Connect with execs from Axios, The New York Times, Paramount and more.
This article is a WTF explainer, in which we break down media and marketing’s most confusing terms. More from the series →
Those preparing for May 25, when enforcement of the General Data Protection Regulation begins, have likely heard a new acronym: CMP, or consent management platform. What is it, and why is it necessary? Here’s an explainer:
What’s a consent management platform anyway?
It’s the technical infrastructure a business uses to collect and store what data customers have consented to be used and for what. The CMP then feeds that information to other selected partners in the digital ad supply chain. The idea is that everyone in a publisher’s supply chain understands what data they may use and for what. Some brands, like telcos, have had consent management systems for several years. Some anti-ad-blocking tech providers have started to make it part of their offering.
Does the GDPR require businesses to have a CMP?
No, but it’s advisable. The Interactive Advertising Bureau Europe has said any business that’s classified as a data controller (any website owner with first-party data) needs to have a CMP if it wants to plug into its consent framework, which is a way of standardizing requests for consent across the digital ad supply chain.
What else can a CMP do?
Some can include data-preference centers where people can manage their own privacy settings. It can keep track of the consent process, from the point where a consumer first gives permission to the point when they adjust or remove their permissions, and ensures compliance by any ad tech vendor that’s been given consent by the publisher to use that data. Vendors can find out if they’ve been given consent or if they can no longer use the data via an application programming interface.
Are all CMPs the same?
There will likely be different degrees of sophistication. A basic version manages capturing consent, while a more advanced version takes in data on different stages of consent — not just opt-ins and opt-outs, but opt-downs, which is when customers want fewer messages from a business but don’t want to opt out entirely. “[A CMP] can integrate with existing data systems specifically to manage consent,” said Chad Wollen, CMO at ad tech vendor Smartpipe. “It integrates with your [customer] touch points [such as call centers and stores] so you can collect consent at different stages and at different occasions.”
Sounds straightforward. So what’s the catch?
Nothing is simple when it comes to the GDPR, and CMPs are no different. First, the more features a CMP has, the more it will cost. Publishers with multiple titles need to manage consent for the parent company, but also on the individual brand level. Publishers also have to gain consent not just for themselves, but for their ad tech partners. Also, once consent is given, that data can only be used for one purpose.
“The GDPR has caused people to think about this in a broad way, putting too high a focus on the initial gathering of consent — that one moment,” Wollen said. “But really, people need to think of the entry-level consent and then build the steps and paths to adding more consent for more products.”
More in Media
Media Briefing: Declared ‘good bots,’ mixed-use crawlers, gray scrapers – how AI accesses publisher content
The Cloudflare’s latest AI settings reshape how compliant crawlers behave, yet the biggest leakage for publisher content remains a gray scraping economy that doesn’t bother to play by those rules.
In Graphic Detail: The state of streaming highlights the power of creators
“Just Chatting” is the driving force behind views on major streaming platforms, thanks to the appeal of personality-driven creators
Hot Ones creator Sean Evans on YouTube vs. TV, the interview boom and what comes next
Hot Ones host and TIME 100 top creator Sean Evans chats about the creator economy’s past, present, and future