Home Data-Driven Thinking Consent Fraud: A Simmering Problem That Could Scald The Ecosystem

Consent Fraud: A Simmering Problem That Could Scald The Ecosystem

SHARE:
Daniel Jaye headshot

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Daniel Jaye, founder and head of product at aqfer.

Ad fraud has long been on marketers’ radar, but there is another type of overlooked fraudulent activity that carries potential regulatory and reputation-related consequences: consent fraud.

For those not in the know, the potential fraud can be traced to the consent string, a technical feature used in relation to data privacy and the General Data Protection Regulation (GDPR).

A consent string is a set of numbers generated by the consent management platform (CMP) used by a company deemed to be a data controller under GDPR. Sometimes called a “daisybit,” the consent string indicates whether a vendor has gained a consumer’s consent to use relevant data to serve personalized ads and specifies how the identifying data is used. It’s framed through single digits, or bits: a 1 means the ad tech vendor has the consent required, and a 0 means it doesn’t.

This simple algorithm goes to the heart of whether ads can be served as they have since the advent of the digital era – and that, in turn, goes to the heart of GDPR’s wide-ranging regulations. It’s why the Interactive Advertising Bureau (IAB) of Europe specifically opted to assign a consent string to all providers on its global vendor list, which is fundamental to the IAB Transparency and Consent Framework.

GDPR only went into effect last May, and we’re already hearing that some vendors are pulling the strings needed to push through unwanted ads. It doesn’t take too much technical prowess to hack the system and change daisybits, and that’s become an option for some unscrupulous players.

At the most basic level, a 0 becomes a 1, and presto, the consumer’s wishes are ignored and many more ads are allowed. To be fair, it’s only one or two bad actors so far (that I know of). But misdeeds this early send a bad signal.

Another issue may be that while IAB’s consent string is the clear standard, there’s at least one alternative: Google and its Funding Choices platform. Launched in the United States back in summer 2017 (it’s since been rolled out in other markets), it was created to help publishers get back some of the revenue they were losing to ad blockers.

This is more of an approach than a standard, but it can serve different results for the same ad bid request – and given Google’s reach, that matters. However, the company has indicated that it will accept the next iteration of the IAB standard, assuming certain adjustments are made.

But many US enterprises doing business in Europe, and even some European vendors directly in the line of fire, lack the experience and commitment to deploy the right CMPs and guarantee the integrity of the process. It’s even more troubling that although GDPR was supposed to establish a common standard, it is interpreted differently in different jurisdictions. A depressing number of companies don’t understand fundamental requirements, and a few seem to think the old cookie notices are enough.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

In other words, the message that what was previously a directive is now a law – and breaking it will bring consequences – hasn’t resonated loudly enough yet.

Sure, there are nuances. Balancing a legitimate interest assessment that takes into account risks and intrusiveness makes for a complex equation. But we should be able to tell the difference between a 1 and a 0.

GDPR is real and consequential, and there are surely more privacy mandates coming. Consent fraud isn’t even a simmer yet, but anything close to a boil will hurt the whole ecosystem. It might begin with greater scrutiny and exposure, then proceed to additional sanctions and even heavier regulation.

But more than the fear of punishment, we should consider the upside. Just as attempts to do an end run around legitimate interest could backfire, gaining appropriate consent can pay rich dividends. There’s often a stigma associated with data-driven marketing. Respecting consumer preferences, remaining accountable and meeting consumer needs helps us all in the long run.

Yes, any kind of regulation can be painful. But with GDPR and other privacy mandates, playing by the rules could create big wins.

Follow aqfer (@aqferinc) and AdExchanger (@adexchanger) on Twitter.

Must Read

HUMAN Expands Its IVT Detection Tool Kit With A New Product For Advertisers, Not Platforms

HUMAN has recently started complementing its bid request analysis by analyzing the time between when a bot clicks an ad and when the landing page loads. Now it’s offering the solution to individual advertisers.

Index Exchange Launches A Data Marketplace For Sell-Side Curation

Through Index Exchange’s data vendor marketplace, curators gain access to third-party data sets without needing their own integrations.

Can Publishers Trust The Trade Desk’s New Wrapper?

TTD says OpenAds is not just a reaction to Prebid’s TID change, but a new model for fairer, more transparent ad auctions. So what does the DSP need to do to get publishers to adopt its new auction wrapper?

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Scott Spencer’s New Startup Wants To Help Users Monetize Their Online Advertising Data

What happens when an ad tech developer partners with a cybersecurity expert to start a new company? You end up with a consumer product that is both a privacy software service and a programmatic advertising ID.

Former FTC commissioner Alvaro Bedoya speaks to AdExchanger Managing Editor Allison Schiff at Programmatic IO NY 2025.

Advertisers Probably Shouldn’t Target Teens At All, Cautions Former FTC Commissioner

Alvaro Bedoya shared his qualms with digital advertising’s more controversial targeting tactics and how kids use gen AI and social media.

Wall Street Turned Against Ad Tech – But May Learn To Love It Again

What can pureplay ad tech companies do to clean up their rep on the Street?