The global standard GPP defines a way for local standards to "plug-in" to the existing mechanics defined by GPP and the GPP client side API. This document outlines the technical specification for using the Connecticut section of the GPP specification by those who (i) are Signatories to IAB Privacy, Inc.’s Multi-State Privacy Agreement (MSPA); and (ii) those who are not signatories of the MSPA.
Date | Version | Comments |
December 2022 | 1.0 | Version 1.0 released |
The Connecticut Privacy Section consists of the components described below. Users should employ the Connecticut Privacy Section only if they have determined the CAPDP applies to their processing of a consumer's personal data.
Type | Value | Description |
---|---|---|
GPP Section ID | 12 | The Connecticut Section is registered as Section ID 12 under the GPP. |
Client side API prefix | usct | The Connecticut Privacy Section is registered with client side API prefix "usct" in the GPP Client Side API. |
The core segment must always be present. Where terms are capitalized in the ‘description’ field they are defined terms in Conn. PA No. 22-15, Sec. 1 [Pending codification]. It consists of the following fields:
Field name | GPP Field Type | Description |
---|---|---|
Version | Int(6) | The version of this section specification used to encode the string. |
SharingNotice | Int(2) | Notice of the Sharing of Personal Data with Third Parties
|
SaleOptOutNotice | Int(2) | Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Data
|
TargetedAdvertisingOptOutNotice | Int(2) | Notice of the Opportunity to Opt Out of Processing of the Consumer's Personal Data for Targeted Advertising
|
SaleOptOut | Int(2) | Opt-Out of the Sale of the Consumer's Personal Data
|
TargetedAdvertisingOptOut | Int(2) | Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising
|
SensitiveDataProcessing | N-Bitfield(2,8) | Two bits for each Data Activity:
(1) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin. (2) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs. (3) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing a Mental or Physical Health Condition or Diagnosis. (4) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation. (5) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status. (6) Consent to Process the Consumer's Sensitive Data Consisting of Genetic Data that May Be Processed for the Purpose of Uniquely Identifying an Individual. (7) Consent to Process the Consumer's Sensitive Data Consisting of Biometric Data that May Be Processed for the Purpose of Uniquely Identifying an Individual. (8) Consent to Process the Consumer's Sensitive Data Consisting of Precise Geolocation Data. |
KnownChildSensitiveDataConsents | N-Bitfield(2,3) | Two bits for each Data Activity:
(1) Consent to Process Sensitive Data from a Known Child. (2) Consent to Sell the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age. (3) Consent to Process the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age for Purposes of Targeted Advertising. |
MspaCoveredTransaction | Int(2) | Publisher or Advertiser, as applicable, is a signatory to the IAB Multistate Service Provider Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a "Covered Transaction" as defined in the MSPA.
|
MspaOptOutOptionMode | Int(2) | Publisher or Advertiser, as applicable, has enabled "Opt-Out Option Mode" for the "Covered Transaction," as such terms are defined in the MSPA.
|
MspaServiceProviderMode | Int(2) | Publisher or Advertiser, as applicable, has enabled "Service Provider Mode" for the "Covered Transaction," as such terms are defined in the MSPA.
|
GPC is signaled in user agent headers(Sec-GPC)
and a simple javascript API (globalPrivacyControl)
. Entities creating GPP strings should check for whether GPC is set and pass along the value they find (from the headers or javascript API) in this sub-section.
Field Name | GPP Field Type | Description |
---|---|---|
SubsectionType | Int(2) |
|
Gpc | Boolean |
|