WTF is the IAB’s Multi-State Privacy Agreement?

By Tim Peterson • January 16, 2023 •

Ivy Liu

This article is a WTF explainer, in which we break down media and marketing’s most confusing terms. More from the series →

Pity the privacy compliance officers. This year companies have to adapt to five new state-level privacy laws in the U.S., which means companies’ privacy and legal teams have to figure out how to comply with the various laws and their varying requirements for how people’s personal information can be collected and used for advertising purposes and otherwise.

Fortunately for companies, the Interactive Advertising Bureau has devised a privacy compliance framework called the Multi-State Privacy Agreement that aims to aid compliance across all five state-level privacy laws at once.

“There are disclosures of personal information that happen in the digital advertising supply chain where there are presently no contracts that exist at all, but there need to be contracts going forward,” said IAB evp and general counsel Michael Hahn.

The MSPA — in conjunction with the corresponding Global Privacy Platform — effectively functions as a contract-creating trigger to institute agreements between the companies collecting people’s personal information and the companies that may access that data through the programmatic advertising supply chain.

Sound complicated? It is and it isn’t, as the video below explains.

WTF is the IAB’s Multi-State Privacy Agreement?

More in Marketing

OpenAI’s countdown: monetization, ads, and a Google-shaped threat

Crisis, culture and costs: The new reality of the modern CMO

Digiday+ Research: The marketer’s guide to AI applications, agentic AI, AI search and GEO/AEO in 2026