> ## Documentation Index > Fetch the complete documentation index at: https://developer.onetrust.com/llms.txt > Use this file to discover all available pages before exploring further. # IAB CCPA US Privacy String # Overview The California Consumer Privacy Act (CCPA) was enacted to provide California consumers with greater transparency and control over their personal information. Initially prompted by regulation in the California Consumer Privacy Act (CCPA), the IAB's US Privacy String were created to support compliance with the CCPA. For more information, consider reviewing the following IAB CCPA's resources: * [About the IAB CCPA](https://www.iab.com/guidelines/ccpa-framework/) * [IAB CCPA US Privacy String (Github)](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/US%20Privacy%20String.md#us-privacy-string-format) * [IAB CCPA US Privacy API (Github)](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/USP%20API.md#in-app-support) ## What This Article Covers * How to implement the **Latest** solution (SDK versions 6.12.0+) * How to migrate from the **Legacy** solution to the **Latest** solution * How to implement the **Legacy** solution (SDK versions -6.12.0) *** ## Implement the US Privacy String (Latest) > Available for OneTrust SDK versions 6.12.0+ ### Prerequisites In order to setup US Privacy String on your app, you will first need to follow the set up guidance for [Configuring the CCPA US Privacy String](https://my.onetrust.com/s/article/UUID-b13833aa-0308-bb96-6db8-87df8aaf1a45) in your OneTrust tenant. ### How It Works With this latest implementation, there is no SDK code for the app to call to initialize or set the IAB US Privacy String. The SDK handles it automatically based on the configuration in the OneTrust tenant. ### Access the US Privacy String Per IAB Standards, the US Privacy String is saved to UserDefaults under the `IABUSPrivacy_String` key. ```swift //Swift let ccpaString = UserDefaults.standard.string(forKey:"IABUSPrivacy_String") //ObjC id iabTcfValue; id savedValue = [NSUserDefaults.standardUserDefaults valueForKey:@"IABUSPrivacy_String"]; if (savedValue) { iabTcfValue = (NSString *)savedValue; } else { iabTcfValue = @""; } ``` *** ## How to Migrate from Legacy to Latest Version ### Prerequisites In order to setup US Privacy String on your app, you will first need to follow the set up guidance for [Configuring the CCPA US Privacy String](https://my.onetrust.com/s/article/UUID-b13833aa-0308-bb96-6db8-87df8aaf1a45) in your OneTrust tenant. > **Note:** Make sure to publish your changes for them to take effect. ### Configuring the Codebase 1. Remove all Legacy method calls from your codebase. These are no longer needed because the OneTrust SDK handles all this logic on your behalf. * `initializeCCPA()` * `optIntoSaleOfData()` * `optOutOfSaleOfData()` 2. Download the latest SDK data using `startSDK()` 3. Test your app for quality to ensure proper functionality. *** ## Implement the US Privacy String (Legacy) 1. Create a CCPA Template in the OneTrust Admin Console * By default, a `Sale of Personal Data` category will be created as a "Parent" category and other categories will be nested underneath as children. 2. In the CCPA template, disable the **AllowHostOptOut** option 3. Assign that Template to a Geolocation Rule * Most users select California for their Geolocation Rule locale, however there is no restriction to selecting additional US States or Countries to apply this template to as well. 4. Assign the Geolocation Rule Group to a Mobile App 5. Publish the Mobile App ### Initialize the US Privacy String (Legacy) After you have called `startSDK()`, you will make a call to `initializeCCPA()` for the first time. ```swift // Swift let gidArray = ["9005", "C0002", "C0001"] OTPublishersHeadlessSDK.shared.initializeCCPA(categoryIDs: gidArray, geolocation: .ca, explicitNotice: true, lsPact: true) // ObjC: NSArray *gidArray = @[@"9005", @"C0002", @"C0004"]; [OTPublishersHeadlessSDK.shared initializeCCPAWithCategoryIDs:gidArray geolocation: CCPAGeolocationCa explicitNotice:YES lsPact:YES]; ``` | Param | Type | Description | | ---------------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `categoryIDs` | `[string]` | An arrray of child category Ids nested under the `Sale of Personal Data` toggle. | | `geolocation` | `string` | The geolocation for which `IABUSPrivacy_String` should be updated. Permissible values include: `.all` (all regions), `.us` (USA only), and `.ca` (California only) | | `explicitNotice` | `boolean` | Boolean value to be passed when explicit notice been provided as required of the CCPA and the opportunity to opt out of the sale of their data. | | `lsPact` | `boolean` | Boolean value to be passed when the Publisher is a signatory to the IAB Limited Service Provider Agreement (LSPA) and the publisher declares that the transaction is covered as a “Covered Opt Out Transaction” or a “Non Opt Out Transaction” as those terms are defined in the Agreement. | > Please note that if your application is configured with a single geolocation rule, OneTrust will save and update the IAB CCPA values for every location, regardless of the value provided for geolocation. This is because the OneTrust SDK does not make a geolocation API call when only one geolocation rule exists and we will be unable to determine which location to apply the IAB CCPA updates to. ### When a User Withdraws Consent Calling this method will: * Update the US Privacy String to indicate the user has opted-out of the sale of personal information * Broadcast the change to your app to alert 3rd party vendors of the change ```swift // Swift OTPublishersHeadlessSDK.shared.optOutOfSaleOfData() // ObjC [OTPublishersHeadlessSDK.shared optOutOfSaleOfData]; ``` ### When a User Gives Consent Calling this method will: * Update the US Privacy String to indicate the user has opted-in to the sale of personal information * Broadcast the change to your app to alert 3rd party vendors of the change ```swift // Swift OTPublishersHeadlessSDK.shared.optIntoSaleOfData() // ObjC [OTPublishersHeadlessSDK.shared optIntoSaleOfData]; ``` ### Access the US Privacy String Per IAB Standards, the US Privacy String is saved to UserDefaults under the `IABUSPrivacy_String` key. ```swift //Swift let ccpaString = UserDefaults.standard.string(forKey:"IABUSPrivacy_String") //ObjC id iabTcfValue; id savedValue = [NSUserDefaults.standardUserDefaults valueForKey:@"IABUSPrivacy_String"]; if (savedValue) { iabTcfValue = (NSString *)savedValue; } else { iabTcfValue = @""; } ``` ![](https://files.readme.io/97f5dc4-rtaImage.png "rtaImage.png") ## Access the US Privacy String Per IAB Standards, the US Privacy String is saved to UserDefaults under the `IABUSPrivacy_String` key. ```swift //Swift let ccpaString = UserDefaults.standard.string(forKey:"IABUSPrivacy_String") //ObjC id iabTcfValue; id savedValue = [NSUserDefaults.standardUserDefaults valueForKey:@"IABUSPrivacy_String"]; if (savedValue) { iabTcfValue = (NSString *)savedValue; } else { iabTcfValue = @""; } ``` *** # How to Migrate from Legacy to Latest Version ## Prerequisites In order to setup US Privacy String on your app, you will first need to follow the set up guidance for [Configuring the CCPA US Privacy String](https://developer.onetrust.com/sdk/config/templates/iab-ccpa-usp-string) in your OneTrust tenant. > **Note:** Make sure to publish your changes for them to take effect. ## Configuring the Codebase 1. Remove all Legacy method calls from your codebase. These are no longer needed because the OneTrust SDK handles all this logic on your behalf. * `initializeCCPA()` * `optIntoSaleOfData()` * `optOutOfSaleOfData()` 2. Download the latest SDK data using `startSDK()` 3. Test your app for quality to ensure proper functionality. *** # Implement the US Privacy String (Legacy) 1. Create a CCPA Template in the OneTrust Admin Console * By default, a `Sale of Personal Data` category will be created as a "Parent" category and other categories will be nested underneath as children. 2. In the CCPA template, disable the **AllowHostOptOut** option 3. Assign that Template to a Geolocation Rule * Most users select California for their Geolocation Rule locale, however, there is no restriction to selecting the additional US States or Countries to apply this template to as well. 4. Assign the Geolocation Rule Group to a Mobile App 5. Publish the Mobile App ## Initialize the US Privacy String (Legacy) After you have called `startSDK()`, you will make a call to `initializeCCPA()` for the first time. ```swift // Swift let gidArray = ["9005", "C0002", "C0001"] OTPublishersHeadlessSDK.shared.initializeCCPA(categoryIDs: gidArray, geolocation: .ca, explicitNotice: true, lsPact: true) // ObjC: NSArray *gidArray = @[@"9005", @"C0002", @"C0004"]; [OTPublishersHeadlessSDK.shared initializeCCPAWithCategoryIDs:gidArray geolocation: CCPAGeolocationCa explicitNotice:YES lsPact:YES]; ``` | Param | Type | Description | | ---------------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `categoryIDs` | `[string]` | An arrray of child category Ids nested under the `Sale of Personal Data` toggle. | | `geolocation` | `string` | The geolocation for which `IABUSPrivacy_String` should be updated. Permissible values include: `.all` (all regions), `.us` (USA only), and `.ca` (California only) | | `explicitNotice` | `boolean` | Boolean value to be passed when explicit notice been provided as required of the CCPA and the opportunity to opt out of the sale of their data. | | `lsPact` | `boolean` | Boolean value to be passed when the Publisher is a signatory to the IAB Limited Service Provider Agreement (LSPA) and the publisher declares that the transaction is covered as a “Covered Opt Out Transaction” or a “Non Opt Out Transaction” as those terms are defined in the Agreement. | > Please note that if your application is configured with a single geolocation rule, OneTrust will save and update the IAB CCPA values for every location, regardless of the value provided for geolocation. This is because the OneTrust SDK does not make a geolocation API call when only one geolocation rule exists and we will be unable to determine which location to apply the IAB CCPA updates to. ## When a User Withdraws Consent Calling this method will: * Update the US Privacy String to indicate the user has opted-out of the sale of personal information * Broadcast the change to your app to alert 3rd party vendors of the change ```swift // Swift OTPublishersHeadlessSDK.shared.optOutOfSaleOfData() // ObjC [OTPublishersHeadlessSDK.shared optOutOfSaleOfData]; ``` ## When a User Gives Consent Calling this method will: * Update the US Privacy String to indicate the user has opted-in to the sale of personal information * Broadcast the change to your app to alert 3rd party vendors of the change ```swift // Swift OTPublishersHeadlessSDK.shared.optIntoSaleOfData() // ObjC [OTPublishersHeadlessSDK.shared optIntoSaleOfData]; ``` ## Access the US Privacy String Per IAB Standards, the US Privacy String is saved to UserDefaults under the `IABUSPrivacy_String` key. ```swift //Swift let ccpaString = UserDefaults.standard.string(forKey:"IABUSPrivacy_String") //ObjC id iabTcfValue; id savedValue = [NSUserDefaults.standardUserDefaults valueForKey:@"IABUSPrivacy_String"]; if (savedValue) { iabTcfValue = (NSString *)savedValue; } else { iabTcfValue = @""; } ```