• The Imperative of Neutral Industry Standards for Consent Management

    The point of industry standards is to form a common, collaborative layer upon which all participants can accelerate innovation, and therefore offer more (and better) products and services to the market. The challenge of standardization is not so much technology as it is cooperation — it’s difficult to get many companies (partners and competitors alike) working together. There may be no better example of the need for neutral industry standards than the upcoming European consumer data protection regulation.

    With only 8 weeks to go until the new General Data Protection Regulation (GDPR) comes into force, many organisations are still analysing their risk profile and operationalising their compliance strategy. The majority of platforms, publishers and advertisers are focusing on leveraging either legitimate interest or consent as their legal basis for data processing. A number of ad tech vendors that don’t have a direct relationship with the consumer, are looking to publishers to get consent on their behalf. Amongst them is Google, who last week announced they will be updating their policies to require publishers using their ad products to take extra steps in obtaining consumer consent. Google said that it is “exploring [consent] solutions for publishers, including working with industry groups like IAB Europe.”

    IAB Europe publicly released a proposal on how consent capture, storage and propagation could be standardised for the digital advertising ecosystem earlier this month. Both, IAB EU and IAB Tech Labs are making a concerted effort to engage and solicit feedback from organisations across the industry through events, webinars and working group sessions. A recent blog post by Townsend Feehan directly addresses publisher questions about the framework.

    DigiTrust is in full support of the proposed Consent and Transparency Framework and believes an open source, industry collaboration is the only option for consumer-facing brands to provide the ecosystem partners of their choice with a common language to understand and enforce consumer consent preferences. Having worked closely with regulators, it’s also done a lot of the heavy lifting on figuring out how to interpret and translate the regulation into an e-Privacy and GDPR compliant consent solution for those opting to use consent as a legal basis.

    Over the past three months, DigiTrust has been consulting our members as well as running broader working group sessions to better understand publisher and platform requirements for a consent management platform (CMP). We believe the market would benefit from a neutral, not-for-profit CMP and that DigiTrust is well positioned to fill the gap. We also believe it makes sense to tie consumer privacy preferences to the DigiTrust standardized ID. Through leveraging existing technology to persist the ID and consent signal, audience recognition will improve for the industry while at the same time preserving consumer privacy preferences. DigiTrust adopters will benefit from broader user recognition and consent coverage than they would otherwise have, resulting in greater scale for the buy side, improved user experience with a reduced need for repetitive consumer choices and faster page load speeds as well as higher yield for publishers.

    DigiTrust is keen to play a valuable role here for our members and the wider marketplace, but being a not-for-profit consortium, we are not in the position to execute this ourselves. We are actively discussing a development collaboration with members that would see us either collectively build a consent management solution from scratch or leverage a CMP development project already underway, assuming their interests are aligned with DigiTrust member’s (neutral, open source, tying to the DigiTrust ID, etc).

    If you are interested in participating, please contact Anissa@Digitru.st. Whether you’re a consumer-facing publisher or advertiser brand, your European digital advertising and marketing operations most likely rely on third parties, for which you will need to ascertain GDPR compliance. DigiTrust looks forward to working with you in support of neutral industry standards that cause minimal disruption and risk to your business.