Following recent changes announced by Google for its Chrome browser, users will be prompted to exercise more control over third-party cookies. And while it is plain to see that Google and regulators wish to avoid a repeat of the App Tracking Transparency (ATT) debacle, the mere possibility of comparison warrants serious investigation into alternatives, of which Privacy Sandbox appears heir apparent.

Years of development and negotiations, its most recent pivot, and newly announced features demonstrate Google’s dedication to finding a balance that satisfies its obligations to the Competition and Markets Authority (CMA) and the concerns of the Information Commissioner’s Office (ICO). When it does, addressability through cookies will decline rapidly and brands dependent on them will be impacted absent adaptation.

Powering this colossal and oft-delayed shift is an irrefutable truth: online privacy has become a core concern for lawmakers and their constituents in Europe and worldwide.

The Legal Push Behind Corporate Change

Privacy is no longer a niche concern; it is becoming a fundamental expectation of regulators and consumers, especially in the States where legal reforms are gaining momentum. Comprehensive privacy laws are taking effect in nearly twenty states, with California leading the way through the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA).

The rapid pace of legislative change is striking — more than half of new privacy laws were introduced in 2023-24 alone. While the House failed to pass the American Privacy Rights Act (APRA) out of committee, the bill came far closer to a floor vote than most anticipated. Congress appears poised to pass children and teen-focused privacy bills before the end of session.

This shift is more than just a legal headache for companies; it reshapes how businesses interact with consumers. Brands should rethink their data collection and data use strategies, due to the requirement to respect types of opt-out signals mandated by laws in California, Colorado, and Texas, as well as increased obligations to consent for certain data types, and internal data mapping requirements.

U.S. state laws, while different in structure from the General Data Protection Regulation (GDPR), share common enforcement elements that compel companies to change their data practices, and penalties for non-compliance are steep The message is clear: compliance isn’t just about avoiding penalties—financial and reputational—it’s about staying ahead of a wave of risk that is only gathering strength.

What the U.S. Can Prepare For

Looking to Europe provides a roadmap for how privacy laws can amplify consumer expectations. The GDPR, now six years into enforcement, has dramatically altered the landscape for advertisers and consumers alike. With more than  2,000 fines issued by March 2024 and penalties nearing €4.5 billion, companies have had to adjust their strategies to comply with stricter privacy regulations.

Even though privacy was already a top concern for consumers in Europe, legally required changes by companies there led to increased awareness of users’ privacy rights and more frequent exercise of those rights

In the U.S., this process is beginning to unfold. While data protection concerns have historically focused on government surveillance, the growing wave of state privacy laws and increasing public scrutiny of private data usage — especially after Cambridge Analytica — are starting to mirror the European experience. However, the signs of fatigue in Europe due to the constant consent requests have led regulators to express a desire for reform. If it happens, the process will likely be slow, but we may hope to see similar changes in U.S. legislation sooner rather than later.

The Path to Consumer Trust

The importance of comparing the EU and U.S. approaches to privacy lies in user behavior. As brands prepare to comply with evolving privacy laws, consumers are becoming increasingly informed about data practices, leading to heightened expectations around transparency and choice. However, there is a critical need to find the right balance between customer expectations regarding data privacy and their desire for relevant, personalized experiences.

A recent survey revealed that 86% of Americans are concerned about their online privacy, a number likely to rise as privacy laws gain ubiquity. Just as the GDPR heightened awareness among Europeans, U.S. consumers will reasonably demand more control over their data. This shift will inevitably result in more users opting out of third-party cookies, requesting their data deletion, and exercising their rights to the data companies hold about them — whether manually, through changes implemented by platforms, or via authorized agents.

Navigating the Road Ahead

It’s essential for brands to recognize that user behavior will evolve alongside legal obligations. Companies that fail to adapt their strategies now risk losing trust and relevance in the eyes of consumers.

The shift towards cookieless technologies is not merely a legal necessity but also a crucial response to meet evolving consumer demands and offset increased risk and overhead associated with new obligations.

First-party data and strong consumer relationships have never been more critical. Diversifying vendors for each critical function will ensure continuity and create a competitive advantage amidst these changes. Additionally, assessing whether partners are equipped to help navigate this new landscape is vital.

Laws are driving changes in both corporate behavior and consumer expectations, forcing companies to adapt. Eventually, the switch for third-party cookies will be flipped to “off.” The time to prepare is now.

The post Beyond Compliance: Adapting to Privacy-Centric Platforms and Consumer Expectations appeared first on AdMonsters.

In the past, ethnicity was simply another audience segment you could pull off the shelf, ready for your campaign. If you wanted to target African Americans, Hispanics, or any other ethnic group, the data was there, and available to use. Fast forward to today, and the landscape has changed dramatically. Ethnicity, alongside many other categories, has been reclassified as Sensitive Personal Information (SPI). What does this mean for marketers? A lot. And if you’re not paying attention, it could be catastrophic for your campaigns and your brand.

