Why the IAB GDPR Transparency and Consent Framework is a non-starter for publishers

The most significant opportunity in more than a decade to steer value towards our members is playing out now in Europe.

It is DCN’s role to help shape the future of the digital ecosystem to bend towards the interests of trusted content companies while your team focuses on the day-to-day operations. We work every day to do this and to raise the bar of trust with both advertisers and consumers.  Unlike other parts of the web media industry, we’re fortunate these efforts often align.  That is, by increasing trust for consumers and advertisers, the brands of DCN will prosper in the long-term. We are starting to see the pendulum swing in our favor – both in consumer subscriptions and the trust and transparency of the advertising market – and are working hard to accelerate it.

Since DCN exclusively represents content companies, we occasionally have a different point of view from other parts of the media ecosystem including intermediaries (e.g. ad tech companies, Google, Facebook). The business model of these intermediaries has for many years relied on harvesting the data generated from advertiser and consumer relationships with our members’ websites and apps. Right now, there is significant debate over how to best participate in the General Data Protection Regulation (GDPR) in the EU and what the effects of the roll-out of will be.  The rules of GDPR, which set a new bar for consumer privacy, were finalized years ago and since that time have inspired a rich amount of misinformation, disagreement and fear, only increasing as the GDPR enforcement date of May 25, 2018 approaches.

The IAB and IAB Europe, which are charged with representing a much broader set of stakeholders including hundreds of ad tech companies, Google, Facebook, Oath, and many others with significant intermediary interests, has released its plan to handle the GDPR roll-out.  The IAB framework, which was submitted for industry commenting, was clearly designed by ad tech companies and included endorsement from 23 ad tech companies and, most notably, zero publishers.

The IAB GDPR Transparency and Consent Framework should be considered a non-starter by all publishers as it fails on several levels and requires significant changes.

Details will be discussed in other forums but can be summarized as it:

  1. relies on cookies which are unreliable in many experiences;
  2. pushes all liability to the publisher without providing any control over the CMPs, SSPs, DSPs, exchanges and how they use this data;
  3. outsources the consent relationship with the user to a “Consent Manager Provider” (CMP) operated by an IAB-friendly;
  4. does not leverage the direct relationship between a publisher and its audience to manage consent and store it persistently in the browser (e.g. DNT);
  5. fails to reduce friction for users giving consent for purposes most important to publishers and most acceptable to users;
  6. unintentionally creates more friction with your audience for editorial and product features for the sake of protecting ad tech vendors.

Thus, it will most likely enable a practical use case where global consent is enacted to protect the status quo of maximum behaviorally-targeted advertising and unbridled data collection. In other words, their goal is to use “free” services to encourage users to click, “Turn All On” and opt back into the status quo.

Please reach out to us directly and make certain your business leaders and partners understand there are serious flaws with the IAB Consent Framework.  We strongly urge publishers to hold off signing up with the 23 companies (and Google and Facebook behind the scenes) to support the framework in its current form.

Once again, there is a window here in which publishers can rebuild consumer and advertiser trust. The most significant advertisers in the world are aligned with us on this as they begin to see their pursuit of truly one-to-one advertising across the wider web as economically and legally challenging.  GDPR will create opportunity for audience selection based on cohorts and context which is a significant risk to Google and Facebook. GDPR moves advertisers away from their current buying habits supported by the myth they can simply harvest demand through microtargeting personal data. Creating new demand through context and true relevance is the sweet spot of trust and true publishers.

And where there is significant risk to Facebook and Google and opportunity for growing consumer trust, you will come out ahead.

Re-published with kind permission of Digital Content Next