Vendor list wizard (U.S. Multi-State Privacy)

   Permission: Regulation Settings - USNat

Vendor lists are configurable registries of opt-in and opt-out privacy choices and authorized third-party vendors. In order to guide your organization through the configuration process, we will walk you through the various pages of the U.S. Multi-State Privacy vendor list wizard.

To start, click Vendor Management on the left-hand panel and click U.S. Multi-State Privacy from the subsequent menu.

Screenshot 2024-01-18 at 8.58.42 AM.png

Click + New.

Screenshot 2024-01-18 at 8.59.14 AM.png

Name & Property

From the Name & Property page of the wizard, your organization will give your U.S. Multi-State Privacy vendor list a name, define the the properties and/or property groups that should be associated with the vendor list, and how consent can be shared across properties. 

Screenshot 2024-02-20 at 2.26.10 PM.png

Field Description
Regulation Name The internal name of your vendor list.
Property Selection

Properties associated with a vendor list will inherit the vendors, privacy choices, etc... configured for the vendor list. This information will be surfaced in privacy managers, OTT messages, and/or first layer messages configured for the property. Click here for more information. 

  Note: While properties can be added to multiple inactive vendor lists, a property can only be associated with a single active vendor list. Click here to learn more about active statuses for vendor lists.

Consent Scope
  • Single site: Consent will only be applied to the same property an end-user has consented on.
  • Shared site: Consent will be shared across all properties on the vendor list that implemented the authenticated consent feature and website properties that share the same top level domain.

Framework Signal & Territories

From the Framework Signal & Territories page, your organization will set your MSPA ID (if your organization is a signatory) and define the regions where you want Sourcepoint to set the relevant sections in the _gpp string.

Industry Framework Signals

Click Add + in the Global Privacy Platform's Multi-State Privacy String (GPP MSPS) pane to add your organization's MSPA Signatory ID.

Screenshot 2023-11-29 at 10.42.29 AM.png

In the subsequent modal, input your Signatory ID in the provided field and click Add +.

Click Save.

Screenshot 2023-11-29 at 10.48.52 AM.png

When finished, click Save in the vendor list builder to confirm the addition. 

By adding your MSPA Signatory ID, the MspaCoveredTransactions field in the relevant section (either national or state-specific) of the MSPS will be set to 1 (i.e. Yes).

  "Gpc": false,
  "GpcSegmentType": 1,
  "KnownChildSensitiveDataConsents": [
  "MspaCoveredTransactions": 1, //MSPA Signatory ID added
  "MspaOptOutOptionMode": 0,
  "MspaServiceProviderMode": 0,

Framework Territories

Framework territories are the states/regions where Sourcepoint will set a Multi-State Privacy String with its relevant sections for end-users who visit a property associated with the vendor list. The MSPS can be comprised of different sections and each section represents a unique privacy signal. Click here to view our API documentation and learn more about these sections. 

By default, Sourcepoint will set the respective U.S. State privacy section for each of the following U.S. states that are added to the framework territories of a property's vendor list instead of the U.S. National Privacy section: California, Colorado, Connecticut, Utah, and Virginia.

The U.S. National Privacy section will be set for all other states/regions added to the framework territories of a property's vendor list.

Framework Territory Section ID Section API Prefix Description
California 8 usca/uscav1* US - California section
Colorado 10 usco/uscov1* US - Colorado section
Connecticut 12 usct/usctv1* US - Connecticut section
Utah 11 usut/usutv1* US - Utah section
Virginia 9 usva/usvav1* US - Virginia section
All other U.S. states 7 usnat/usnatv1*

US- national section

  * Please note there is currently a discrepancy between the documented client side API prefix and how it is implemented via the GPP stub file. 

Add states/regions to your vendor list by clicking the checkbox to the right of a state's or region's name. Selected states/regions will appear in the Selected pane. 

Screenshot 2023-11-20 at 11.33.03 AM.png

Click Save in the vendor list builder to confirm the additions.

Sourcepoint will provide additional signs to indicate whether the added framework territory will have a state-specific section set instead of the national section in the MSPS. 

Privacy Choices

From the Privacy Choices page, your organization will set the IAB privacy choices and custom privacy choices relevant to your organization's use cases. Privacy choices are categorized as either opt-in or opt-out.

Privacy Choice Selection

Select either Opt In Choice or Opt Out Choice in the pane to configure to privacy choices for that category.

Screenshot 2024-01-19 at 10.07.43 AM.png

Once a privacy choice category is selected, you can configure specific IAB and custom privacy choices for that category, add a privacy policy link, etc... 

Screenshot 2024-01-19 at 10.25.19 AM.png

Field Description
IAB Choices

These opt-in and opt-out choices are defined by the IAB. When you select an IAB privacy choice on the Privacy Choices Selection page, you are indicating that the required notice for that data processing activity will be given to all users. As such, we will update the fields related to that category in the MSPS to indicate notice has been given. 

Click here for additional information on configuring IAB choices.

Privacy Policy Section Link

Allows your organization to add a URL to the applicable section of your privacy policy that contains relevant disclosures for your opt-in and opt-out choices. This link will be surfaced in your messages that display sensitive category data choices and/or your opt out choices.

Click here for additional information on configuring the privacy policy section link.

Show Identification List

Text accompanying your opt-out privacy choices that allows an end-user to visit a URL where they can see and opt-out of downstream participants who might re-sell or re-share their personal information for the purpose of delivery ads tailored to the interests. Toggle on/off to show the text. 

Click here for additional information about the Identification List.

Respect Global Privacy Control

Global Privacy Control (GPC) is a technical specification for transmitting universal opt-out signals. In order to respect the GPC signal your organization will need to enable the Respect Global Privacy Control setting.

