1. Sourcepoint
  2. Implementations
  3. General

U.S. Multi-State Privacy (GPP) transition readiness (web and app)

On January 31 2024, the IAB officially deprecated support for the U.S. Privacy String (USPS) and replaced it with the Global Privacy Protocol (GPP) Multi-State Privacy String (MSPS). In order to assist our clients with the transition, Sourcepoint has continued to support through our platform both the USPS (referred to as U.S. Privacy Legacy) and the MSPS (referred to as U.S. Multi-State Privacy). 

However, as of June 30, 2025, Sourcepoint will move forward with the deprecation of U.S. Privacy (Legacy) campaigns in our platform and require organizations who wish to remain compliant with the IAB to move their properties to U.S. Multi-State Privacy (GPP) campaigns.

Sourcepoint has collated a checklist for your organization to ensure the successful migration of your web and app properties' campaigns to the GPP specification.

Supportability

Property type Support
Web

Supported on web properties that utilize Soucepoint's Unified script in its implementation.
iOS (mobile) Supported on app properties that utilize Soucepoint's SDK 7.5.0 +
Android (mobile) Supported on app properties that utilize Soucepoint's SDK 7.6.0 +

Technical changes 

In order to migrate your property to the a U.S. Multi-State Privacy (GPP) campaign perform the following technical changes on existing properties running a U.S. Privacy (Legacy) campaign:

In this section we will cover the technical changes necessary to replace an existing U.S. Privacy (Legacy) campaign with GPP MSPS.

Web iOS (mobile) Android (mobile)
  1. Remove U.S. privacy stub file from the property.
    <script>(function () { var e = false; var c = window; var t = document; function r() { if (!c.frames["__uspapiLocator"]) { if (t.body) { var a = t.body; var e = t.createElement("iframe"); e.style.cssText = "display:none"; e.name = "__uspapiLocator"; a.appendChild(e) } else { setTimeout(r, 5) } } } r(); function p() { var a = arguments; __uspapi.a = __uspapi.a || []; if (!a.length) { return __uspapi.a } else if (a[0] === "ping") { a[2]({ gdprAppliesGlobally: e, cmpLoaded: false }, true) } else { __uspapi.a.push([].slice.apply(a)) } } function l(t) { var r = typeof t.data === "string"; try { var a = r ? JSON.parse(t.data) : t.data; if (a.__cmpCall) { var n = a.__cmpCall; c.__uspapi(n.command, n.parameter, function (a, e) { var c = { __cmpReturn: { returnValue: a, success: e, callId: n.callId } }; t.source.postMessage(r ? JSON.stringify(c) : c, "*") }) } } catch (a) { } } if (typeof __uspapi !== "function") { c.__uspapi = p; __uspapi.msgHandler = l; c.addEventListener("message", l, false) } })();
</script>
  2. Add GPP stub file to the property.
     //Example only. Please use stub file generated in Sourcepoint portal as it may have changed
    <script>
    window.__gpp_addFrame=function(e){if(!window.frames[e])if(document.body){var t=document.createElement("iframe");t.style.cssText="display:none",t.name=e,document.body.appendChild(t)}else window.setTimeout(window.__gpp_addFrame,10,e)},window.__gpp_stub=function(){var e=arguments;if(__gpp.queue=__gpp.queue||[],__gpp.events=__gpp.events||[],!e.length||1==e.length&&"queue"==e[0])return __gpp.queue;if(1==e.length&&"events"==e[0])return __gpp.events;var t=e[0],p=e.length>1?e[1]:null,s=e.length>2?e[2]:null;if("ping"===t)p({gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}},!0);else if("addEventListener"===t){"lastId"in __gpp||(__gpp.lastId=0),__gpp.lastId++;var n=__gpp.lastId;__gpp.events.push({id:n,callback:p,parameter:s}),p({eventName:"listenerRegistered",listenerId:n,data:!0,pingData:{gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}}},!0)}else if("removeEventListener"===t){for(var a=!1,i=0;i<__gpp.events.length;i++)if(__gpp.events[i].id==s){__gpp.events.splice(i,1),a=!0;break}p({eventName:"listenerRemoved",listenerId:s,data:a,pingData:{gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}}},!0)}else"hasSection"===t?p(!1,!0):"getSection"===t||"getField"===t?p(null,!0):__gpp.queue.push([].slice.apply(e))},window.__gpp_msghandler=function(e){var t="string"==typeof e.data;try{var p=t?JSON.parse(e.data):e.data}catch(e){p=null}if("object"==typeof p&&null!==p&&"__gppCall"in p){var s=p.__gppCall;window.__gpp(s.command,(function(p,n){var a={__gppReturn:{returnValue:p,success:n,callId:s.callId}};e.source.postMessage(t?JSON.stringify(a):a,"*")}),"parameter"in s?s.parameter:null,"version"in s?s.version:"1.1")}},"__gpp"in window&&"function"==typeof window.__gpp||(window.__gpp=window.__gpp_stub,window.addEventListener("message",window.__gpp_msghandler,!1),window.__gpp_addFrame("__gppLocator"));
    </script>
  3. Remove ccpa object and any parameters it may contain from the configuration script.
    window._sp_queue = [];
window._sp_ = {
    config: {
        accountId: 0000,
        baseEndpoint: 'https://cdn.privacy-mgmt.com',
        propertyHref: 'https://demoacct.com',
        ccpa: {
            targetingParams:{
                darkmode: true
            }
         },
  4. Add usnat object to the configuration script. Additionally, you may include targetingParams within the object to set key/value pairs that will be used to take a decision within the scenario builder.
    window._sp_queue = [];
window._sp_ = {
    config: {
        accountId: 0000,
        baseEndpoint: 'https://cdn.privacy-mgmt.com',
        propertyHref: 'https://demoacct.com',
        usnat: {
            targetingParams:{
                darkmode: true
            }
         },
  5. If your organization has implemented a link/button on-page that resurfaces your privacy manager, replace the U.S. Privacy (Legacy) code snippet with the U.S. Multi-State Privacy code snippet.
    window._sp_.ccpa.loadPrivacyManagerModal(USP_PM_ID)

