Under GDPR, publishers are adopting CMPs for fear of losing out on ad revenue

Several vendors in France have reported the same findings. Smart, an SSP, said just over 40 percent of its ad calls now come through with consent strings — which can only be generated once a publisher adopts a CMP (it didn’t have a comparison figure).

Getting consumers’ consent to have their data collected for ad-targeting purposes is one way marketers can comply with the GDPR. Until now, many publishers have chosen other routes such as legitimate interest, a route that’s seen as more likely to safeguard ad revenue. While many big publishers have built their own CMP or used free versions from vendors, others worry that implementing them could cause a drop in personalized advertising.

But as ad buyers place more value on getting consumer consent as a way of ensuring GDPR compliance, publisher pressure to adopt CMPs is rising, publishers and ad tech vendors said. Inventory with information about consent attached is regarded as more premium than inventory that isn’t, and buyers are willing to bid higher for it, said Romain Job, chief strategy officer at Smart.

“The value of a consent string is roughly 95 percent higher when there is consent information versus no information,” Job said.

Getting any buyer demand is difficult these days if a vendor isn’t part of the IAB’s certified framework, said an executive at a major publishing company. “We’ve run campaigns off domain using vendors that aren’t in the [IAB framework] vendor list on [Google] DBM [Doubleclick BidManager] or IAB, and their creative just won’t run. So it’s [having a CMP] definitely a requirement right now for making money,” said the same executive.

Vendors agree. “The speed of [CMP] adoption demonstrates that publishers understand having GDPR-compliant consent is vital to their future in a post-GDPR world,” said Somer Simpson, head of product for GDPR for CMP vendor Quantcast. “Equally, advertisers need to know whether the audiences they are targeting have consented and typically find those audiences to be more valuable. The more forward-thinking companies on both sides have already taken action, and we’re now seeing a larger number wake up to the fact that they need to adapt.”

Google is also adding urgency to CMP adoption. Google has taken a stricter approach to GDPR compliance than many other businesses in the ad sector that have hoped to rely on legitimate interest. For now, Google has created a whitelist of vendors based on their being GDPR-compliant. Once Google integrates with the Interactive Advertising Bureau’s Transparency and Consent framework, it will deliver campaigns based on the vendors for which they receive consent in the bid request. No CMP, no consent in the bid request. Publishers without a CMP in place could lose out by not being able to run personalized ads, said Adrian Thil, head of corporate development at Smart.

Some publishers believe that over time, CMPs will overtake legitimate interest as the dominant approach for becoming GDPR-compliant, though for yet another reason: Publishers may adopt assumed consent, a tactic used by many websites considers any move or click of the mouse outside the “no” consent option to be assumed consent. But publishers still need a CMP to track assumed consent.

“These loopholes — like not forcing a user to click yes, and instead having terms that state ‘If you click any part of the page beyond the small no button on the right hand side of this message, we’ll just capture your data’ will reign supreme. As soon as everyone adopts that, legitimate interest won’t really exist,” said a publishing executive.