Under GDPR, publishers are adopting CMPs for fear of losing out on ad revenue
More publishers are feeling under pressure to adopt a consent-management platform to be compliant with the General Data Protection Regulation, publishers and ad tech vendors say.
CMPs store consent information and pass it on to the publisher’s programmatic partners. In the U.K., 31 percent of publishers had a CMP, an increase of 12 percent from July to August, according to tech vendor Adzerk. Among U.S. publishers, 27 percent had a CMP in August, up 13 percent from the month before. (Adzerk defines “publisher” as a site that shows programmatic ads).
Several vendors in France have reported the same findings. Smart, an SSP, said just over 40 percent of its ad calls now come through with consent strings — which can only be generated once a publisher adopts a CMP (it didn’t have a comparison figure).
Getting consumers’ consent to have their data collected for ad-targeting purposes is one way marketers can comply with the GDPR. Until now, many publishers have chosen other routes such as legitimate interest, a route that’s seen as more likely to safeguard ad revenue. While many big publishers have built their own CMP or used free versions from vendors, others worry that implementing them could cause a drop in personalized advertising.
But as ad buyers place more value on getting consumer consent as a way of ensuring GDPR compliance, publisher pressure to adopt CMPs is rising, publishers and ad tech vendors said. Inventory with information about consent attached is regarded as more premium than inventory that isn’t, and buyers are willing to bid higher for it, said Romain Job, chief strategy officer at Smart.
“The value of a consent string is roughly 95 percent higher when there is consent information versus no information,” Job said.
Getting any buyer demand is difficult these days if a vendor isn’t part of the IAB’s certified framework, said an executive at a major publishing company. “We’ve run campaigns off domain using vendors that aren’t in the [IAB framework] vendor list on [Google] DBM [Doubleclick BidManager] or IAB, and their creative just won’t run. So it’s [having a CMP] definitely a requirement right now for making money,” said the same executive.
Vendors agree. “The speed of [CMP] adoption demonstrates that publishers understand having GDPR-compliant consent is vital to their future in a post-GDPR world,” said Somer Simpson, head of product for GDPR for CMP vendor Quantcast. “Equally, advertisers need to know whether the audiences they are targeting have consented and typically find those audiences to be more valuable. The more forward-thinking companies on both sides have already taken action, and we’re now seeing a larger number wake up to the fact that they need to adapt.”
Google is also adding urgency to CMP adoption. Google has taken a stricter approach to GDPR compliance than many other businesses in the ad sector that have hoped to rely on legitimate interest. For now, Google has created a whitelist of vendors based on their being GDPR-compliant. Once Google integrates with the Interactive Advertising Bureau’s Transparency and Consent framework, it will deliver campaigns based on the vendors for which they receive consent in the bid request. No CMP, no consent in the bid request. Publishers without a CMP in place could lose out by not being able to run personalized ads, said Adrian Thil, head of corporate development at Smart.
Some publishers believe that over time, CMPs will overtake legitimate interest as the dominant approach for becoming GDPR-compliant, though for yet another reason: Publishers may adopt assumed consent, a tactic used by many websites considers any move or click of the mouse outside the “no” consent option to be assumed consent. But publishers still need a CMP to track assumed consent.
“These loopholes — like not forcing a user to click yes, and instead having terms that state ‘If you click any part of the page beyond the small no button on the right hand side of this message, we’ll just capture your data’ will reign supreme. As soon as everyone adopts that, legitimate interest won’t really exist,” said a publishing executive.
Member ExclusiveDigiday Research: In the race to comply with digital privacy laws, few sites are making it easy for visitors to opt out of data collection
Just a tiny fraction of websites are giving visitors a choice in how the data collected on them is used.
Member ExclusiveMedia Buying Briefing: WTF are barter agencies?
Barter agencies have always operated on the fringes of the media agency scene. What's changed for them since the pandemic?
Cheat Sheet: Google unveils timeline for a more ‘responsible’ cookie death clock
Google elaborated on its timeline for killing off third-party cookies as part of its promises to the UK's antitrust authority.
SponsoredHow the ad industry can use its borrowed time to future-proof first-party data solutions
Trent Lloyd, co-founder and head of brand solutions, Eyeota Google’s updated timeline for its Privacy Sandbox rollout, including its two-year delay of third-party cookie deprecation on Chrome, didn’t come as a surprise to many industry observers, given the limited utility of Google’s FLoC and the slow momentum of the Privacy Sandbox in the World Wide […]
‘Weak Sauce’: New industry tool for opt-out from email-based tracking misses ID tech and key players like Facebook and Liveramp
The Network Advertising Initiative's new privacy control is intended to stop email-based audience matching — often referred to as onboarding.
How news publishers are using the Olympics and AR to flex their emerging tech storytelling
Big publishers like The Washington Post and USA Today are developing and expanding AR storytelling around the Olympic Games.