window._sp_.usnat.loadPrivacyManagerModal('USNAT_PM_ID')

Transfer end-user opt-in/opt-out preferences

When migrating your web/app property from U.S. Privacy (Legacy) to U.S. Multi-State Privacy (GPP), Sourcepoint allows your organization to preserve your end-users' opt-in/out out preferences across your frameworks.

  Note: If an end-user rejected a vendor or category for U.S. Privacy (Legacy), Sourcepoint will set the Sharing of Personal Information Targeted Advertisting and Sale of Personal Information privacy choices or the Sale or Share of Personal Information/Targeted Advertising privacy choice (depending on your configuration) to opted-out when the preferences are transferred.

Web iOS (mobile) Android (mobile)

When migrating your web property from U.S. Privacy (Legacy) to U.S. Multi-State Privacy (GPP), Sourcepoint will automatically detect previous end-user opt-in/opt-out preferences for U.S. Privacy (Legacy) and persist those preferences across to U.S. Multi-State Privacy (GPP).

A key exception to this automation is if your organization used authenticated consent in your U.S. Privacy (Legacy) configuration.

If authenticated consent was used in your U.S. Privacy (Legacy) configuration you will need to set the transitionCCPAAuth flag within the usnat object. This flag, ensures Sourcepoint looks for authenticated consent within U.S. Privacy (Legacy) profiles and carry that over to U.S. Multi-State Privacy (GPP), even if the user current doesn't have U.S. Privacy (Legacy) local data.

window._sp_queue = [];
window._sp_ = {
    config: {
        accountId: 0000,
        baseEndpoint: 'https://cdn.privacy-mgmt.com',
        propertyHref: 'https://demoacct.com',
        usnat: {
            transitionCCPAAuth: true
            }
         },

U.S. Multi-State Privacy String (GPP) API

Information on the standard commands used with __gpp() function can be found in our developer hub:

GPP API

  Note: Historically, organizations who have used U.S. Privacy (Legacy) campaigns have looked at the uspString (e.g. 1YNN) to determine the applicability of the framework to an end-user. When using U.S. Multi-State Privacy (GPP) campaigns, the applicability of a section to an end-user within the  framework is determined by looking at the applicableSections response in the ping command.

U.S. Multi-State Privacy (GPP) Sections

U.S. Multi-State Privacy vendor lists will either set the National or state-specific privacy string/section as defined in the IAB Multi-State Privacy Agreement (MSPA). That is, based on your vendor list configuration Sourcepoint will utilize the national section or the state-specific section (if available) when encoding the gppString to communicate consent choices regarding data processing activities for end-users located in your designated states/regions.

GPP National Section

GPP State Sections

Migration checklist

In this section, we have broken down the components/entities that need to be created within the Sourcepoint portal before launching a campaign on a property that adheres to the U.S. Multi-State Privacy (GPP) specification.

  Note: In order to migrate your end-user's opt-in/opt-out preferences for a property, the siteId for the migrating property must be the same. Sourcepoint does not support the transitioning of end-user's opt-in/opt-out preferences across different properties. 

Step Resource(s)
1 Assign Permissions

Assign the Vendor List - U.S. Multi-State permission to any user who needs to configure a U.S. Multi-State Privacy (GPP) vendor list.
2 Create U.S. Multi-State Privacy (GPP) vendor list
3 Create U.S. Multi-State Privacy privacy manager/ OTT message
4 Create U.S. Multi-State Privacy first layer message
5 Create U.S. Multi-State Privacy scenario
6 Create U.S. Multi-State Privacy partition set
7 Update U.S. Multi-State Privacy (GPP) code on property
8 Launch U.S. Multi-State Privacy (GPP) campaign
9 Test U.S. Multi-State Privacy (GPP)
10 Reports

Currently, Sourcepoint's U.S. Multi-State Privacy solution only supports scheduled reports.

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful

Comments

4 comments

Sort by Date Votes
  • Avatar
    Tom

    Add note to migration checklist regarding siteId needing to be the same in order to successfully migrate opt-in/opt-out preferences between frameworks

    0
  • Avatar
    Tom

    Add section for transferring end-user opt-in/opt-out preferences

    0
  • Avatar
    Tom

    Update Technical Change section with two different approaches your organization can take to implement Sourcepoint's GPP MSPS solution:

    • Replace U.S. Privacy (Legacy) with GPP Multi-State Privacy String (MSPS)
    • Support U.S. Privacy (Legacy) with GPP Multi-State Privacy String (MSPS)

     

    1
  • Avatar
    Tom

    Add additional instruction to Technical changes section for replacing code snippet that resurfaces privacy manager on-demand

    0

Please sign in to leave a comment.