Anyone who has their nose to the data-privacy law grindstone — and who doesn’t, really? — get ready to hear a new term bandied about: consent string. What is it, and why is it necessary? Here’s an explainer:
WTF is a consent string?
A consent string, also referred to as a “daisybit,” is a series of numbers added to an ad bid request, which identifies the consent status of an ad tech vendor. That means whether or not they have a user’s consent to use their data in order to serve them personalized advertising — a stipulation now needed under the General Data Protection Regulation. The Interactive Advertising Bureau Europe has assigned a consent string to every vendor that has signed up to its global vendor list, which any vendor needs to do if it wants to be part of the IAB Transparency and Consent framework. Google also has its own consent string version for companies that use its Funding Choices consent management platform.
Why is it necessary?
Given there are thousands of different vendors that operate in the digital ad ecosystem, keeping track of who has consent to serve personalized ads and who doesn’t, is crucial for all companies to be able to avoid falling foul of GDPR and risk a hefty fine. A consent string is a bit like a map that you can use to figure out how to ensure your ad buying is compliant and that everyone in the digital ad chain is on the same page about what data can be used and what can’t.
What sort of data is stored in a consent string?
Information such as who the vendor is, whether they have user consent or not to use the data to send personalized ads, and for what purposes that data can be used. The Interactive Advertising Bureau Europe has assigned IDs to data purposes also.
What does a consent string look like?
The information in a string is compressed into a binary value before it is passed through the online ad ecosystem. IAB Europe’s consent string is a series of ones and zeros, also referred to as “bits.”
How do they work?
IAB Europe hosts a global vendor list under its Transparency and Consent Framework, and has assigned IDs to all participating vendors. Those IDs are dropped into the consent string so the IAB (and any other company in a digital ad supply chain) can identify each vendor by their ID, and what consent they have, or don’t have — as well as which purposes the data can be used for. The positions of the numbers in the string identify which vendors have consent and which don’t — all vital information to inform digital ad buying. If the bit is set to “1” that signals consent, if the bit is set to “0” that signals no consent. The consent string starts at the publisher CMP, before progressing through each vendor in the ad chain until it reaches the DSP.
Does the consent string account for legitimate interest?
No. It only reflects user choices. Legitimate interest would require a different kind of signal, according to Matthias Matthiesen, director, privacy and public policy at IAB Europe. In future, the IAB Europe Transparency and consent framework will allow publishers to signal whether or not they have provided transparency to users about legitimate interest. “That means there will be a signal about publisher behavior and choices, separate from user choices,” he added.
Sounds straight forward. Any drawbacks?
Currently it is technically possible to tamper with the string, and adjust it to, for example, alter a “no consent”, to a “yes consent” signal. It’s unlikely any company would do so given the risk, but the next iteration of the Open Real-time-bidding framework will incorporate “digital signing” which would make tampering impossible, according to experts.
-
HBO Max, Degree and Verizon are among the 2021 Digiday Awards finalists
New audiences, inclusivity and reemergence from quarantine became the backbeat of this year’s Digiday Awards shortlist. Take a look at the finalists.
-
Member ExclusiveDigiday+ Research: Publishers need to diversify their affiliate commerce businesses
Among publishers with affiliate commerce businesses, close to a third of them are skipping one of the most common paths to monetization.
-
Publishers are seeing increases in advertiser requests around climate and sustainability coverage
BBC, Bloomberg, Financial Times, Group Nine Media and The Economist are seeing more interest from advertisers around climate and sustainability content.
-
SponsoredHow cloud technologies are helping media companies unlock the value of data collaboration
Bill Stratton, global head of media, entertainment and advertising vertical, Snowflake Many of today’s media businesses and advertisers are redefining their business models in response to shifts in consumer behavior and the availability of new technologies. For instance, over the past few years, content creators such as Disney, NBCUniversal and HBO have begun selling their […]
-
Member ExclusiveDigiday Guide: How publishers and marketers can use the blockchain in their businesses
You may have heard the term "crypto" or "blockchain" come up during a recent business meeting and felt like a fish out of water. This guide will help both media execs and marketers prep for the expected blockchain revolution.
-
Member ExclusiveMedia Buying Briefing: DE&I measurement ‘is a bullshit fix,’ and other takeaways from Digiday’s Media Buying Summit
Feedback from those who do the hard work at media agencies revealed a lot of issues boiling under the surface of their day-to-day jobs, from DE&I shortfalls to massive confusion in the CTV space.