The Shift from Assumed to Explicit Consent

The days of assumed opt-ins — think cookie banners — are over. Today’s privacy landscape increasingly demands explicit opt-in. The difference is significant, yet many players in the agency world and data market still fail to understand this distinction. If you’re using SPI data, you need explicit user consent, period. This isn’t just about collecting consent; you must also ensure the user can opt-out.

Furthermore, data consent must be used in the context in which it was collected. You can’t collect explicit consent in one place and then sell or trade that data for use elsewhere. Yet, this is the problem many platforms face today. Why? Because they lack direct interaction with consumers.

The Problem with ‘Headless’ Platforms

Headless platforms are like data warehouses — they store information but lack a consumer-facing interface to collect or manage consent. Over the last two decades, data management platforms (DMPs), supply-side platforms (SSPs), demand-side platforms (DSPs), and similar services have played pivotal roles in media and advertising. However, these platforms often operate without direct consumer interaction, meaning they can’t collect opt-ins or manage opt-outs. By definition, SPI data should not be processed by these platforms — yet no one seems to be addressing this issue.

Some platforms have started removing these categories altogether in an attempt to self-regulate. However, this approach is inconsistent and insufficient. It also leaves a gaping hole in the market for the Fortune 500 companies that rely on this data to market efficiently.

A Market at Odds

Consider this: over 40% of the U.S. population identifies as part of a minority group. Yet the very data needed to market to these groups is rapidly becoming unavailable or unreliable. The conundrum? There’s never been a greater appetite to market to different ethnicities, but the tools to do so have never been weaker.

Bad actors are partly to blame. Predatory marketing practices, such as targeting low-income multicultural groups with unfair lending products, violated the Fair Lending Act. This is why categories like household income and ethnicity are no longer available on platforms like Meta.

What Can Marketers Do?

1. Stay on Top of Privacy Policies: With privacy regulations in constant flux, it can be overwhelming. My advice? Focus on following the opt-in. Wherever new requirements for explicit opt-ins emerge, you can be sure that marketing to those groups without this consent will expose you to liability.
2. Choose Partners with a ‘Head’: A key way to ensure compliance is by selecting data partners with a user interface. If a platform has no direct relationship with the consumer, it can’t collect or manage explicit consent. No head, no consent—simple as that. Don’t be fooled by the “privacy-first” jargon that’s become all too common in marketing.
3. DE&I Is Not an Exemption from Compliance: Many brands are pushing their DE&I initiatives by directing ad spend to minority-owned organizations, which is commendable. However, if those same brands aren’t checking whether the data used in those campaigns is opt-in compliant, they’re inadvertently fast-tracking their liability. A DE&I SSP should be able to manage both opt-in and opt-out consent to protect the brand.
4. Treat SPI Like Health Data: Sensitive Personal Information is much like healthcare data. Most of us understand that when marketing in the healthcare space, compliance with HIPAA is mandatory. The same principle should apply to SPI. Treating SPI data with the same level of care ensures that your marketing strategies meet the explicit consent requirements.

Exclusion Isn’t a Strategy

Too often, I’ve had conversations with brands and agencies that end with them saying, “We’re excluding this (SPI) category for now.” This approach is not a long-term solution. Exclusion is a cop-out, and more importantly, it’s intellectually bankrupt. Ignoring multicultural audiences due to data compliance challenges is not a strategy — it’s a missed opportunity. Any self-respecting brand that thinks excluding 40% of their audience is a good idea should ask themselves: what’s the alternative? A campaign so vanilla it appeals to no one? Brands should demand more from their agencies and teams if this is their approach.

Since early 2023, over 17 states have enacted privacy laws that address consumer inclusion around ethnicity, religion, sexuality, and union membership. This trend is not reversing. It’s vital for brands and agencies to overcome inertia and adopt new strategies and tactics. Progressive brands must take the lead, holding their agencies and partners accountable. There is enormous opportunity here for those willing to lead from the front.

The post Navigating the New Rules of Marketing to Multicultural Audiences appeared first on AdMonsters.

Let’s be honest; does anyone read the terms and conditions when they sign up for an app or streaming service? 

On June 15, Black Mirror dropped the episodes to its highly anticipated sixth season, and the first episode, “Joan is Awful,” raised paranoia around what streaming services ask for in their Terms of Service (ToS). 

[Spoiler alert] 

When the episode starts, Joan makes a series of morally questionable decisions, including firing a work friend and meeting up with an ex-boyfriend behind her fiance’s back. After she comes home from work, Joan and her fiance Crish search the fictional streaming service “Streamberry” for a show to watch when they come across Joan is Awful. Joan watches in horror as the events of her day play out on the TV show, which subsequently causes her life to fall into complete chaos — her fiance leaves her, viewers villainize her on social media, and her company fires her.  

