely Identifying an Individual.

(7) Consent to Process the Consumer's Sensitive Data Consisting of Biometric Data that May Be Processed for the Purpose of Uniquely Identifying an Individual. +Two bits for each Data Activity:

0 Not Applicable. The Controller does not Process the specific category of Sensitive Data.

1 Consent

0No Consent

(1) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin.

(2) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs.

(3) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing a Mental or Physical Health Condition or Diagnosis.

(4) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation.

(5) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Citizenship Status.

(6) Consent to Process the Consumer's Sensitive Data Consisting of Genetic Data that May Be Processed for the Purpose of Uniquely Identifying an Individual.

(7) Consent to Process the Consumer's Sensitive Data Consisting of Biometric Data that May Be Processed for the Purpose of Uniquely Identifying an Individual. KnownChildSensitiveDataConsents Int(2) -Consent to Process Sensitive Data from a Known Child.

0Not Applicable. The Business does not Process Sensitive Data of a known Child.

1 Consent

2 No Consent +Consent to Process Sensitive Data from a Known Child.

0 Not Applicable. The Controller does not Process Sensitive Data of a known Child.

1 Consent

2 No Consent MspaCoveredTransaction Int(2) -Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a "Covered Transaction" as defined in the MSPA.

0Not Applicable

1 Yes

2 No +Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a "Covered Transaction" as defined in the MSPA.

1 Yes

2 No MspaOptOutOptionMode Int(2) -Publisher or Advertiser, as applicable, has enabled "Opt-Out Option Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0Not Applicable

1 Yes

2 No +Publisher or Advertiser, as applicable, has enabled "Opt-Out Option Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0 Not Applicable

1 Yes

2 No MspaServiceProviderMode Int(2) -Publisher or Advertiser, as applicable, has enabled "Service Provider Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0Not Applicable

1 Yes

2 No +Publisher or Advertiser, as applicable, has enabled "Service Provider Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0 Not Applicable

1 Yes

2 No -

Client side API

-

Key Names

-

In the mobile or CTV context, the key names to be used in GPP are listed below.

+ +

GPC Sub-section

+

GPC is signaled in user agent headers(Sec-GPC) and a simple javascript API (globalPrivacyControl). Entities creating GPP strings should check for whether GPC is set and pass along the value they find (from the headers or javascript API) in this sub-section.

+ - - + + + - - + + + + + + + +
GPP Key NameValue(s)Field NameGPP Field TypeDescription
IABGPP_10_StringString: Full encoded USPCO stringSubsectionTypeInt(2)

0 Core

1 GPC

GpcBoolean

0 false

1 true
diff --git a/Sections/US-States/CO/README.md b/Sections/US-States/CO/README.md index c9889bc..1204ba4 100644 --- a/Sections/US-States/CO/README.md +++ b/Sections/US-States/CO/README.md @@ -1,5 +1,5 @@ # IAB Privacy’s Colorado Privacy Technical Specification -

This section's specifications included in this directory are in public comment until October 27, 2022. Comments may be submitted to support@iabtechlab.com

+ Contained in this directory are technical specifications for Colorado privacy strings to support CPA compliance. diff --git "a/Sections/US-States/CT/GPP Extension: IAB Privacy\342\200\231s Connecticut Privacy Technical Specification.md" "b/Sections/US-States/CT/GPP Extension: IAB Privacy\342\200\231s Connecticut Privacy Technical Specification.md" index 84dddc6..fabc30c 100644 --- "a/Sections/US-States/CT/GPP Extension: IAB Privacy\342\200\231s Connecticut Privacy Technical Specification.md" +++ "b/Sections/US-States/CT/GPP Extension: IAB Privacy\342\200\231s Connecticut Privacy Technical Specification.md" @@ -1,8 +1,28 @@

GPP Extension: IAB Privacy’s Connecticut Privacy Technical Specification

About this document

The global standard GPP defines a way for local standards to "plug-in" into the existing mechanics defined by GPP and the GPP client side API. This document outlines the technical specification for using the GPP specifications with the IAB Privacy Multi-State Privacy Agreement legal requirements.

