Publishers’ trade association on IAB’s proposed framework for GDPR: ‘A non-starter’
The CEO of Digital Content Next blasts the IAB proposal as a burden on publishers that retains the status quo.
A second publisher-side advocate has come out against the Interactive Advertising Bureau (IAB)’s proposed consent framework.
Jason Kint is the CEO of Digital Content Next, a New York City-based trade association of about 70 premium publishers in the US and Europe, including The New York Times, ESPN, The Washington Post, CBS, BBC, PBS and Financial Times.
In an email yesterday to his organization’s members, Kint wrote: “The IAB GDPR Consent Framework should be considered a non-starter by all publishers as it fails on several levels and requires significant changes.”
Last week, the IAB released a draft version of its proposal to collect and then automatically distribute user consent through the online advertising ecosystem, in a way that is compliant with the upcoming General Data Protection Regulation (GDPR).
After users indicate their consent (or lack thereof) for targeted ad usage of their personal data, the proposal says, the user’s consent profile is then distributed as a data unit called a Daisybit when a webpage makes a call for an ad bid.
For instance, if the user has agreed that AppNexus can serve ads based on that user’s location, then the Daisybit provides the gating info, and only AppNexus can deliver an ad using that location data.
‘All liability to the publisher’
Earlier this week, I spoke with Johnny Ryan, head of ecosystem for PageFair. Best known for its anti-ad blocking software and research, PageFair has launched a GDPR-compliant advertising initiative called Perimeter.
It avoids user consent completely by targeting ads only to broad user segments based on interest (such as pages viewed) or on non-personal attributes like geography. The idea is that individual identity cannot be determined by grouping users into those broad cohorts.
In our conversation, Ryan characterized the IAB proposal as one that “violates GDPR.”
Kint didn’t go that far, but he isn’t mincing words. His email cited the emphasis in the IAB proposal on “unreliable” cookies, and how it “pushes all liability to the publisher without providing any control over the [Consent Management Providers], SSPs, DSPs, exchanges and how they use this data.” (The IAB has said that a proposal for mobile apps, relying on mobile device IDs, is in the works.)
He noted that the IAB proposal suggests that the consent relationship with the user — a consent which would mostly be obtained while a user is on a publisher’s website — be outsourced to an outside “Consent Manager Provider” (CMP). Kint indicates that the CMP’s interests are more aligned with ad tech providers than with publishers.
Additionally, Kint wrote, the IAB framework will create “more friction with your audience for editorial and product features for the sake of protecting ad tech vendors.” He added that the proposal doesn’t do anything to “leverage the direct relationship between a publisher and its audience to manage consent and store it persistently in the browser.”
His objections echo several of Ryan’s, specifically that the framework makes publishers do the heavy lifting for ad-targeting consent, possibly at the risk of their own consent needs for, say, content personalization.
‘Opt back into the status quo’
Ryan also cites the data leakage risks in the IAB proposal, where consent data is distributed throughout the system, even if it can be acted upon only by consented providers. This is similar to Kint’s criticism that publishers, under the IAB framework, have no control over how the consent data is used by SSPs, exchanges and others.
“In other words,” Kint wrote, “[the IAB proposal’s] goal is to use ‘free’ services [from publishers] to encourage users to click, ‘Turn All On’ and opt back into the status quo.”
The IAB framework was “clearly designed by ad tech companies and included the endorsement of 23 ad tech companies and, most notably, zero publishers,” he noted.
Instead of this proposal, Kint wrote that “the most significant advertisers” are aligned with his publishers’ organization for the creation of audience selection “based on cohorts and context which is a significant risk to Google and Facebook.” Interestingly, “cohorts and context” appears similar to PageFair’s approach with Perimeter.
The current system often shortchanges the advertiser as well, Kint told me, describing brands who are “spending one dollar and [losing] 70 cents in the middle.”
“Advertisers,” he said, “are starting to appreciate that one-to-one [ad] targeting can be inaccurate, difficult, and [it now has] legal challenges.”