After consulting a lawyer, Joan learns that Streamberry has rights to her private information and life events to create content for the show since she signed them over in the Terms and Conditions. 

The ad tech community is well-versed in discussions surrounding privacy ethics, consumer protection, and consumer targeting. Still, this episode caused quite a debate about how platforms collect consumer data. No one will wake up tomorrow with a Netflix series about their life, but what are the real-world implications of this episode? 

@realfandcmfigures always read the terms & conditions #blackmirror #joanisawful #fyp ♬ original sound – Fandcmfigures

The Privacy Reckoning and Consumer Choice

Consumer choice is one of the most critical aspects of privacy ethics. Generally, a privacy policy gives consumers “notice about how their personal information will be collected, used, and shared and then informs the consumer what “choices” they have.” Platforms then ask consumers to agree to the policies to use the service. 

However, the structure is flawed because the notice of choice fails to protect the audience’s privacy. It puts the burden of privacy on the consumer, who is most likely unaware of how these systems and standards work. How is their choice when they don’t have all the facts? 

In the episode, the CEO of Streamberry took advantage of this notion to use their subscriber’s information for content. When Joan signed up for Streamberry, I’m sure she would have thought twice about agreeing to the ToS if she knew the platform would use her personal life for content without proper consent. 

Further in the episode, Streamberry’s CEO explains to a journalist that they decided to create shows centered around their audience to create more content tailored toward them. Joan’s show was only the start. She revealed that they tested out shows for each of their subscribers which meant every consumer’s data was up for grabs.  

Publishers and advertisers have broken consumer trust for years, and the only way to rebuild that trust is to put the consumer’s needs first. It’s about walking the fine line between making content relevant and being transparent with your audience to respect privacy ethics. 

“Privacy consent is at the core of a publisher’s relationship with their visitors,” said Dan Rua, CEO, Admiral. “The strongest relationships are built on mutual trust. As such, privacy consent shouldn’t be a silo run by lawyers, separate from thinking about engagement across the full visitor relationship journey.”

Tailoring Content For the Consumer

In the ad tech industry, ad ops professionals use all types of consumer targeting practices with one goal: getting the correct content to the right consumer. The goal was always to give consumers a great user experience, but over the years, regulators criticized publishers and advertisers for some of their targeting practices. 

For instance, the third-party cookie — on its way out entirely in 2024 — was criticized for collecting and utilizing consumer data without transparency and choice. Before the cookie pop-up notification became standard practice, websites used cookies to collect and share consumer information without their knowledge. Although even after they knew what cookies did, many were unaware of how platforms shared their data. 

Web browsers like Firefox and Safari have stopped using cookies, but Google is still working to weed them out. They are currently testing the privacy sandbox, which aims to undo years of persistent cookie tracking of users on their journeys across the web and mobile.

The ad tech community is working towards reconciling their past mistakes with privacy ethics. Regulators and government officials created laws such as the GDPR and state-level laws such as California’s CCPA to combat some of these exploitative practices. Apple also made privacy measures within its framework to help set standards for transparency and consent — Hide My Email and Apple ATT. 

These laws are coming full circle as brands face a rising number of lawsuits and fines if they don’t comply with the updated privacy regulations. This past week the French Data Protection Authority (CNIL) fined Criteo €40M ($44 Million) for breaching the GDPR’s laws. While Criteo asserted that their breach of privacy was not deliberate, the regulation pushed them to improve their data collection practices. 

“Shifting our mindset from notice and choice will not be easy and will require agreement in an ecosystem of competing interests,” wrote Jessica B. Lee, Partner, Co-Chair, Privacy, Security & Data Innovations at Loeb & Loeb LLP. “However, in the long term, both consumers and businesses may benefit from this change.”

The post Black Mirror’s Joan is Awful: The Implications of Privacy Ethics, Consumer Choice and Tailoring Content appeared first on AdMonsters.

One of the biggest changes in this area is that first-party data is given freely by online users, often in exchange for some sort of direct user benefit like a better experience online. 

As advertisers and publishers ask more users for their information online, a crucial part of the exchange is trust; consumers want to know that the data they are offering will only be used in the way they have authorized.

During AdMonsters’ March 29 webinar, “Consent-Based Advertising: How You Can Automatically Build Audience Trust,” OneTrust’s Strategic Solutions Engineer, Arshdeep Sood, explained why trust is crucial to building a relationship with your audience, how to keep abreast of the changes in privacy regulations, and why first-party data is nothing to be concerned about. 

Trust in the Digital Age

As the digital world evolves, concerns surrounding privacy are oftentimes the most stressful. To go beyond third-party cookies and understand your audience so that you can provide the best value data output, it all boils down to trust. 

“The last decade was all about transformation,” says Sood. The fast-paced world of data has required innovation in ways that sometimes seemed impossible, with the aim of providing better customer experiences, improving efficiencies, creating sustainable practices, and of course, staying in business. 

