IAB Europe suspends consent management firms as global privacy authorities signal tougher action
Website publishers and brands often promise the data they gather from people to build audience profiles and target ads is “consent-based,” but global data protection authorities say that consent is rarely meaningful. Meanwhile, the digital ad industry’s top trade group in Europe has already quietly launched its own crackdown on misleading approaches to gathering consent for tracking.
Data privacy was was on the agenda when data protection authorities of the G7 member countries — Canada, France, Germany, Italy, Japan, the U.K. and the U.S. — met in early September, and issued a dispatch that included a tough assessment of the way most websites get people to agree to tracking.
“Meaningful consent is frequently not obtained,” they wrote in the September 9 communique, noting that “cookie walls” requiring people to agree to tracking to access content are misleading and complex. The privacy regulators said that when tracking notices feature design elements often referred to as “dark patterns” which can “trick users into providing consent,” they only reinforce the lack of control people have over their data.
Some believe cookie tracking and data collection notices that highlight choices to accept cookies with more prominent or brightly colored buttons while obscuring options to reject tracking are using dark patterns.
The G7 representatives said they want something done about misleading consent systems. “Action is needed to ensure that web users are able to meaningfully control the processing of their personal data as they browse the internet, in tandem with promoting high standards of data protection by websites and acting to tackle harmful practices,” stated the meeting report. “Web browsers, software applications and device settings all have a role to play in enabling people to set and update their lasting privacy preferences and ensure that these are respected by websites.”
Warnings and suspensions by industry itself
In a rare move, the ad industry itself is dishing out its own tough love. The Interactive Advertising Bureau in Europe in the last six months has sent letters to approximately 10 companies that provide consent management services to website publishers, warning that they were not compliant with the industry’s voluntary Transparency and Consent Framework, according to Filip Sedefov, legal director for privacy at IAB Europe. That framework — which sets standards for managing the flow of data tracking consent throughout the digital ad supply chain and was designed for compliance with the GDPR — requires consent management platforms to present notices to people in a specific manner detailed by IAB Europe.
“If there is use of dark patterns, for example, we can sanction that,” Sedefov told Digiday.
The trade body has also suspended “one or two” consent management platform companies temporarily in the last six months for failing to abide by IAB Europe’s user interface guidelines, he said. The organization’s agreements with companies registered to use its consent framework prohibit IAB Europe from revealing the names of companies that received warning letters or have been suspended. Those suspensions, “are only active for as long as the issues are not fixed,” which may be only a matter of weeks, said Sedefov.
IAB Europe has conducted manual and automated monitoring of websites and their consent management systems, detecting infractions including failure to notify people in a way that appropriately informs them about data collection or purposes for data use by third parties or ad tech vendor partners. IAB Europe told members in 2020 it would be enforcing guidelines for implementing the consent framework standards, noting that “Non-compliant [consent management platform] implementations undermine the reputation of the [Transparency and Consent Framework] and expose participating organizations to serious legal risks.”
Still, IAB Europe’s own suggested approach for user interfaces for tracking notice and choice are not as strict as what some privacy advocates and regulators might prefer. While the trade group’s design guidance suggests that people should be able to click an “accept all” button in the initial notice shown, it recommends that companies need only present options to reject tracking on a subsequent page denoted by a button labeled vaguely, “manage settings.”
Privacy watchdogs have argued many common approaches are not good enough. “Clicking through cookie consent buttons is not meaningful consent,” said Jennifer King, privacy and data policy fellow at the Stanford Institute for Human-Centered Artificial Intelligence. For instance, she argued during an April workshop held by the Federal Trade Commission to address opaque user design tactics, that when an “accept” button is highlighted in advance, “you can argue that’s a dark pattern.” The FTC is the data protection authority representing the U.S. in the G7.
Stacey Gray, senior counsel at the Future of Privacy Forum, agreed that consent notice banners and pop-ups have “clearly been inadequate as a single solution for consumer privacy.” She added, “Cookie walls, notice fatigue, deceptive banner design (“dark patterns”), and the practical inability of expecting users to make informed choices, are all real problems that deserve better legal approaches.”
King said, “I would suggest we need to think at a higher level about the decisions we could make that have a more systemic effect on how our data is collected and used, instead of thousands of micro transactions that grind away at our patience.”
Dentsu’s new Web3 readiness tool shines light on the tech’s potential to complement AI
Dentsu's Innovation Initiative is launching a web3 readiness index next month — at a time when the industry is obsessed with AI. Could the two technologies actually make a good pair?
Digiday+ Research deep dive: Publishers large and small put their resources into first-party data
Eighty-two percent of publishers overall say they're already using first-party data to prepare for the end of the third-party cookie, and nearly half are requiring users to register and integrating first-party data segments into DSPs – indicating that first-party data is the clear path forward for publishers heading into the post-cookie world.
Media Briefing: Why publishers hope chatbots will be the latest retention tool
Publishers hope the chatbots they are developing will be the latest retention tool to keep readers onsite and to get them to consume more content.
SponsoredHow enterprise-grade CDPs are enhancing data processes and improving customer experiences
Produced in partnership with Marketecture The following article highlights an interview between Martin Kihn, Salesforce’s senior vice president of Marketing Cloud, and Ari Paparo, founder and CEO of Marketecture Media. Register to watch more of the discussion and learn how brands are making the most of enterprise-grade CDP technologies. As brands expand across channels and […]
How programmatic advertising will evolve this year on the heels of audio growth and privacy changes
Comscore’s programmatic division Proximic released a State of Programmatic study highlighting the growth of audio and podcasting, other digital advertising channels and challenges around third-party data.
Why podcasters are selling subscriptions through third-party vendors
Many podcasters are turning to third party platforms like Supporting Cast and Supercast to launch or grow their subscription businesses beyond Spotify or Apple.