WTF is authenticated consent?
Publishers have long been working on ways to understand more about their readers, changing them from anonymous traffic to identifiable, logged-in readers. For subscriptions publishers, this is old hat, but over the last few years, free-registration and logged-in strategies have become more prevalent across a wider mix of publishers.
Whether it’s to warm up a larger base of readers which a subscription publisher can in time encourage to become paying subscribers, an attempt to compete better with the masses of logged-in user data owned by Facebook and Google, or simply a matter of being able to offer individually-relevant messages, logged-in strategies have become the norm.
In publisher circles, this is often referred to as “authentication” strategies. A user has become identified and therefore authenticated once they have voluntarily supplied information about themselves to that publisher and accepted communications in return.
Now, in the wake of the arrival of the General Data Protection Regulation, and the pending California Consumer Privacy Act, media businesses are increasingly interested in how to attach user consent to these authenticated users. The result: authenticated consent is a term that has started to crop up more and will likely gain more steam in the future.
Here’s a primer.
What exactly is authenticated consent?
It is when a publisher uses tech to tie together the authenticated logged-in user data it already owns with that same user’s data privacy preferences. The more advanced publishers have begun to work on data-privacy preference centers via which users can upload what emails they’d like to receive or not, and whether they’re happy for certain ad tech partners the publisher works with to use their data for example. But in a lot of cases, the reader’s data privacy preferences will be stored by a publisher consent management platform after they have either accepted or declined to give consent for their data to be used via whatever message a publisher has chosen to go with. They then ensure the user credentials are applied across all the devices they use.
Why is it necessary?
A bunch of reasons. There are currently a lot of holes in consent strategies and messages. The way consent is stored is typically based on a combination of IP addresses and what is stored in a cookie. That means that for anyone traveling outside of Europe to another country won’t get the kind of consent message they should as a European citizen under GDPR law. The same goes if a European visits California once the CCPA is introduced next year. The consumer experience could get very messy. Then there is the fact that no one’s consent experience is the same across the multiple devices they use. “Authenticated consent allows you to have a very user-focused consent journey across devices [and across different territories] rather than being hit up with different consent messages,” said Brian Kane, COO of authenticated consent vendor Sourcepoint.
So this is a way to ensure a user’s consent is explicit and informed without any grey areas?
Yes. Currently, most sites running consumer consent requests are flying close to the sun when it comes to GDPR compliance. Some still use default opt-in for users, others don’t even include decline buttons yet, and there are still cookie walls floating about despite the Information Commissioner’s Office ruling them out. Other publishers overload users with information about what ad tech partners they use in their consent message, which means users are often clicking ‘agree’ just to skip through to the content, so their consent isn’t really informed. “Most brands picked the ‘ask for everything up-front’ approach,” said Darren Guarnaccia, chief product officer at privacy vendor Crownpeak. “They’ll ask for your firstborn and left kidney, just asking for too much right away. How do you have informed consent when asking for this dizzying array of things?”
Is this mainly beneficial for publishers and consumers?
Advertisers too. But in theory any player in the digital ad supply chain. Currently, consent signals are pretty binary. Demand-side platforms and agency media buyers bidding on digital ad inventory will see a signal that either shows if a consumer has said yes or no to consent. It doesn’t allow for grades of consent. For instance, if a consumer says yes to receiving weekly emails from a publisher but they may not want to be targeted with ads. Or vice versa. This is something vendors are currently trying to solve for. But also, any media agency would welcome knowing whether or not inventory they’re bidding on has been consented to by informed users who understand totally what they’re consenting to. It’s better for everyone in the long run if they’re to avoid being pulled up by regulators.
The most obvious will simply be how to scale it. But there is evidence to show that quality publishers can build large-scale registered users bases fairly fast. It’s not really feasible to gain authenticated consent without some kind of logged-in strategy.
How Yahoo is experimenting with platforms and partnerships to grow its audience
Yahoo wants to get fanatics for sports, finance and lifestyle all actively spending within its owned and operated portfolio of media brands.
In some California privacy cases, analytics trackers are in the crosshairs — and violators could be charged by the cookie
Letters companies have received from the state's attorney general ask them for details about cookie tracking for ads and analytics.
The Financial Times plans to open 2 more U.S. bureaus to target ‘global Americans’
The Financial Times, with investment from owner Nikkei, is opening new bureaus in the U.S. to cover American companies that are players on a global scale, for U.S. readers.
SponsoredHow the ad industry can use its borrowed time to future-proof first-party data solutions
Trent Lloyd, co-founder and head of brand solutions, Eyeota Google’s updated timeline for its Privacy Sandbox rollout, including its two-year delay of third-party cookie deprecation on Chrome, didn’t come as a surprise to many industry observers, given the limited utility of Google’s FLoC and the slow momentum of the Privacy Sandbox in the World Wide […]
Member ExclusiveDigiday Research: In the race to comply with digital privacy laws, few sites are making it easy for visitors to opt out of data collection
Just a tiny fraction of websites are giving visitors a choice in how the data collected on them is used.
Member ExclusiveMedia Buying Briefing: WTF are barter agencies?
Barter agencies have always operated on the fringes of the media agency scene. What's changed for them since the pandemic?