Sood asks, “What are we doing to protect the data that we have access to? Are we ensuring equity and inclusivity and even diversity across our business practices? And are we truly creating a culture of high ethical standards across the board?” All of these questions are about creating trust. 

Customers have trust expectations for companies they spend money with. Sood notes Adobe reported in 2022 that 69 percent of consumers stated they would stop doing business with a company that uses their data without permission. 

Add to this rules and regulations that vary from state to state and it can be difficult to navigate the changing landscape while maintaining and building upon user trust. This requires a change in mindset, Sood explains. 

[To view the full webinar, watch the video above.]

Building Trust Does Matter 

Users who trust a company are more likely to allow their data to be used in innovative ways, pay a premium for that company’s products and services, and maintain purchasing loyalty over time. Since it impacts your bottom line, trust is something you need to maintain a competitive advantage. 

Apple is working on building this trust with its latest update to iOS, which notifies the user of apps on their phone that are collecting data and tracking the user. This “App Tracking Transparency” prompt prohibits apps access to this data without first notifying the user. 

Sood notes that for these apps, building trust with the user can look like getting consent and even possibly discussing the value exchange and why access to this data is important. Also, use your Apple Privacy Nutrition Labels wisely. Employees working in compliance should collaborate with team members across development and marketing and advertising to ensure that you have the right strategy in place, she says. 

Competitive Advantage: Keeping up with Privacy Regulations

“In the face of new regulations, agility is going to be your competitive advantage to build that trust with the customer,” notes Sood. Rather than responding to new privacy law changes at the moment, she advises what will set programs apart is their ability to anticipate requirements of upcoming legislation and avoid the pain of last-minute changes. 

It is expected that by the end of 2023, 75 percent of the world will be affected by one of the recent privacy regulations, and more privacy regulations are actively coming down the pipeline all over the United States. Sood recommends working toward a strategy to deal with these changes in regulations as soon as possible. 

She adds that the job should be a team effort. “The privacy team is responsible to help you build business continuity to really enable marketing to have a very compliant risk-mitigated experience, but at the same time marketing and data teams are responsible for the end user journey.”

Last, Sood explains that privacy risk is a brand risk. The penalty for not adhering to privacy standards will not only be monetary, it will also affect your brand’s reputation because anything that happens within your company to affect consumer rights will be publicly accessible. 

Just like in personal relationships, you need to be clear about how you are using a person’s data, and if the use changes, you are responsible for informing them. You want this relationship to last long term, so make your users feel valued and like they own the data, she advises. 

Some Acronyms You Need to Know

TCF & GDPR: When we think about this process, several acronyms come to mind, says Sood, one of which is TCF, Transparency and Consent Framework. A TCF banner is concerned with providing the right notification and collecting the right type of consent and an affirmative opt-in from users to align with GDPR (General Data Protection Regulation) requirements. However, these regulations are evolving and there is currently legislation surrounding these privacy measures and how they will ultimately be used. 

Sood explains it is crucial to keep abreast of these rulings to be prepared for any necessary changes that are on the horizon. OneTrust keeps a log of these changes to help its partners know of important updates. 

GPP & MSPA: Another big piece of the puzzle is the GPP, Global Privacy Platform. This aligns with the MSPA, which is the Multi-state Privacy Agreement across all the different states, Sood notes. To simplify all these varying rules and regulations, she says, “With the GPP, the idea is you can make sure that one singular signal directs a specific consent model and data point to the ad text providers downstream to ensure that you’re aligning with regulations and also [doing so] in the best possible fashion.”

The MSPA assumes a user is a resident of each state, which means it defaults to the highest possible national standard for privacy. 

What this all boils down to essentially is that from an advertiser’s perspective, it is imperative to look out for the GPP signals. Explains Sood, “You want to sign up for MSP and prepare yourselves to honor the signals, because you’re going to expect it coming downstream, and you will want to decode it and decide how you operate.” This is similar for publishers – these signals will ensure the regulations are being met, and pass along this information to vendor partners. 

“That’s why publishers, advertisers, and vendors, you really need to work in tandem to ensure that everybody’s listening to the same things, and CMP providers like OneTrust, we’re the ones who will be helping you generate that GPP and sending it downstream,” Sood shares. In fact, Sood says, the GPP platform is already in use, helping OneTrust’s customers.

Don’t Be Intimidated by First-Party Data

The future of data will phase out third-party cookies in favor of first-party data capture, meaning companies will need to build a first-party data capture focusing on consent. To do this effectively, Sood says companies need to evolve from a tick box compliance system into a powerful consent strategy that will transform the user’s experience holistically. 

Many consumers are looking for value in their online experience, meaning that rather than being something to worry about, the dissolution of third-party cookies should be seen as an opportunity to build a relationship with consumers. You will want to advertise to them, but also re-target and re-market to keep them coming back. 

