And the framework’s backers may have their work cut out when it comes to getting scaled adoption from publishers.
“The IAB solution envisions that publishers will get global consent for the entire ecosystem, store it in a cookie [and] share it with a third-party consent server,” said Jason Kint, CEO of online media trade group Digital Content Next, in a note to AdExchanger.
The pitch to publishers is that data-based buys drive higher ad rates, and so they’ll earn more if supply chain partners can target audiences with consent when it’s required.
Kint said the use of aggregated cookie data and consent across sites and apps “doesn’t meet the letter or spirit of the GDPR,” and it could expose publishers to liability.
The IAB Europe “did its homework and is plugged in with regulators,” said Alice Lincoln, MediaMath’s VP of data policy and governance. She said the framework is also intended to evolve based on GDPR enforcement and the final version of the ePrivacy law.
And other publishers have contributed to the IAB Europe working group, if indirectly.
AppNexus shared the working group’s ideas with media clients while it developed the framework with the IAB Europe, so some of its top publishers have already adopted the solution and given feedback on the standards, said Julia Shullman, AppNexus deputy general counsel and director of the company’s privacy group.
And the IAB’s Matthiesen said there are some common misunderstandings about its third-party cookie language.
“We’re using ‘cookies’ in this case as any device where information about user consent is stored,” he said.
For now, the system does rely on cookies for the transmission of consent, he said, but in the future, the group plans to develop non-cookie based ways to pass data, like an offline server-to-server solution to centralize IDs.
The IAB Tech Lab GDPR working group, working separately from IAB Europe, debuted an OpenRTB feature last month for passing consent in the supply chain as a bidstream data field. The Tech Lab is also working on ways, like blockchain-based encryption, for publishers to pass data to known vendors – or at least vendors with ads.txt certification – without potentially exposing data to another intermediary.