WTF is pubvendors.json?
Leave it to GDPR to bring about an unwieldy terms like pubsvendors.json.
Publishers and vendors in particular should get familiar with this file, created by the Interactive Advertising Bureau Europe and IAB Tech Lab as a way to give publishers more control over who can use their audience data — and for what purposes — whether the publisher has taken a legitimate-interest or a consent-based approach to GDPR compliance.
Here’s a primer:
So, WTF is pubvendors.json?
Essentially, it’s a supercharged whitelist. Publishers can embed the file in their domain, showing vendors they are willing to gain consent for, approved vendors on a legitimate-interest basis, and what purposes those vendors can use the audience data for. Vendors that are part of the IAB Transparency and Consent framework must then check the pubvendors.json file — like they would an ads.txt one — to see what they can do, and what the publisher GDPR policy is.
Why is it necessary?
Two of the most popular approaches among publishers toward GDPR compliance are legitimate interest — meaning they’ve determined they are legally justified in using audience data for certain purposes — and consent, where they have informed a user how they plan to use their data and collected permission to do so. Until now, the IAB Transparency and Consent framework, which is currently the only attempt at an industrywide GDPR standard, gave stricter boundaries for businesses working on a consent basis, than those that had adopted legitimate interest. Publishers have demanded that the framework provide them with more control over which vendors use their audience data, and how, regardless of whether they’ve taken a consent or legitimate-interest approach. Pubvendors.json is the IAB’s attempt to meet that need.
So this is different to a consent string?
Yes, darling. A consent string identifies the consent status of an ad tech vendor and is generated by a publisher’s consent management platform,which then passes the information to every other partner in the ad supply chain. It helps keep track of who has consent to serve personalized ads, and who doesn’t. But it’s only useful for publishers that have gone the consent route and have adopted a CMP, and not everyone has. It doesn’t work for those that have adopted legitimate interest. That’s where our friend pubvendors.json comes in.
So how does it work?
A publisher posts a pubvendor.json file that includes details on which basis a publisher wishes to work on: a legitimate interest basis or a consent basis. The file will also include a breakdown of which vendors the publisher is willing to gain permission from users for, and for what purposes, as well as those they’re willing to work with on a legitimate interest basis (if any). It will be mandatory for vendors that operate within the framework to refer to this — like added protection. If a vendor sees the publisher will only work with them on a consent basis, via their Pubvendors.json file, then they must refer to the consent-string information before sending personalized ads to that publisher’s users. Think of it like a bar posting a “no shirt, no shoes, no service” sign.
So it’s beneficial for publishers?
In theory, yes. The first version of the IAB GDPR framework was initially criticized by publishers for being biased toward vendors. The framework has had subsequent face lifts to address publisher concerns around the lack of granular control on how vendors used their audience data for ad targeting. Consent strings were added to help every business in the supply chain stay on the same page about which publisher users can and can’t be sent personalized ads. Pubvendors.json has been developed to give publishers the same level of granular control over how their audience data is being used in their digital ad supply chains, if they have taken a more light-touch legitimate-interest route. It creates more accountability for all vendors that work with that publisher.
Do publishers have to use it?
No. It’s currently being debated whether it should be mandatory or optional for publishers to adopt it, according to Matthias Matthieson, director, privacy and public policy at IAB Europe. The reasoning is that if they don’t adopt it, it’s hard to ensure vendors enforce it. So the current conversation is whether there should be default rules if a publisher chooses not to implement it — for vendors to stick to. “It’s been created to make legitimate interest safer,” added Matthieson.
It’s just important to ensure all information is accurate in the file. Publishers will need to be across that, and it means having to know their digital ad supply chains inside out, in order to be able to give the kind of granular information needed about which vendors can do what.
‘The pressure cooker is primed to explode’: How instant messaging tools are contributing to burnout
Despite their many benefits, instant-messaging tools like Slack have contributed to burnout over the last year — leading some businesses to drop them entirely.
Member ExclusiveGaming Advertising Forum Recap: Rapidly growing sector’s massive platforms and user diversity underestimated
Digiday’s Gaming Advertising Forum invited industry insiders and thought leaders from brands, gaming platforms and ad tech companies to take the industry’s pulse.
Heated founder Emily Atkin shows what it takes to make the transition from staff writer to Substacker
Substack is now a full-time job for Emily Atkin and her subscriber base has grown large enough for her to hire her first employee.
SponsoredWhat sustainable app monetization looks like in 2021
Apple’s iOS 14 changes are driving significant shifts in the app ecosystem. For gaming businesses, these new changes will make it challenging to show targeted ads. That said, the mobile game economy continues to boom, and analysts predict long-term growth; global in-app ad revenue in 2021 will rise by 6.2% for non-gaming apps, and 19.1% […]
‘As good a chance as anybody’: Verizon Media looks to build on its DSP hot streak
Verizon is hoping a spree of publisher and agency partnerships will help solidify its role as the top DSP that isn't owned by Google, Amazon or The Trade Desk.
TikTok-native publishers look to expand business on other platforms after building audiences
Media brands launching exclusively on TikTok have amassed large, Gen Z audiences. The next step is expanding to other platforms to build their businesses.