“To do that you want to deliver timely offers, have customer service available to the user, if they bought your product and you want them as a returning user. You want to target new relevant content to the user and also provide any customer recommendations,” such as content that is on theme with what they previously bought, Sood says. 

Consent, says Sood, is here to help your marketing strategies. It’s a way to give users unique choices and the opportunity to tell you about what they want so you can make sure you are offering that to them. It allows you to truly personalize the user experience. 

When you give users content that is relevant to who they are, they are more likely to want to know more. You can build this into your interface, so they can offer this information to you directly. This information can be fed downstream, to relevant places like apps, data warehouses, and email marketing systems. 

“And this really circles everything together for us in this webinar today. We started out by discussing how technology, privacy, and consumers are dictating this change … It’s important for you to understand that until the user gives you consent, you will not be able to process the best possible dataset or build new datasets for yourself. And so, complying with these [regulations and] getting the right interfaces out there and leveraging that for users opt-in to activate your ecosystem and help you retarget is going to be instrumental,” Sood explains.

The post Webinar Replay: Consumer Consent & Trust Are Competitive Advantages appeared first on AdMonsters.

With mounting privacy regulations and Apple and Google making sweeping privacy-first ad tech updates, we have landed in the consent-based future. Consent is the currency that will lead publishers to once again build trusted relationships with their audiences to offer them personalized experiences, and at the same time increase the value of those audiences to advertisers. But it all comes down to crafting the right value exchange.

We spoke with Ashlea Cartee, Product Marketing Manager, OneTrust Platform about consent fatigue (yeah, it’s a real thing), the future of compliance frameworks, and whether zero-party data actually makes a difference in bringing advertisers and publishers closer to people.

Lynne d Johnson: I keep hearing publishers and consumers talk about consent fatigue. How is this going to impact user experience and ultimately publisher’s revenue?

Ashlea Cartee: User experience is key. It’s important to put the consumer at the center of how things are being built. It’s also been interesting to see publishers really embrace user experience as they roll out products. User experience is really a competitive advantage and business driver now.

Businesses are coming together to connect the right people to determine how we improve the consent experience overall. At the heart of this is identity. As a consumer, I show up on different devices with a mix of identifiers. Those identifiers are being reduced by the deprecation of third-party cookies throughout tracking, transparency, and also the removal of mobile identifiers. It might vary based on my privacy preferences or my relationship with the organization.

For instance, I might have my identity as a parent, as an individual, or as an employee of an organization. You can’t use technology to tie everything together based on Identifiers and make assumptions without the user’s consent. The creepiness factor comes in when you connect everything based on an assumption. There’s space for the conversation around consent fatigue, the importance of the user experience, and the recognition that you need to find a balance to prevent it from getting too creepy.

LdJ: What can pubs do to streamline the process? It feels like this is an evolution of the conversation around value exchange. What are your thoughts on that?

AC: The value exchange is the entry point. I always think about putting the consumer at the center of the experience. If you’re looking at a subscription model, you’re building that relationship because you want that subscription to continue. If you’re using an ad-supported model, there’s a spectrum of relationships with the consumer. They may have come from some search results or they may be launching into a Pubs app. That’s a much different experience in the sense that they’re anchoring to that pub already. They’re opening that app experience and might be expecting curated content recommendations that are built around that identity. The value exchange is important because it allows you to connect to the consumer in order to give them the right experience.

It introduces the concept of layered notices. It’s not a radical concept, but I think it’s important to focus on. Someone’s going to want to click through and get to the page. Someone else is going to want to read. Publishers should pay attention to the fact that they will get a varied audience. They’re going to be a mix of opinions on how they want their privacy to be honored. There is no one size fits all.

LdJ: There’s been a debate in the ad tech space about a new term zero data. Is zero PD really a thing? And if not, how should we be dealing with this whole one PD versus zero PD? And also how should publishing be leveraging one PD?

AC: When you’re looking at first-party data, you’re oftentimes looking to find alignment between the content you’re producing and the opportunities you’re making available to consumers. Things such as exclusive partnerships, insights or experiences that you wouldn’t otherwise be able to make available to a wide audience. If you can find a more targeted, specific audience where the value is there, those are doors worth opening and they’re going to continue to build that relationship. That’s the value of first-party data.

In terms of zero-party data, I think of it as really direct, very specific, and connecting at a different level. For example, consider a financial institution saying, Lynn, you bank with us. What are your short-and-long-term goals so that we can help you be successful? And let’s say hypothetically, your answer was, I need to buy a new home. I think of that as true zero-party data, very specific to where you are at this moment in your life. Specifically offering information that you thought about before you handed that over. It’s valuable information not just for the business, but also for you. It seems more specific about a moment in time.

It gets you closer to people’s actual needs and what they’re feeling. I don’t feel strongly about what we call it. Perhaps earned data is a new term we can coin which includes both zero- and first-party data. If we set our North Star at the user experiences we’re looking for, we come out with a win.