Click here for additional information necessary to configure GPC.

Custom Privacy Choices

Unlike IAB privacy choices, whose terms are defined by the IAB Tech Lab's Global Privacy Platform (GPP), custom privacy choices are created solely by your organization. Custom privacy choices can be configured for opt in and/or opt out privacy choices.

Click here for additional information necessary to configure custom privacy choices.

Privacy Choice Expiration

When a user visits one of your properties the state of their privacy choices (e.g. opted in, opted out) is stored within a cookie for reference on future visits. Your organization can set the expiration of this cookie via the Privacy Choice Expiration field.

Input the expiration date for the privacy choice cookie (up to 365 days). 

Screenshot 2023-11-20 at 1.25.21 PM.png

  Note: If the user clears their cookies or if the cookie expires and the user makes a subsequent visit to the property they will be deemed a new user, and therefore their privacy choices will return to the default state.

For this reason we suggest a longer time frame for the cookie expiration in order to continue honoring the users choices. Most browsers set a limit on max cookie lifetime to 1 year (365 days) which is why this is the max lifetime.

Language & Translations

Vendor list information is surfaced to your end-user via a first layer message and/or privacy manager. From the Language & Translations page, your organization can add translations (including the default language) to your vendor list so that it is translated in first layer messages and privacy managers according to an end-user's browser language preference.

  Note: Editing translations are currently not available for the Privacy Policy Section Link nor Identification List. The default copy and its Sourcepoint-supplied translations for these fields will be used. 

Support Language(s)

Use the Supported Language(s) dropdown menu to select all languages your organization plans to support. English will always be selected and act as the default language. 

Screenshot 2024-01-19 at 11.06.43 AM.png

Once your supported languages are selected, translations for these supported languages will appear for the various text fields associated with privacy choices (descriptions, choice text, etc...). These translations are supplied by Sourcepoint. 

Edit Privacy Choice Translations

Currently, your organization is able to edit translations for a privacy choice's Description or Choice Text. Click here for additional information on these fields.

Field Description
Description The description of a privacy choice is presented to end-users in the message ahead of the opt in or out toggle of the data processing activities listed. It should give users transparency and clarity into how your business is using the data you collect and give them information on how to exercise their choices.
Choice Text The choice text of a privacy choice is the text that directs the user to make a choice for a specific data processing activity.  For the Processing of Sensitive Personal Information privacy choice, this includes the individual categories of sensitive personal information that are included in the privacy choice.

Edit a translation by selecting a privacy choice from the left-hand side of the panel.

Screenshot 2023-12-06 at 2.29.06 PM.png

Once a privacy choice is selected, the translations for each supported language (including the default language) will populate in the left-hand side of the panel. Sourcepoint provides initial translations for your supported translations.

Click the Edit icon inline with the provided translations.

Screenshot 2023-12-06 at 3.01.23 PM.png

Input your translation and click the green checkbox to confirm the edit. Repeat as necessary for each supported language.

Screenshot 2023-12-06 at 3.26.08 PM.png

  Note: Click here if interested in providing translations via csv upload. 

Message Sentiment

The message sentiment setting in your U.S. Multi-State Privacy vendor list defines the default state and behavior of the toggles an end-user can use to opt in or out of a privacy choice. We strongly recommend that you read through our article on the message sentiment setting for each privacy choice category. 

Screenshot 2023-12-04 at 2.01.05 PM.png

Vendor Management

Add new vendors to your U.S. Multi-State Privacy vendor list by clicking + Add Vendors in the upper right-hand corner. 

Screenshot 2023-12-01 at 9.15.10 AM.png

In the subsequent modal, select the System Vendors tab and navigate to your desired vendor. 

Click the checkbox to the left of the vendor name and use the provided Privacy Choice field to map the vendor to your configured privacy choices. 

  Note: By default, added vendors will be mapped to all configured privacy choices unless otherwise edited.

Click Add Selected Vendors when finished. 

Screenshot 2023-12-01 at 9.20.28 AM.png

  Note: Click here for more information on how to import vendors from a different vendor list into your Multi-State Privacy vendor list.

Opt In/Opt Out Hooks

Opt in/Opt out hooks allow you to set up custom actions for a vendor or privacy choice within a vendor list.

  • An opt in hook is eligible to be fired if the vendor or privacy choice has been opted into by the end-user.
  • An opt out hook is eligible to be fired if the vendor or privacy choice has been opted out of by the end-user.

Select whether to configure a hook for a Vendor or a Privacy Choice from the page.

Screenshot 2023-11-30 at 8.23.26 AM.png

Click + Add Hook.

Screenshot 2023-11-30 at 8.42.13 AM.png

Select a vendor or privacy choice from the provided dropdown menu in the subsequent modal. 

Screenshot 2023-11-30 at 8.47.11 AM.png

Select the Opt Out Hooks tab and configure the opt out hook.

Click Apply changes when finished. Click here to learn more about each aspect of the configuration modal. 

Screenshot 2023-11-30 at 10.40.07 AM.png

The opt out hook will be added to your vendor list and added to the table on the Vendor or Privacy Choice tab. 

Advanced Settings

From the Advanced Settings page, your organization can configure how the signal is set and shared across your subdomains.

Screenshot 2024-01-19 at 8.32.09 AM.png

Advanced Setting Description
Write 1st party cookies to root domain

Toggling this setting ensures that the signal will be stored/persist across both the property's root domain (e.g. and subdomains (e.g.

In practice, this will ensure that users won't see the same message when moving from root to subdomain or vice versa.

Write 1st party cookies from the server to the property

When enabled, the 1st-party cookie will be set by the server by passing a cookie from the server back to your site instead of using the on-site code to set the cookie.

This setting should be enabled if your organization has set up a CNAME subdomain.

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.