Home Data-Driven Thinking Consent Fraud: A Simmering Problem That Could Scald The Ecosystem
OPINION: Data-Driven Thinking

Consent Fraud: A Simmering Problem That Could Scald The Ecosystem

By AdExchanger

SHARE:
Daniel Jaye headshot

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Daniel Jaye, founder and head of product at aqfer.

Ad fraud has long been on marketers’ radar, but there is another type of overlooked fraudulent activity that carries potential regulatory and reputation-related consequences: consent fraud.

For those not in the know, the potential fraud can be traced to the consent string, a technical feature used in relation to data privacy and the General Data Protection Regulation (GDPR).

A consent string is a set of numbers generated by the consent management platform (CMP) used by a company deemed to be a data controller under GDPR. Sometimes called a “daisybit,” the consent string indicates whether a vendor has gained a consumer’s consent to use relevant data to serve personalized ads and specifies how the identifying data is used. It’s framed through single digits, or bits: a 1 means the ad tech vendor has the consent required, and a 0 means it doesn’t.

This simple algorithm goes to the heart of whether ads can be served as they have since the advent of the digital era – and that, in turn, goes to the heart of GDPR’s wide-ranging regulations. It’s why the Interactive Advertising Bureau (IAB) of Europe specifically opted to assign a consent string to all providers on its global vendor list, which is fundamental to the IAB Transparency and Consent Framework.

GDPR only went into effect last May, and we’re already hearing that some vendors are pulling the strings needed to push through unwanted ads. It doesn’t take too much technical prowess to hack the system and change daisybits, and that’s become an option for some unscrupulous players.

At the most basic level, a 0 becomes a 1, and presto, the consumer’s wishes are ignored and many more ads are allowed. To be fair, it’s only one or two bad actors so far (that I know of). But misdeeds this early send a bad signal.

Another issue may be that while IAB’s consent string is the clear standard, there’s at least one alternative: Google and its Funding Choices platform. Launched in the United States back in summer 2017 (it’s since been rolled out in other markets), it was created to help publishers get back some of the revenue they were losing to ad blockers.

This is more of an approach than a standard, but it can serve different results for the same ad bid request – and given Google’s reach, that matters. However, the company has indicated that it will accept the next iteration of the IAB standard, assuming certain adjustments are made.

But many US enterprises doing business in Europe, and even some European vendors directly in the line of fire, lack the experience and commitment to deploy the right CMPs and guarantee the integrity of the process. It’s even more troubling that although GDPR was supposed to establish a common standard, it is interpreted differently in different jurisdictions. A depressing number of companies don’t understand fundamental requirements, and a few seem to think the old cookie notices are enough.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Daily Roundup

Daily News Roundup

Never Mind About The Whole TID Thing; Live Sports Still Wins On Universal Reach

In other words, the message that what was previously a directive is now a law – and breaking it will bring consequences – hasn’t resonated loudly enough yet.

Sure, there are nuances. Balancing a legitimate interest assessment that takes into account risks and intrusiveness makes for a complex equation. But we should be able to tell the difference between a 1 and a 0.

GDPR is real and consequential, and there are surely more privacy mandates coming. Consent fraud isn’t even a simmer yet, but anything close to a boil will hurt the whole ecosystem. It might begin with greater scrutiny and exposure, then proceed to additional sanctions and even heavier regulation.

But more than the fear of punishment, we should consider the upside. Just as attempts to do an end run around legitimate interest could backfire, gaining appropriate consent can pay rich dividends. There’s often a stigma associated with data-driven marketing. Respecting consumer preferences, remaining accountable and meeting consumer needs helps us all in the long run.

Yes, any kind of regulation can be painful. But with GDPR and other privacy mandates, playing by the rules could create big wins.

Follow aqfer (@aqferinc) and AdExchanger (@adexchanger) on Twitter.

Must Read

Olivia Kory, Haus (Photo credit: Sean T. Smith)
Measurement

For Meta Marketers, Automation Isn’t Always The Advantage (But It’s Complicated)

Meta says “trust the machine” – but marketers are finding out that automated ad platforms, including Advantage+, don’t always know best.

Comic: Header Bidding Rapper (Wrapper!)
Publishers

Prebid.org Is At A Crossroads, And Must Now Decide Whose Interests It Serves

Prebid’s future is up for grabs as the open-source project grows apart from the IAB Tech Lab, the industry’s self-appointed standards authority.

PODCAST: The Big Story

Rest In Privacy, Sandbox

Last week, after nearly six years of development and delays, Google officially retired its Privacy Sandbox.
Which means it’s time for a memorial service.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Platforms

AWS Launches A Cloud Infrastructure Service For Ad Tech

AWS RTB Fabric offers ad tech platforms more streamlined integrations with ecosystem and infrastructure partners, allegedly lower latency compared to the public internet and discounts on data transfers.

CTV

Netflix Boasts Its Best Ad Sales Quarter Ever (Again)

In a livestreamed presentation to investors on Tuesday, co-CEO Greg Peters shared that Netflix had its “best ad sales quarter ever” in Q3, and more than doubled its upfront commitments for this year.

Comic: No One To Play With
Privacy

Google Pulls The Plug On Topics, PAAPI And Other Major Privacy Sandbox APIs (As The CMA Says ‘Cheerio’)

Google’s aborted cookie crackdown ends with a quiet CMA sign-off and a sweeping phaseout of Privacy Sandbox technologies, from the Topics API to PAAPI.

Popular

  1. Comic: Header Bidding Rapper (Wrapper!)
    Publishers

    Prebid.org Is At A Crossroads, And Must Now Decide Whose Interests It Serves

    Prebid’s future is up for grabs as the open-source project grows apart from the IAB Tech Lab, the industry’s self-appointed standards authority.

  2. Greg Glenday, CEO, Acast
    Digital Audio

    Acast’s CEO On Why Audio Doesn’t Need Video – Or Political Ads – To Win

    Greg Glenday weighs in on why Acast is resisting the allure of video, the trade-offs of accepting political ad bucks and positioning influencer marketing as audio’s entry point into the omnichannel mix.

  3. CTV

    Comcast Intros Biddable And Programmatic For Linear TV

    On Thursday, Comcast Advertising announced that the cable provider’s linear TV inventory will now be available on a targetable, biddable basis for advertisers that want to transact programmatically.

  4. Messing around in the Privacy Sandbox
    Google’s Privacy Sandbox

    The Privacy Sandbox May Be Dead, But The AdExchanger Comics Live On

    Chrome kept cookies and killed the Privacy Sandbox, but at least we got some great comics out of it.

  5. Nick Ross, Ph.D, Co-Founder and CTO of Classify
    OPINION: Data-Driven Thinking

    AdCP And The Math Of Agentic AI: Building For Today's Economics, Not Tomorrow's Dreams

    Understanding where AI agents make financial sense today is the difference between building a sustainable competitive advantage and burning through your margins in pursuit of buzzwords.