Register for our upcoming webinar with OneTrust about how consent-based advertising can help to build audience trust.  

The post Consent Is the New Currency: A Conversation with OneTrust’s Ashlea Cartee appeared first on AdMonsters.

That would be a big mistake. 

There’s actually no time like the present for all of the cookieless alternatives to start stepping up to the plate and showing what they’re really made of, and for pubs to get to testing right away. 

Single Sign-On solutions are one such open web tool that’s gaining massive ad tech support. But one of the major barriers to any of these solutions reaching scale is consumer consent fatigue. 

In that vein, Criteo, Prebid, and other industry leaders have set out to help solve this issue through Prebid’s Project Management Committee (PMC) which is responsible for establishing, prioritizing, and building industry roadmap items.

The goal of this PMC is to align with industry leaders and create an open-source and interoperable single sign-on (SSO) solution, helping to reduce the friction between consumers and publishers in the cookieless future, while supporting logged-in and logged out scenarios. 

We spoke with Jordan Cauley, Director of Product at Mediavine, who co-chairs the SSO PMC (alongside Criteo Chief Product Officer, Todd Parsons) within Prebid about opportunities for pubs over the next year and a half and why Prebid is central to the open web’s future.

Lynne d Johnson: Mediavine has O&O sites and also helps thousands of publishers successfully monetize their sites as well. What opportunities are you seeing for publishers over the next 18 months and what do you think some of their biggest challenges will be?

Jordan Cauley: The next 18 months are going to be crucial for publishers. First, the great news: Demand has rebounded from lows during the pandemic and programmatic ad prices are surpassing pre-pandemic comparisons.

Also on the opportunistic side, we’re seeing advertisers begin to trust video from the Open Exchange almost as much as they’ve historically trusted deal IDs. Outstream video is becoming as trusted as instream. Mediavine is continuing to prioritize innovation of video products, which is why we’ve built our own instream and outstream video players. The SSO committee is working to build an open solution that will enable buyers to have enough scale to purchase open video inventory and empower publishers to tap into that demand through a more direct and consolidated way.

The biggest challenges publishers can expect over the next 18 months are the same, in my opinion, as the whole advertising ecosystem: addressability, frequency capping, and attribution. With the deprecation of the third-party cookie, we must provide alternatives to help publishers and advertisers better understand and serve their audiences. Solutions like contextual and first-party data will be key to addressing audiences accurately.

LdJ: Speaking of identity, you co-chair the Single Sign-On PMC within Prebid where stakeholders from all across the advertising ecosystem are working to bring an open-source SSO technology to market. Can you share why you see Prebid.Org as a valuable community and why you wanted to invest in taking a leadership role?

JC: The ad tech ecosystem contains unique stakeholders and pressures, so it’s important that ad tech companies at every corner of the market work cohesively through the complexities that come with the territory. A group like Prebid has a low barrier to entry and allows for vital industry collaboration. 

My goal for joining the SSO committee was to share the knowledge gained from Mediavine’s unique position in the industry. Because Mediavine operates across eight thousand domains, we have a valuable perspective of the problems facing the industry and are motivated to offer a seamless SSO solution to publishers.

More than two years ago we began developing our own SSO/proprietary toolkit, Grow.me, to help address the evolving industry landscape. In turn, I can use the feedback from our internal efforts to help guide the Prebid SSO project into a product supported by large and small publishers, owned-and-operated publishers, and publishers who have an outside company managing their identity solutions.

LdJ: As a global leader of Prebid.org you’re starting to test this new SSO, what are the greatest challenges you expect the SSO working group to solve?

JC: I think the greatest challenge the committee is helping address is to encourage collaboration. Traditionally, advertisers, DSPs, SSPs, publishers, and other players in the ecosystem have operated relatively independently. 

There’s a push toward vertical integration in this evolutionary time for the web. Groups like the SSO Committee and Prebid as a whole have to bring the disconnected parts of the ecosystem closer together and view the space more holistically.

The end solution aims to bring the entire ecosystem together to deliver better relationships between users, publishers, and advertisers with opt-in-based experiences for both content and advertising.

LdJ: There’s been a lot of interest developing around both authenticated and unauthenticated traffic for publishers. But initially, it seemed, the industry was primarily focused on authenticated traffic, where the user shared their email directly with the publisher. What are the key differences between the two experiences for users and their use cases?

JC: Authenticated traffic is traffic that the publisher has been able to verify by a reader logging into their site. A reader understands they have provided their email address and then verifies that email address in exchange for access to an exclusive feature or service. The partially anonymous ID or unauthenticated traffic asks less of readers and users. 

In this case, readers accept an agreement that doesn’t require them to supply their full email address or another piece of personally identifiable information (PII). Instead, it provides a cross-domain common identifier that can be used for many of the same cases as a third-party cookie, but with clearer controls in the hands of the users. 

