‘It’s hurting us’: Confessions of an ad tech exec on GDPR consent-string fraud
Three months ago, four ad tech vendors flagged that they had identified fake consent strings. Consent strings are generated by a publisher’s consent management platform and passed back to all that publisher’s digital ad partners to show which impressions have user consent for personalized advertising, and which don’t. It seems the issue hasn’t gone away.
For the latest instalment in our confessions series, in which we trade anonymity for candor, we spoke to an ad tech executive who is frustrated that consent-string manipulation is potentially costing its business hundreds of thousands of pounds.
Excerpts lightly edited for clarity and flow.
How big a deal is consent string fraud?
It’s cropping up in a lot more conversations. Certain demand-side platforms are looking for consent-string anomalies by checking the different consent strings that come through different exchanges for the same domains. Those exchanges that look like they have lower levels of consent than others are being flagged by the DSPs as anomalies, but the irony is that those that stand out may not be the anomaly.
How are they not anomalies?
The exchanges that appear to have lower volumes of consented requests are only looking that way because they’re not tampering with the consent strings. The real anomalies may be those who don’t look like they have been affected, because it’s likely they’re altering the strings, or potentially behaving in a more nefarious fashion.
Are there different kinds of consent-string fraud?
Yes. We see two main types.The first type is due to a lack of interoperability between the consent strings being generated by Google’s CMP, and those that are generated via CMPs in the Interactive Advertising Bureau Europe’s GDPR framework, which use the IAB consent string. Each code is generated to do the same thing — to show a publisher’s ad tech partners which impressions have consent attached or not — but they use different codes and although everyone would like them to be interoperable, they’re not. Some DSPs don’t even know how to read the Google consent-string version. Therefore some vendors may be manipulating the strings so they can work in either environment.
That seems kind of understandable.
It is is some ways, but it’s a frustration for any exchange that’s following the rules because it puts them at a massive commercial disadvantage. We’re sticking to the IAB’s rules, but it is hurting us to do so. Those exchanges that aren’t altering them, like ours, are then hurting commercially as a result because we’re not able to monetize the same volume of inventory. Those that are tampering with the strings, are hurting less. There isn’t much visible enforcement yet from the IAB on this.
How much are we talking about being lost here?
Potentially hundreds of thousands of pounds.
What about the second type of fraud?
Some of the more murky stuff isn’t visibly happening among the tier-one vendors, but more likely with the tier-two and-three vendors and the mid to long-tail publishers. I know of one that gives publishers an option like: “tick this box if you have consent but are not using an IAB CMP,” and then the exchange is creating a string to look like they do have IAB consent from a CMP.
What does this mean for your business?
Because some of these more nefarious activities are likely to be more prevalent in the smaller exchanges, the actual impact may not be huge. There’s potentially a larger impact from anyone who is converting consent signals from one framework to another. But I see it being something we will continue to have to look into and troubleshoot well into 2019.
Are these just teething issues?
There are still technical examples of consent strings not being properly transmitted. And that’s not necessarily because of shadiness, but due to how complex our ecosystem is — there are lots of ways publishers connect to demand through containers, header bidding, tags — some things just get lost along the way. It will be extra work to ensure appropriate consent strings are passed through in the right way, and in a way that can be read.
How can this be stopped?
The problem with coming down on this issue is that it will cause pain through the value chain. It’s a little like the wider issue with ad fraud — not many businesses are incentivized to completely clamp down on it because everyone’s motivations are commercial. No one gets a bonus for being legally compliant, they get a bonus for hitting their numbers. Really, the only businesses with the incentive to want to remove fraud entirely are the advertisers because it’s their budgets.
Advertising, mired in racism, has a long road to recovery
Companies need to respond to the racism row with genuine intentions or not participate in the conversation at all, anything in between can be very disingenuous.
‘The boundaries have broken’: Employers deal with the reality of workers bringing their ‘whole selves’
ven as employers have touted “bring your whole self to work” theorems over the past couple of years, it’s forgotten that that privilege has only really been afforded to a few. For many, bringing your whole selves to work isn’t an option. And the realities of the current work-from-home brigade mean that many haven’t been given a choice: When work is literally in your home, how do you keep it at arm’s length?
How publishers are changing branded content operations to remotely produce high-res campaigns
By using emerging technology like camera drop kits to ensure higher resolution content, branded content studios are able to ensure clients achieve brand safety.
SponsoredVideo: Marketers discuss the future state of less interruptive in-stream ads
In a new video, experts from GumGum, The Martin Agency and Pinterest discuss the future of video advertising — and outline their vision for how video ads can be less disruptive.
MediaMath explores a possible sale
The ad tech company is working with investment bank Centerview Partners on the process -- which could also include a debt refinancing -- according to people familiar with the matter.
With the latest crisis, media needs to back up words with actions
For the media industry, this was a week of introspection -- and a time of decision. For all the progressive ideals espoused by publishers, marketers and agencies, most fall well short when it comes to turning words into action.