This topic deep dives into the different MSPA signals and how to understand them. The MSPA consists of privacy-protective terms that activate among a group of signatories and accompany the data as it moves through the digital advertising supply chain. For more information, see Technicalities of MSPA.
The IAB Multi-State Privacy Agreement (MSPA) is an industry contractual framework designed to assist advertisers, publishers, agencies, and ad tech intermediaries in complying with five state privacy laws that took effect in 2023 (in California, Virginia, Colorado, Connecticut, and Utah). The MSPA collaborates with the IAB Tech Lab’s Global Privacy Platform, a uniform privacy signaling specification that enables companies to communicate and honor consumer choices throughout the ad ecosystem.
The MSPA collaborates with the IAB Tech Lab’s Global Privacy Platform, a standardized privacy signaling specification enabling companies to communicate and respect consumer choices across the advertising ecosystem.
The MSPA complements commercial contracts among signatories with necessary privacy terms. In cases where no commercial contracts are in place, the MSPA sets forth the essential privacy terms mandated by law.
Additionally, while publishers and advertisers can utilize the MSPA to encompass all their digital ad transactions, it also allows them the flexibility to engage in separate agreements with their ad tech vendors for other transactions using distinct privacy terms. These transactions would simply fall outside the scope of MSPA and not be ‘Covered Transactions’
In the next sections, you will find the different consents covered under MSPA.
Businesses must include a 'do not sell my personal information' link on their homepage and all web pages collecting data. The opt-out link should provide comprehensive details about consumer rights and enable them to decline the sale and sharing of their personal information.
| Field name | GPP Field Type | Description | What happens in Auto-display consent screen scenario? | What happens in Do not Auto-display consent screen scenario? |
| SaleOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Information
2 No, notice was not provided |
This field will be set as 1 - Notice shown as soon as the consent screen auto-triggers successfully. |
This field will be set as 2- Notice was not provided unless the user clicks on the opt-out link. |
| SharingOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of the Sharing of the Consumer's Personal Information
2 No, notice was not provided |
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| SensitiveDataLimitUseNotice | Int(2) |
Notice of the Opportunity to Limit Use or Disclosure of the Consumer's Sensitive Personal Information
2 No, notice was not provided |
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| SaleOptOut | Int(2) |
Opt-Out of the Sale of the Consumer's Personal Information
2 Did Not Opt Out |
Once the consent screen auto-triggers, based on the opt-out value updated by the user, this field is updated accordingly. |
This field will be set as Once the screen is triggered successfully, based on the user's opt-out value, this field is updated accordingly. |
| SharingOptOut | Int(2) |
Opt-Out of the Sharing of the Consumer's Personal Information
|
This field is updated as per user input. | This field will be set as 0 - till the consent screen is triggered. |
| SensitiveDataProcessing | N-Bitfield(2,9) |
Two bits for each Data Activity:
Two bits for each Data Activity:
Data Activities: (1) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Social Security, Driver's License, State Identification Card, or Passport Number. (2) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Account Log-In, Financial Account, Debit Card, or Credit Card Number in Combination with Any Required Security or Access Code, Password, or Credentials Allowing Access to an Account. (3) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Precise Geolocation. (4) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Racial or Ethnic Origin, Religious or Philosophical Beliefs, or Union Membership. (5) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals the contents of a Consumer's Mail, Email, and Text Messages unless You Are the Intended Recipient of the Communication. (6) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Genetic Data. (7) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Biometric Information for the Purpose of Uniquely Identifying a Consumer. (8) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Personal Information Collected and Analyzed Concerning a Consumer's Health. (9) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Consisting of Personal Information Collected and Analyzed Concerning a Consumer's Sex Life or Sexual Orientation. |
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
| PersonalDataConsents | Int(2) |
Consent to Collection, Use, Retention, Sale, and/or Sharing of the Consumer's Personal Data that Is Unrelated to or Incompatible with the Purpose(s) for which the Consumer's Personal Data Was Collected or Processed
|
This field is updated as per user input. |
This field will be set as |
|
KnownChildSensitiveDataConsents |
N-Bitfield(2,2) |
Two bits for each Data Activity: 0 Not Applicable. The Business does not have actual knowledge that it Processes Personal Information of Consumers Less Than 16 years of Age.