A user with a semi-anonymous ID can manage some preferences for privacy, can be frequency capped as needed, or even retargeted in some cases. This creates opportunities to build trust in the relationship with a publisher, an advertiser, and ultimately with the proposed entity that is managing an SSO.

I believe the key is developing both options together and in doing so, creating a “good, better, best” mentality. “Good” being contextual signals, “better” being semi-anonymous traffic and “best” being fully authenticated traffic stemming from relationships with the users. This mentality can improve efficiency for advertisers and revenue for publishers without being dogmatic about an all-in strategy that is being actively combated by browser vendors and a public concerned with privacy on the web.

LdJ: And do you see a flow between authenticated and unauthenticated traffic? How will it work?

JC: I think the flow between fully authenticated and semi-anonymous traffic is going to depend very much on publishers and in many ways, advertisers. The committee is still working through the options on the table, but if a semi-anonymous ID user develops the trust to elevate to a fully authenticated relationship? There is a great deal of value in this flow, potentially improving things for all parties.

The post Can SSO Bring the Advertising Ecosystem Together? A Q&A With Mediavine’s Jordan Cauley appeared first on AdMonsters.

The conundrum itself, and its implications, have been discussed ad nauseum over countless webinars and conferences by some of the best and brightest our industry has to offer, and despite all efforts, it feels like we’re still waiting for that silver bullet solution to materialize to hitch our collective wagons to. However, while we wait, there are critical actions already being taken by leading publishers to ensure they’re well prepared for the cookieless future.

Some of Admiral’s top clients and partners have gone all-in on the idea that regardless of whether the future of monetization rests in Google’s cohort-based targeting solution FLoC, or a cabal of UID players, one thing is certain, Relationships = Revenue. From registration walls to unlocking adblock users, to diversifying revenue with subscriptions, there are clear-cut steps that publishers can take now to collect first-party data and build relationships in preparation for the future.

In the following Q&A, we talked about these topics with Dan Rua, CEO of Admiral: The Visitor Relationship Management Company. We’ll go more in-depth on these topics during an upcoming roundtable discussion —How Top Publishers are Using VRM to Prep for UIDs, FLoCs and Revenue in a Cookieless Future — with top publishers at 3 pm ET Tuesday, May 25, 2021.  (Register now, it’s free!)

AdMonsters: Admiral has been preaching the benefits of strengthening the relationship between publishers and their visitors for years, and now it seems like the entire industry has adopted this mantra. How does Admiral and its Visitor Relationship Management (VRM) Platform fit into the solution set for publishers as they prepare to navigate a cookieless future?

Dan Rua: It’s all about relationships, relationships, relationships, relationships. I feel like Steve Ballmer’s meme, when Microsoft went all-in on “developers, developers, developers, developers.”  The massive privacy and user-empowerment wave that is disrupting publisher business models is only growing larger and “Death of the Cookie” is just its latest manifestation.

Publishers are scrambling to figure out if UIDs, FLoCs, or some other adtech trick will save their jobs in a cookieless future, but the one constant is that stronger first-party visitor relationships will always trump weaker visitor relationships.

As such, Visitor Relationship Management (VRM) is an approach that doesn’t rely upon guessing adtech winners and losers but instead doubles down on your most unique and valuable asset — your visitors. Those visitors are people, not statistics or eyeballs, so treat them like people. Just like with real-life friends, visitor relationships start small, with an intro and some discourse to grow trust with each other.

What does that visitor relationship journey look like for a publisher using a VRM platform? Well, it could start with an engagement to say “Hi!” and offer three days of ad-free content in exchange for an email address. On a future visit, that could lead to an engagement saying “Hello again…” and offer seven days of ad-free experience in exchange for account registration. Once an authenticated account has been created, future visits can lead to more engagements that collect more first-party data, offering more value exchanges, including social follows, donations, adblock recovery, subscriptions, and more.  Beyond first-party data goals, digital subscription revenue is booming right now as a diversifying hedge against an uncertain future.

Of particular note, VRM isn’t just another acronym for adtech. In fact, it’s a completely different beast from adtech…more akin to martech unicorns outside of media publishing, like HubSpot, Drift, and more. That’s one reason we sometimes say Admiral is like “Hubspot+Drift for Media Publishers.” After decades of publishers investing and re-investing in adtech, more adtech isn’t going to get the industry out of the mess it’s created. Instead, growing great relationships requires a new, visitor-first martech mindset and adops/revops/revenue leaders are in the perfect position to lead a “Relationship Revolution” aligning their entire organization with VRM.

AdMonsters: Why are registration walls and email acquisition (decidedly “old” topics) now mission-critical for publishers?

