Publisher CMPs and Consumer Privacy

By Antonio Minuta

Concern over consumer privacy has continued to be a sensitive subject, as consumers have demanded more control and choice over how personal data is collected and transacted which has led to new governmental regulations being enacted. Back in 2018 the European Union GDPR (General Data Protection Regulation) was launched with the focus and purpose to provide a high level of data protection for Internet users while enabling digital advertising to continue playing its important role in the Internet ecosystem. Here in the United States the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, and is the most comprehensive law on consumer privacy regulations to date in the U.S.

The IAB (Interactive Advertising Bureau) which is an organization responsible for creating and governing advertising industry standards proposed its own solution to help support the continuous roll out of GDPR, and last year on August 15th 2020 the 2nd evolution of the IAB’s Transparency and Consent Framework (TCF 2.0) was launched. TCF v2.0 continues to support the overall drive of the TCF to increase consumer transparency and choice, management by digital properties of consent and compliance, and industry collaboration that centers on standardization. The TCF’s simple objective is to help all parties in the digital advertising chain ensure that they comply with the EU’s GDPR and ePrivacy Directive when processing personal data or accessing and/or storing information on a user’s device, such as cookies, advertising identifiers, device identifiers and other tracking technologies.

Publishers employing TCF v2.0 gain greater control and flexibility with respect to how they integrate and collaborate with their technology partners. New publisher functionality allows them to restrict the purposes for which personal data is processed by vendors on a publisher’s website on a per-vendor basis. Perhaps one of the biggest developments with TCF 2.0 is the participation of Google who committed to the new framework.

So what exactly is a CMP and how does it help publishers

A consent management platform (CMP) is a tool that enables a website or app to be compliant depending on the regulating body whether it is CCPA or GDPR. It does this by prompting users for consent, collecting and managing that information, and passing the data to downstream ad partners. The CMP can read and update the legal basis of a company that participates in the delivery of digital advertising (commonly referred to as a vendor) within a publisher’s website, app, or other digital content. Vendors declare their legal basis and purpose for accessing a user’s device or browser, or processing their personal data in the Global Vendor List (GVL).

The CMP specifically performs the following:

·   Provides users with transparency into the vendors that a publisher works with;

·   Provides transparency into the purposes and legal basis that a vendor wishes to leverage – the names and descriptions of purposes and features can be found here 

·   Store a user’s consent signals, for example a third-party cookie, in the user’s browser and makes consent information available to vendors in the TCF v2.0 TC String;

·   Ensures that consent for a purpose applies only to the vendors that have declared, via the GVL, that they use data for that purpose;

All CMPs who register with the TCF are required to take and pass the Validator test before they can be issued with a CMP ID that allows them to set a TCF v2.0 TC String. The Validator has been published to the Chrome Web Store in private mode and is only available to CMPs who register with the TCF, or publishers running an IAB TCF registered CMP.

Ultimately it is the responsibility of the publisher to read and follow CCPA or GDPR Policy and ensure that there is a consistent presentation of the purpose and legal basis for which the vendors they work with process personal data based on a user’s visit to the publisher website or app.

Leave a Reply