+ +

Version History 

+
+ + + + + + + + + + + + + +
DateVersionComments
November 20221.0Version 1.0 released
+
+ +

Connecticut Privacy Section

-

The Connecticut Privacy Section consists of the following components. Users should employ the Connecticut Privacy Section only if they have determined the CAPDP applies to their processing of a consumer's personal data.

+

The Connecticut Privacy Section consists of the components described below. Users should employ the Connecticut Privacy Section only if they have determined the CAPDP applies to their processing of a consumer's personal data.

Summary

@@ -20,8 +40,8 @@ - - + +
Client side API prefixuspctThe Connecticut Privacy Section is registered with client side API prefix "uspct" in the GPP Client Side API.usctThe Connecticut Privacy Section is registered with client side API prefix "usct" in the GPP Client Side API.
@@ -45,83 +65,77 @@ SharingNotice Int(2) -Notice of the Sharing of Personal Data with Third Parties

0Not Applicable. The Controller does not share Personal Data with Third Parties.

1 Yes

2 No +Notice of the Sharing of Personal Data with Third Parties

0 Not Applicable. The Controller does not share Personal Data with Third Parties.

1 Yes

2 No SaleOptOutNotice Int(2) -Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Data

0Not Applicable. The Controller does not Sell Personal Data.

1 Yes, notice was provided

2 No, notice was not provided +Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Data

0 Not Applicable. The Controller does not Sell Personal Data.

1 Yes, notice was provided

2 No, notice was not provided TargetedAdvertisingOptOutNotice Int(2) -Notice of the Opportunity to Opt Out of Processing of the Consumer's Personal Data for Targeted Advertising

0Not Applicable.The Controller does not Process Personal Data for Targeted Advertising.

1 Yes, notice was provided

2 No, notice was not provided +Notice of the Opportunity to Opt Out of Processing of the Consumer's Personal Data for Targeted Advertising

0 Not Applicable.The Controller does not Process Personal Data for Targeted Advertising.

1 Yes, notice was provided

2 No, notice was not provided SaleOptOut Int(2) -Opt-Out of the Sale of the Consumer's Personal Data

0Not Applicable. SaleOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out +Opt-Out of the Sale of the Consumer's Personal Data

0 Not Applicable. SaleOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out TargetedAdvertisingOptOut Int(2) -Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising

0Not Applicable. TargetedAdvertisingOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out +Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising

0 Not Applicable. TargetedAdvertisingOptOutNotice value was not applicable or no notice was provided

1 Opted Out

2 Did Not Opt Out SensitiveDataProcessing N-Bitfield(2,8) -Two bits for each Data Activity:

0Not Applicable. The Controller does not Process the specific category of Sensitive Data.

1 Consent

0No Consent

(1) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin.

(2) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs.

(3) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing a Mental or Physical Health Condition or Diagnosis.

(4) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation.

(5) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status.

(6) Consent to Process the Consumer's Sensitive Data Consisting of Genetic Data that May Be Processed for the Purpose of Uniquely Identifying an Individual.

(7) Consent to Process the Consumer's Sensitive Data Consisting of Biometric Data that May Be Processed for the Purpose of Uniquely Identifying an Individual.

(8) Consent to Process the Consumer's Sensitive Data Consisting of Precise Geolocation Data. +Two bits for each Data Activity:

0 Not Applicable. The Controller does not Process the specific category of Sensitive Data.

1 Consent

0No Consent

(1) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin.

(2) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs.

(3) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing a Mental or Physical Health Condition or Diagnosis.

(4) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation.

(5) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status.

(6) Consent to Process the Consumer's Sensitive Data Consisting of Genetic Data that May Be Processed for the Purpose of Uniquely Identifying an Individual.

(7) Consent to Process the Consumer's Sensitive Data Consisting of Biometric Data that May Be Processed for the Purpose of Uniquely Identifying an Individual.

