Leave it to GDPR to bring about an unwieldy terms like pubsvendors.json.
Publishers and vendors in particular should get familiar with this file, created by the Interactive Advertising Bureau Europe and IAB Tech Lab as a way to give publishers more control over who can use their audience data — and for what purposes — whether the publisher has taken a legitimate-interest or a consent-based approach to GDPR compliance.
Here’s a primer:
So, WTF is pubvendors.json?
Essentially, it’s a supercharged whitelist. Publishers can embed the file in their domain, showing vendors they are willing to gain consent for, approved vendors on a legitimate-interest basis, and what purposes those vendors can use the audience data for. Vendors that are part of the IAB Transparency and Consent framework must then check the pubvendors.json file — like they would an ads.txt one — to see what they can do, and what the publisher GDPR policy is.
Why is it necessary?
Two of the most popular approaches among publishers toward GDPR compliance are legitimate interest — meaning they’ve determined they are legally justified in using audience data for certain purposes — and consent, where they have informed a user how they plan to use their data and collected permission to do so. Until now, the IAB Transparency and Consent framework, which is currently the only attempt at an industrywide GDPR standard, gave stricter boundaries for businesses working on a consent basis, than those that had adopted legitimate interest. Publishers have demanded that the framework provide them with more control over which vendors use their audience data, and how, regardless of whether they’ve taken a consent or legitimate-interest approach. Pubvendors.json is the IAB’s attempt to meet that need.
So this is different to a consent string?
Yes, darling. A consent string identifies the consent status of an ad tech vendor and is generated by a publisher’s consent management platform,which then passes the information to every other partner in the ad supply chain. It helps keep track of who has consent to serve personalized ads, and who doesn’t. But it’s only useful for publishers that have gone the consent route and have adopted a CMP, and not everyone has. It doesn’t work for those that have adopted legitimate interest. That’s where our friend pubvendors.json comes in.
So how does it work?
A publisher posts a pubvendor.json file that includes details on which basis a publisher wishes to work on: a legitimate interest basis or a consent basis. The file will also include a breakdown of which vendors the publisher is willing to gain permission from users for, and for what purposes, as well as those they’re willing to work with on a legitimate interest basis (if any). It will be mandatory for vendors that operate within the framework to refer to this — like added protection. If a vendor sees the publisher will only work with them on a consent basis, via their Pubvendors.json file, then they must refer to the consent-string information before sending personalized ads to that publisher’s users. Think of it like a bar posting a “no shirt, no shoes, no service” sign.
So it’s beneficial for publishers?
In theory, yes. The first version of the IAB GDPR framework was initially criticized by publishers for being biased toward vendors. The framework has had subsequent face lifts to address publisher concerns around the lack of granular control on how vendors used their audience data for ad targeting. Consent strings were added to help every business in the supply chain stay on the same page about which publisher users can and can’t be sent personalized ads. Pubvendors.json has been developed to give publishers the same level of granular control over how their audience data is being used in their digital ad supply chains, if they have taken a more light-touch legitimate-interest route. It creates more accountability for all vendors that work with that publisher.
Do publishers have to use it?
No. It’s currently being debated whether it should be mandatory or optional for publishers to adopt it, according to Matthias Matthieson, director, privacy and public policy at IAB Europe. The reasoning is that if they don’t adopt it, it’s hard to ensure vendors enforce it. So the current conversation is whether there should be default rules if a publisher chooses not to implement it — for vendors to stick to. “It’s been created to make legitimate interest safer,” added Matthieson.
It’s just important to ensure all information is accurate in the file. Publishers will need to be across that, and it means having to know their digital ad supply chains inside out, in order to be able to give the kind of granular information needed about which vendors can do what.
Member ExclusiveMedia Buying Briefing: What a tour through Dentsu and Microsoft’s metaverse campus says about the future of digital marketing
Digiday gets a guided tour through Dentsu and Microsoft's metaverse campus, where clients can test out retail concepts or build showrooms in the virtual world.
The Washington Post invests in climate coverage as its team expands to over 30 journalists
The Post's climate team continues to expand as the publisher makes big bets on the beat drawing younger audiences.
‘Halloween is when Christmas ends’: A look at publishers’ pre-Black Friday commerce content playbooks
Publishers' Black Friday coverage plans are starting earlier and earlier but commerce teams are evolving to meet the demand.
SponsoredWhy cookie deprecation is deflating performance and inflating costs for advertisers
With the full deprecation of third-party cookies on the horizon, advertisers and publishers are navigating a challenging and quickly evolving landscape. The sunset of the third-party cookie continues as usage and lifetimes fall. Their deprecation is preventing brands from effectively measuring the effectiveness of media campaigns in real-time at highly granular levels. As the industry […]
How social media managers are coping with the Twitter debacle
Twitter – once a stable and trusty workhorse for social media strategists – now resembles the most wildly unpredictable social platform in the marketing arsenal.
‘A big reset in 2023’: After Big Tech’s mass layoffs, job candidates face intense competition
Recruiters report that 'we've never seen a market quite like this' as tens of thousands of employees flood the market.