In August, the IAB Tech Lab released for public comment new sections in the Global Privacy Platform (GPP) to expand coverage for additional U.S. states that enacted comprehensive data privacy laws. This was soon followed by a public comment period for version 2.0 of the MSPA US National Section. With these updates now finalized, the industry is encouraged to implement these changes.
Support for 6 More U.S. States
The GPP has expanded coverage to include six additional states: Delaware, Iowa, Nebraska, New Hampshire, New Jersey, and Tennessee. Each of these states’ section specification utilizes data types that are also present in other states, and efforts have been made to keep the fields in harmony. For full details, take a look at each state’s section specification, and to view a complete list of all sections of the GPP, refer to the Section Information in the GitHub repository.
Updates to the MSPA US National Section
The MSPA has been amended to include additional states, and as a result, the MSPA US National Section has been updated accordingly. It’s important to note that there are breaking changes in the MSPA US National Section, which is why the section version has been incremented to 2.0.
The breaking changes exist in two fields of the string:
- SensitiveDataProcessing field introduces several new categories (13-16)
- KnownChildConsents field introduces new age range
To see the latest on the MSPA US National Section, see the section specification.
Upcoming Coverage Developments
The GPP now includes coverage for 15 of states with comprehensive data privacy laws in the U.S. In the first half of 2025, this coverage will expand to include and an additional five states: Minnesota, Maryland, Indiana, Kentucky, and Rhode Island. For those who are counting, that’s a total of 19 states (or 20 depending on whether you count Florida’s Digital Bill of Rights), all of which are either already in effect or set to take effect within the next two years. Below, you’ll find a helpful table detailing the effective dates and GPP coverage status for each state.
| State Privacy Law | Effective Date | GPP Section Coverage | MSPA US National National Coverage |
| California: California Consumer Privacy Act Amended by California Privacy Rights Act | January 1, 2020 January 1, 2023 | Covered | Covered |
| Colorado: Colorado Privacy Act | July 1, 2023 | Covered | Covered |
| Connecticut: Connecticut Data Privacy Act | July 1, 2023 | Covered | Covered |
| Delaware: Delaware Personal Data Privacy Act | January 1, 2025 | Covered | Covered |
| Florida:* Florida Digital Bill of Rights | July 1, 2024 | Covered | Covered |
| Indiana: Indiana Consumer Data protection Act | January 1, 2026 | Anticipated 1H2025 | Covered |
| Iowa: Iowa Consumer Data Protection Act | January 1, 2025 | Covered | Covered |
| Kentucky: Kentucky Consumer Data Protection Act | January 1, 2026 | Anticipated 1H2025 | Covered |
| Maryland: Maryland Online Data Privacy Act | October 1, 2025 | Anticipated 1H2025 | Covered |
| Minnesota: Minnesota Consumer Data Privacy Act | July 31, 2025 | Anticipated 1H2025 | Covered |
| Montana: Montana Consumer Data Privacy Act | October 1, 2024 | Covered | Covered |
| Nebraska: Nebraska Data Privacy Act | January 1, 2025 | Covered | Covered |
| New Hampshire: SB 255 | January 1, 2025 | Covered | Covered |
| New Jersey: SB 332 | January 15, 2025 | Covered | Covered |
| Oregon: Oregon Consumer Privacy Act | July 1, 2024 | Covered | Covered |
| Rhode Island: Rhode Island Data Transparency and Privacy Protection Act | January 1, 2026 | Anticipated 1H2025 | Covered |
| Tennessee: Tennessee Information Protection Act | July 1, 2025 | Covered | Covered |
| Texas: Texas Data Privacy and Security Act | July 1, 2024 | Covered | Covered |
| Utah: Utah Consumer Privacy Act | December 31, 2023 | Covered | Covered |
| Virginia: Virginia Consumer Data Protection Act | January 1, 2023 | Covered | Covered |
Rowena Lam
Sr Director, Privacy & Data
IAB Tech Lab