Beyond the cookie: Publishers flirt with generating identity-based user consent

Some publishers, anxious to reduce their reliance on third-party cookies while still meeting data-privacy law requirements, are considering a new way to collect their users’ data-privacy preferences: authenticated consent.

The concept of authenticated consent is simple: Publishers can collect users’ consent based on identity-based signals rather than cookies, and make the user experience more consistent across multiple publisher platforms and devices in the process.

Sourcepoint, for example, has designed a consent-authentication tool that doesn’t use third-party cookies and which clients can integrate into their existing consent management platforms provided by the vendor.

The tool lets publishers that have registration strategies — and therefore logged-in users — collect and store those users’ consent preferences. What data that consists of depends on what details the publisher asks for at registration. A single user ID is created so the publisher can sync the user across all its other platforms and devices so users don’t have to keep restating their data preferences.

Two global publishers have signed on to use the tool, according to Sourcepoint. The publishers didn’t want to be named due to the common reticence most businesses have to invite unwanted regulator scrutiny on their individual data-privacy strategies.

The tool is aimed at improving the consent user experience, which is currently messy and confusing. Once a user has given their explicit consent to a publisher on their work computer, for instance, they won’t need to restate their preferences when they visit that publisher on its mobile app, home laptop or over-the-top streaming device like a set-top box or smart TV. Sourcepoint has integrated with multiple authentication vendors including Auth0 and OneIdentity to create the tool.

Having one user ID that has a user’s data-privacy preferences attached and can be synced across all a publisher’s products would in theory open up more consented impressions for the publisher to sell, boosting monetization. The tool won’t change the way consent signals are currently passed to publisher programmatic partners.

U.K. publishers have expressed interest in the product, though if it were to be expanded to external CMPs other than the one Sourcepoint offers, they’d want to examine any potentially complex onboarding issues that may arise.

“It sounds like a good initiative which expands the tools publishers can leverage to capture consent, limiting the wastage coming from the technology limitations of being unable to identify the user,” said Alessandro de Zanche, independent publisher consultant and former News UK executive. But he added that publishers need to ensure their GDPR strategies go a lot deeper than the type of tools they use. “Let’s not be fooled by the difference between an effective tool and the need for this tool to be part of a long-term strategy and vision aimed at reinventing digital advertising for quality media and re-establishing the role of publishers in the ecosystem,” he said.

Changes made by the browsers such as Apple’s anti-tracking policy on Safari, which bans the use of third-party cookies has contributed to an industrywide recognition that urgent alternatives are required. Media agencies are pursuing ad targeting methods that don’t rely on the third-party cookie, while publishers are also pushing forward with first-party cookie solutions. Browsers Firefox and Brave have taken similar stances to Safari, while Google has introduced the ability for users to choose whether they allow tracking via third-party cookies.

The browser developments, alongside the requirements of the General Data Protection Regulation, have compounded the urgency for the search for non-third-party cookie alternatives for media buying and selling.

“It’s on the mind of pretty much every publisher out there,” said Ben Barokas, CEO of Sourcepoint. “We’re at an interesting tipping point where 50% of traffic available is cookie-challenged unless identity is understood and consent is captured, and the ability to do audience targeting is brought back to those devices.” For Sourcepoint, that can only be achieved with consent, and ensuring there is transparency between consumers, publishers and any ad partner involved in a media transaction, he added. “The intersection of identity and consent is a very important,” said Barokas.

Data privacy is listed as one of the biggest issues likely to affect publisher businesses over the next two years, according to 48 global publishers that Sourcepoint surveyed recently. Four in five respondents said that stricter local and global privacy regulation would have some kind of impact on their business, with around half saying this would cause major change.

Consent strategies for mobile web and in-app were listed as the most critically important to nail by 4 in 10 respondents, while 3 in 10 said having a post-cookie strategy for user personalization was critical, according to the same research.

While the feature has been created for publishers, media buyers welcome any guarantees that inventory contains explicit consumer consent.

Some media agencies only buy based on what inventory has consumer consent attached. Walled gardens such as Google’s make this a prerequisite already.

However, the range of publisher GDPR strategies and consent mechanisms is far from standardized. Some operate on a strict explicit consent-only strategy, while others lean on implied consent and others still default to the legitimate interest clause. That not only renders the user experience messy and confusing, but doesn’t reassure media buyers they’re buying GDPR-bulletproof inventory.

“There is a way to go in terms of everyone agreeing on the correct legal approach to gaining consent, and inefficiencies in the current tools in market,” Matt McIyntre, head of programmatic for EMEA at Essence. Currently, signals show either a yes or no consent signal, which agencies have to trust is accurate. “There is no function that looks to validate, so if people develop tools that help us build confidence in the validity of the consent, that’s welcome,” he added.

More in Media

Publishers’ Privacy Sandbox pauses settle into a deep freeze following reports of poor performance

Publishers aren’t ready to press play yet on dedicated Privacy Sandbox tests.

AI Briefing: Senators propose new regulations for privacy, transparency and copyright protections

A new bill called the COPIED Act aims to pass new transparency standards to protect IP and guard against AI-generated misinformation.