The global standard GPP defines a way for local standards to "plug-in" into the existing mechanics defined by GPP and the GPP client side API. This document outlines the technical specification for using the New Hampshire section of the GPP specifications in accordance with the IAB Privacy Multi-State Privacy Agreement legal requirements, applicable to both Signatories and non-Signatories of the MSPA.
| Date | Version | Comments |
| July 2024 | 1.0 | Version 1.0 released |
The New Hampshire Privacy String consists of the following components. Users of the spec should employ the New Hampshire Privacy String only if they have determined the New Hampshire Expectation of Privacy law, N.H. Rev. Stat. 507-H:1 et seq., applies to their processing of a consumer’s personal data.
| Type | Value | Description |
| GPP Section ID | 20 | The New Hampshire Section is registered as Section ID 20 under the GPP. |
| Client side API prefix | usnh | The New Hampshire Privacy Section is registered with client side API prefix “usnh” in the GPP Client Side API. |
Note on the JS representation of the section: the field name should be in UpperCamelCase, with exactly the same spelling as the names in column "Field name". Follow this table to map the GPP field types to JavaScript native data types. Please refer to the PingReturn's parsedSections object for an example.
The core sub-section must always be present. Where terms are capitalized in the ‘description’ field they are defined in the New Hampshire Expectation of Privacy law, N.H. Rev. Stat. 507-H:1 et seq. It consists of the following fields:
|
Field name |
GPP Field Type |
Description |
|---|---|---|
| Version | Int(6) | The version of this section specification used to encode the string. |
| ProcessingNotice | Int(2) |
Notice of the Processing of Personal Data.0 = Not Applicable,
the Controller does not Process Personal Data1 = Yes, notice was provided2 = No, notice was not provided |
| SaleOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of the Sale of the Consumer’s Personal Data 0 = Not Applicable,
the
Controller does not Sell Personal Data
1 = Yes, notice was provided
2 = No, notice was not provided
|
| TargetedAdvertisingOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of Processing of the Consumer’s Personal Data for Targeted Advertising0 = Not Applicable, the Controller does not Process Personal Data for Targeted Advertising
1 = Yes, notice was provided
2 = No, notice was not provided
|
| SaleOptOut | Int(2) |
Opt-Out of the Sale of the Consumer’s Personal Data0 = Not Applicable, SaleOptOutNotice value was not applicable or no notice was provided1 = Opted Out2 = Did Not Opt Out |
| TargetedAdvertisingOptOut | Int(2) |
Opt-Out of Processing the Consumer’s Personal Data for Targeted Advertising0 = Not Applicable, TargetedAdvertisingOptOutNotice value was not applicable or no notice was provided1 = Opted Out2 = Did Not Opt Out |
| SensitiveDataProcessing | N-Bitfield(2,8) | Two bits for each Data Activity:0 = Not Applicable, the Controller does not Process the specific category of Sensitive Data1 = No Consent2 = Consent (1). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin.
(2). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Religious Beliefs.
(3). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing a Mental or Physical Health Condition or Diagnosis.
(4). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation.
(5). Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status.
(6). Consent to Process the Consumer’s Sensitive Data Consisting of Genetic Data for the Purpose of Uniquely Identifying an Individual.
(7). Consent to Process the Consumer’s Sensitive Data Consisting of Biometric Data for the Purpose of Uniquely Identifying an Individual.
(8). Consent to Process the Consumer’s Sensitive Data Consisting of Precise Geolocation Data.
|
| KnownChildSensitiveDataConsents | N-Bitfield(2,3) | Two bits for each Data Activity:0 = Not Applicable, the Controller does not
Process Sensitive Data of a known Child1 = No Consent2 = Consent (1). Consent to Process Sensitive Data from a Known Child.
(2). Consent to Sell the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age.
(3). Consent to Process the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age for Purposes of Targeted Advertising.
|
| AdditionalDataProcessingConsent | Int(2) | Consent to Processing of the Consumer’s Personal Data that Is Not Reasonably Necessary for nor Compatible with the Disclosed Purpose(s) for which the Consumer’s Personal Data Was Processed0 = Not Applicable, the Controller does not Process Personal Data that is Not Reasonably Necessary for nor Compatible with the Disclosed Purpose(s)1 = No Consent2 = Consent |
| MspaCoveredTransaction | Int(2) |
Publisher or Advertiser, as applicable, is a signatory to the IAB Multi-State Privacy Agreement (MSPA), as may be amended from time to time, and declares that the transaction is a “Covered Transaction” as defined in the MSPA. 1 = Yes2 = No |
| MspaOptOutOptionMode | Int(2) |
Publisher or Advertiser, as applicable, has enabled “Opt-Out Option Mode” for the “Covered Transaction,” as such terms are defined in the MSPA.0 = Not Applicable1 = Yes2 = No |
| MspaServiceProviderMode | Int(2) |
Publisher or Advertiser, as applicable, has enabled “Service Provider Mode” for the “Covered Transaction,” as such terms are defined in the MSPA.0 = Not Applicable1 = Yes2 = No |
GPC is signaled in user agent headers (Sec-GPC) and a simple javascript API (globalPrivacyControl) . Entities creating GPP strings should check for whether GPC is set and pass along the value they find (from the headers or javascript API) in this sub-section.
| Field Name | GPP Field Type | Description |
| SubsectionType | Int(2) | 0 = Core1 = GPC |
| Gpc | Boolean | 0 = false1 = true |