WTF is pubvendors.json?
Leave it to GDPR to bring about an unwieldy terms like pubsvendors.json.
Publishers and vendors in particular should get familiar with this file, created by the Interactive Advertising Bureau Europe and IAB Tech Lab as a way to give publishers more control over who can use their audience data — and for what purposes — whether the publisher has taken a legitimate-interest or a consent-based approach to GDPR compliance.
Here’s a primer:
So, WTF is pubvendors.json?
Essentially, it’s a supercharged whitelist. Publishers can embed the file in their domain, showing vendors they are willing to gain consent for, approved vendors on a legitimate-interest basis, and what purposes those vendors can use the audience data for. Vendors that are part of the IAB Transparency and Consent framework must then check the pubvendors.json file — like they would an ads.txt one — to see what they can do, and what the publisher GDPR policy is.
Why is it necessary?
Two of the most popular approaches among publishers toward GDPR compliance are legitimate interest — meaning they’ve determined they are legally justified in using audience data for certain purposes — and consent, where they have informed a user how they plan to use their data and collected permission to do so. Until now, the IAB Transparency and Consent framework, which is currently the only attempt at an industrywide GDPR standard, gave stricter boundaries for businesses working on a consent basis, than those that had adopted legitimate interest. Publishers have demanded that the framework provide them with more control over which vendors use their audience data, and how, regardless of whether they’ve taken a consent or legitimate-interest approach. Pubvendors.json is the IAB’s attempt to meet that need.
So this is different to a consent string?
Yes, darling. A consent string identifies the consent status of an ad tech vendor and is generated by a publisher’s consent management platform,which then passes the information to every other partner in the ad supply chain. It helps keep track of who has consent to serve personalized ads, and who doesn’t. But it’s only useful for publishers that have gone the consent route and have adopted a CMP, and not everyone has. It doesn’t work for those that have adopted legitimate interest. That’s where our friend pubvendors.json comes in.
So how does it work?
A publisher posts a pubvendor.json file that includes details on which basis a publisher wishes to work on: a legitimate interest basis or a consent basis. The file will also include a breakdown of which vendors the publisher is willing to gain permission from users for, and for what purposes, as well as those they’re willing to work with on a legitimate interest basis (if any). It will be mandatory for vendors that operate within the framework to refer to this — like added protection. If a vendor sees the publisher will only work with them on a consent basis, via their Pubvendors.json file, then they must refer to the consent-string information before sending personalized ads to that publisher’s users. Think of it like a bar posting a “no shirt, no shoes, no service” sign.
So it’s beneficial for publishers?
In theory, yes. The first version of the IAB GDPR framework was initially criticized by publishers for being biased toward vendors. The framework has had subsequent face lifts to address publisher concerns around the lack of granular control on how vendors used their audience data for ad targeting. Consent strings were added to help every business in the supply chain stay on the same page about which publisher users can and can’t be sent personalized ads. Pubvendors.json has been developed to give publishers the same level of granular control over how their audience data is being used in their digital ad supply chains, if they have taken a more light-touch legitimate-interest route. It creates more accountability for all vendors that work with that publisher.
Do publishers have to use it?
No. It’s currently being debated whether it should be mandatory or optional for publishers to adopt it, according to Matthias Matthieson, director, privacy and public policy at IAB Europe. The reasoning is that if they don’t adopt it, it’s hard to ensure vendors enforce it. So the current conversation is whether there should be default rules if a publisher chooses not to implement it — for vendors to stick to. “It’s been created to make legitimate interest safer,” added Matthieson.
It’s just important to ensure all information is accurate in the file. Publishers will need to be across that, and it means having to know their digital ad supply chains inside out, in order to be able to give the kind of granular information needed about which vendors can do what.
‘It’s an undervalued growth channel’: Publishers, eager for subs, increasingly see high value in newsletter referral programs
Referral programs are a more deliberate and proactive method for getting existing subscribers to recommend a newsletter.
‘You need to fix the entire line’: Publishers’ sales and revenue teams struggle with entrenched diversity problem
Media organizations have been trying to confront the lack of diversity in their newsrooms. But they face an even bigger problem on the sales and revenue side.
Advertisers were cutting their Facebook ad spending well before the boycott began
Eleven of the 20 largest Facebook advertisers to boycott have been reducing the amount they spend on the platform over the last two years.
SponsoredWhy data clean rooms are a start, but not enough
Clean rooms are intended to be a “safe space” for brands to collaborate with walled gardens, but the greater opportunity for all brands is bringing together all of their data to create a single source of truth that they own and can continually enrich.
Member ExclusiveFacebook in the age of revolt
Facebook's stalemate with advertisers is likely to stretch on as both sides dig in.
TikTok’s self-service platform launch is perfectly timed to kick Facebook while it’s down
'I can’t emphasize how aggressively [TikTok] is trying to take share at the moment,' said one agency exec.