Data Activities: (1) Consent to Sell the Personal Information of Consumers Less Than 16 years of Age (2) Consent to Share the Personal Information of Consumers Less Than 16 years of Age |
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
Businesses may obtain consent by getting consumers to check a blank checkbox or by typing a written statement.
| Field name | GPP Field Type | Description | Auto-display consent screen | Do not Auto-display consent screen |
| SaleOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Information
2 No, notice was not provided |
This field will be set as |
This field will be set as |
| SharingNotice | Int(2) |
Notice of the Sharing of Personal Data with Third Parties
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| TargetedAdvertisingOptOutNotice | Int(2) |
Notice of the Opportunity to Opt-Out of Processing of the Consumer's Personal Data for Targeted Advertising
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| SaleOptOut | Int(2) |
Opt-Out of the Sale of the Consumer's Personal Information
2 Did Not Opt Out |
Once the consent screen auto-triggers, based on the opt-out value updated by the user, this field is updated accordingly. |
This field will be set as Once the screen is triggered successfully, based on the user's opt-out value, this field is updated accordingly. |
| TargetedAdvertisingOptOut | Int(2) |
Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising
2 Did Not Opt Out |
Once the consent screen auto-triggers, based on the opt-out value updated by the user, this field is updated accordingly. | This field will be set as 0 - till the consent screen is triggered. |
| SensitiveDataProcessing | N-Bitfield(2,8) |
Two bits for each Data Activity:
(1) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin. (2) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs. (3) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing a Mental or Physical Health Diagnosis. (4) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Sexual Orientation. (5) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status. (6) Consent to Process the Consumer's Sensitive Data Consisting of Genetic Data for the Purpose of Uniquely Identifying a Natural Person. (7) Consent to Process the Consumer's Sensitive Data Consisting of Biometric Data for the Purpose of Uniquely Identifying a Natural Person. (8) Consent to Process the Consumer's Sensitive Data Consisting of Precise Geolocation Data. |
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
|
KnownChildSensitiveDataConsents |
Int(2) |
Consent to Process Sensitive Data from a Known Child
|
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
Companies are obligated to provide consumers the choice to opt-out of the sale or targeted advertising use of their personal data. Consumers can express their preferences through a Universal Opt-Out Mechanism (UOOM).
| Field name | GPP Field Type | Description | Auto-display consent screen | Do not Auto-display consent screen |
| SaleOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Information
2 No, notice was not provided |
This field will be set as |
This field will be set as |
| SharingNotice | Int(2) |
Notice of the Sharing of Personal Data with Third Parties
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| TargetedAdvertisingOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of Processing of the Consumer's Personal Data for Targeted Advertising
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| SaleOptOut | Int(2) |
Opt-Out of the Sale of the Consumer's Personal Information
2 Did Not Opt Out |
Once the consent screen auto-triggers, based on the opt-out value updated by the user, this field is updated accordingly. |
This field will be set as Once the screen is triggered successfully, based on the user's opt-out value, this field is updated accordingly. |
| TargetedAdvertisingOptOut | Int(2) |
Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising
2 Did Not Opt Out |
Once the consent screen auto-triggers, based on the opt-out value updated by the user, this field is updated accordingly. | This field will be set as 0 - till the consent screen is triggered. |
| SensitiveDataProcessing | N-Bitfield(2,7) |
Two bits for each Data Activity:
(1) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin. (2) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs. (3) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing a Mental or Physical Health Condition or Diagnosis. (4) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Sex Life or Sexual Orientation. (5) Consent to Process the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Citizenship Status. (6) Consent to Process the Consumer's Sensitive Data Consisting of Genetic Data that May Be Processed for the Purpose of Uniquely Identifying an Individual. (7) Consent to Process the Consumer's Sensitive Data Consisting of Biometric Data that May Be Processed for the Purpose of Uniquely Identifying an Individual. |
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
|
KnownChildSensitiveDataConsents |
Int(2) |
Consent to Process Sensitive Data from a Known Child
|
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
The UCPA does not prescribe specific opt-out methods. In contrast to the CCPA, which mandates an opt-out link, the UCPA grants flexibility for organizations to establish their preferred methods for enabling consumers to opt out of data sales or targeted advertising.