(8) Consent to Process the Consumer's Sensitive Data Consisting of Precise Geolocation Data. KnownChildSensitiveDataConsents N-Bitfield(2,3) -Two bits for each Data Activity:

0Not Applicable. The Controller does not Process Sensitive Data of a known Child.

1 Consent

2 No Consent

(1) Consent to Process Sensitive Data from a Known Child.

(2) Consent to Sell the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age.

(3) Consent to Process the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age for Purposes of Targeted Advertising. +Two bits for each Data Activity:

0 Not Applicable. The Controller does not Process Sensitive Data of a known Child.

1 Consent

2 No Consent

(1) Consent to Process Sensitive Data from a Known Child.

(2) Consent to Sell the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age.

(3) Consent to Process the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age for Purposes of Targeted Advertising. MspaCoveredTransaction Int(2) -Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a "Covered Transaction" as defined in the MSPA.

0Not Applicable

1 Yes

2 No +Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a "Covered Transaction" as defined in the MSPA.

1 Yes

2 No MspaOptOutOptionMode Int(2) -Publisher or Advertiser, as applicable, has enabled "Opt-Out Option Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0Not Applicable

1 Yes

2 No +Publisher or Advertiser, as applicable, has enabled "Opt-Out Option Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0 Not Applicable

1 Yes

2 No MspaServiceProviderMode Int(2) -Publisher or Advertiser, as applicable, has enabled "Service Provider Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0Not Applicable

1 Yes

2 No +Publisher or Advertiser, as applicable, has enabled "Service Provider Mode" for the "Covered Transaction," as such terms are defined in the MSPA.

0 Not Applicable

1 Yes

2 No -

GPC Segment

+ +

GPC Sub-section

+

GPC is signaled in user agent headers(Sec-GPC) and a simple javascript API (globalPrivacyControl). Entities creating GPP strings should check for whether GPC is set and pass along the value they find (from the headers or javascript API) in this sub-section.

+ - - - - - - -
Field Name GPP Field Type Description
GpcBoolean

0 false

1 true

-

Client side API

-

Key Names

-

In the mobile or CTV context, the key names to be used in GPP are listed below.

- - - - - - - + + + + + + + +
GPP Key NameValue(s)
IABGPP_12_StringString: Full encoded USPCT stringSubsectionTypeInt(2)

0 Core

1 GPC

GpcBoolean

0 false

1 true
diff --git a/Sections/US-States/CT/README.md b/Sections/US-States/CT/README.md index 3b1842e..0a77426 100644 --- a/Sections/US-States/CT/README.md +++ b/Sections/US-States/CT/README.md @@ -1,6 +1,6 @@ # IAB Privacy’s Connecticut Privacy Technical Specification -

This section's specifications included in this directory are in public comment until October 27, 2022. Comments may be submitted to support@iabtechlab.com

+ Contained in this directory are technical specifications for Connecticut privacy string to support CAPDP compliance. diff --git a/Sections/US-States/README.md b/Sections/US-States/README.md index a00298f..21f2634 100644 --- a/Sections/US-States/README.md +++ b/Sections/US-States/README.md @@ -1,9 +1,11 @@

IAB Privacy’s Multi-State Privacy Technical Specifications

-

The section specifications included in this directory are in public comment until October 27, 2022. Comments may be submitted to support@iabtechlab.com

-

The global standard GPP defines a way for local standards to “plug-in” into the existing mechanics defined by GPP and the GPP client side API . The IAB Privacy’s Multi-State Privacy technical specifications were developed by the IAB Tech Lab’s Global Privacy Working Group with the IAB’s Legal Affairs Council providing the policy requirements. 

+ + +

The global standard GPP defines a way for local standards to “plug-in” into the existing mechanics defined by GPP and the GPP client side API . The IAB Privacy’s Multi-State Privacy technical specifications were developed by the IAB Tech Lab’s Global Privacy Working Group with the IAB’s Legal Affairs Council providing the string requirements. 

+

Relevant Specification Documents