| Field name | GPP Field Type | Description | Auto-display consent screen | Do no Auto-display consent screen |
| SaleOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Information
2 No, notice was not provided |
This field will be set as |
This field will be set as
|
| SharingNotice | Int(2) |
Notice of the Sharing of Personal Data with Third Parties
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| TargetedAdvertisingOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of Processing of the Consumer's Personal Data for Targeted Advertising
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
|
SensitiveDataProcessingOptOutNotice |
Int(2) |
Notice of the Opportunity to Opt Out of the Processing of the Consumer's Sensitive Data
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| SaleOptOut | Int(2) |
Opt-Out of the Sale of the Consumer's Personal Information
2 Did Not Opt Out |
Once the consent screen auto-triggers, based on the opt-out value updated by the user, this field is updated accordingly. |
This field will be set as Once the screen is triggered successfully, based on the user's opt-out value, this field is updated accordingly. |
| TargetedAdvertisingOptOut | Int(2) |
Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising
2 Did Not Opt Out |
Once the consent screen auto-triggers, based on the opt-out value updated by the user, this field is updated accordingly. | This field will be set as 0 - till the consent screen is triggered. |
| SensitiveDataProcessing | N-Bitfield(2,8) |
Two bits for each Data Activity:
(1) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin. (2) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs. (3) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Sexual Orientation. (4) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status. (5) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Medical History, Mental or Physical Health Condition, or Medical Treatment or Diagnosis by a Health Care Professional. (6) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Genetic Data for the Purpose of Identifying a Specific Individual. (7) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Biometric Data for the Purpose of Identifying a Specific Individual. (8) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Specific Geolocation Data. |
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
|
KnownChildSensitiveDataConsents |
Int(2) |
Consent to Process Sensitive Data from a Known Child
|
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
As per the law, data controllers must provide "clear and conspicuous" opt-out links on their websites.
| Field name | GPP Field Type | Description | Auto-display consent screen | Do not Auto- display consent screen |
| SaleOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of the Sale of the Consumer's Personal Information
2 No, notice was not provided |
This field will be set as |
This field will be set as |
| SharingNotice | Int(2) |
Notice of the Sharing of Personal Data with Third Parties
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| TargetedAdvertisingOptOutNotice | Int(2) |
Notice of the Opportunity to Opt Out of Processing of the Consumer's Personal Data for Targeted Advertising
|
This field will be set as 1. |
This field will be set as 2 till the user clicks on the opt-out link. |
| SaleOptOut | Int(2) |
Opt-Out of the Sale of the Consumer's Personal Information
2 Did Not Opt Out |
This field will be set as 2 - Did Not opt-out as soon as the consent screen auto-triggers successfully. Based on the opt-out value updated by the user, this field is updated accordingly. |
This field will be set as Once the screen is triggered successfully, based on the user's opt-out value, this field is updated accordingly. |
| TargetedAdvertisingOptOut | Int(2) |
Opt-Out of Processing the Consumer's Personal Data for Targeted Advertising
2 Did Not Opt Out |
This field will be set as 2. |
This field will be set as 0 - till the consent screen is triggered.. |
| SensitiveDataProcessing | N-Bitfield(2,8) |
Two bits for each Data Activity:
(1) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin. (2) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Religious Beliefs. (3) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Sexual Orientation. (4) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Citizenship or Immigration Status. (5) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Personal Data Revealing Medical History, Mental or Physical Health Condition, or Medical Treatment or Diagnosis by a Health Care Professional. (6) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Genetic Data for the Purpose of Identifying a Specific Individual. (7) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Biometric Data for the Purpose of Identifying a Specific Individual. (8) Opt-Out of the Processing of the Consumer's Sensitive Data Consisting of Specific Geolocation Data. |
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
|
KnownChildSensitiveDataConsents |
N-Bitfield(2,3) |
Two bits for each Data Activity:
(1) Consent to Process Sensitive Data from a Known Child. (2) Consent to Sell the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age. (3) Consent to Process the Personal Data of Consumers At Least 13 Years of Age but Younger Than 16 Years of Age for Purposes of Targeted Advertising. |
This field is set as opted-out by default. It will update immediately based on the end-user's preference. |
This field is set as opted-out by default. It will update based on the end-user's preference. |
By installing this SDK update, you agree that your Children Privacy Compliance setting remains accurate or that you will update that setting, whenever there is a change in your app's audience. You may update the app's Children Privacy Compliance settings at https://publisher.inmobi.com/my-inventory/app-and-placements.
Support Center