DR: Registration walls (or regwalls) have quickly become the first action publishers should take to prepare for post-cookie Universal IDs (UIDs). During the first quarter of 2021, publishers have been inundated with webinars, whitepapers and more, touting a mix of UID options, including LiveRamp, TheTradeDesk/UID2, ID5, BritePool, LiveIntent, and a dozen others. The UID options for publishers and advertisers are dizzying, and yet it’s unclear whether to try picking winners or prepare for them all. This is made worse by the fact that ROI for UID efforts today is unclear.

This has led publishers to ask “What is the best use of my time and effort for the remainder of 2021, to prepare for post-cookie UIDs in 2022?”  The answer is “Launch and hone your regwall strategy now…full stop.”

Emails, accounts and logged-in users will be the lifeblood of most post-cookie UIDs — plus they hold value separate from UIDs.

Emails, accounts and logged-in users will be the lifeblood of most post-cookie UIDs — plus they hold value separate from UIDs. That means that growing relationships with your visitors in 2021, resulting in a million new emails or accounts, will deliver ROI no matter what happens for UIDs in 2022. However, regwalls aren’t just about coding a brute-force popup. Doing it well, without a ton of dev work or alienating visitors, requires a one-tag platform built specifically to grow relationships — like Admiral’s VRM.

After installing a single tag, publishers can create multi-step regwalls that deliver the right ask, to the right visitor, at the right time — all with zero coding required. They can also target journeys based upon a mix of criteria, providing a different journey to search visitors, social visitors, EU visitors, casual visitors, loyal visitors, and more. The end result is intelligent regwalls, growing emails, accounts and logged-in users, every single day.

Lastly, I’d be remiss if I didn’t mention how critical consent will become for UIDs and how regwalls can help. Publishers who already have thousands of emails for their newsletters may feel like they have a good foundation for future post-cookie UIDs, but privacy consent expectations are changing rapidly — making their old emails damaged goods for UID purposes.

Visitors who provided an email for newsletter purposes may not be OK with that email being used for personalized ads on your site — and advertisers are already asking this question. Some demand-side UID participants want proactive consent for any email/account-based UIDs, not just passive consent buried in a privacy policy. Therefore, the best regwall strategies will also include a plan for UID consent and visitor journeys that can gather proactive consent automatically. Admiral’s regwall and privacy consent experts can help publishers do UID consent right from the start.

AdMonsters: There’s been some chatter about blockers disrupting Google’s competing solution to UIDs, called FLoC (Federated Learning of Cohorts). Given that adblock recovery is one piece of Admiral’s VRM platform, what’s going on with this surge in blocker activity and how can publishers respond in 2021 to maximize potential FLoC revenue in 2022?

DR: First, it’s worth remembering that adblock growth was really the first shock to the system that has now led to tracking blockers, GDPR/CCPA and Death of the Cookie. Although publishers have jumped from crisis to crisis over the years, adblock losses are still in the billions industry-wide and recent crises are all part of the same privacy and user-empowerment wave reshaping the Internet’s core business model.

It’s another reason why Admiral focuses on visitor relationships so much. We’ve had great success recovering adblock losses for thousands of publishers like ViacomCBS, NBCUniversal, Hearst, and more by growing visitor relationships in a consent-based way — instead of relying on some adtech trick or paying off the blockers. Top tier publishers talk to their visitors, grow first-party relationships/data and iterate on the value exchange; and will continue to separate themselves from publishers that hide behind adtech tricks until their demise.

As it relates to FLoC, there isn’t a ton most publishers can do right now to test FLoC and optimize for it. It’s coming, and most industry experts predict industry RPMs will be lower as a result — which means publisher revenue will be lower unless you do something about it.

We’ve found that consent-based adblock recovery delivers RPMs that are 10X better than paying the blockers to inject ads and the dialogue with visitors about value exchange opens the door to further relationship growth. 

Luckily, publishers can prepare for the drop in RPMs by unlocking more pageviews in 2021, so they’re better prepared for FLoC, 2022, and beyond. One key way to do that is via consent-based adblock recovery, unlocking new FLoC’able pageviews. We’ve found that consent-based adblock recovery delivers RPMs that are 10X better than paying the blockers to inject ads and the dialogue with visitors about value exchange opens the door to further relationship growth.

Now that EFF (checkout their Am I FLoCed tool), DuckDuckGo, AdGuard, EyeO, Brave, have all announced plans to block FLoC and more, it’s more important than ever to double down on consent-based relationships. If you hope to benefit from FLoC in 2022, then 2021 is the year to maximize the number of visitors you have allowing FLoC.

Given the blocks mentioned above, that means engaging users in a respectful way so they can make choices about supporting the publishers they love. Admiral even has some special Journeys and offers to help publishers prepare for FLoC, and they can be launched in 5 minutes, with no coding required. Interested publishers can email me directly dan@getadmiral.com to learn more.

To learn more about this topic, don’t forget to register for our webinar roundtable discussion —How Top Publishers are Using VRM to Prep for UIDs, FLoCs and Revenue in a Cookieless Future — with top publishers at 3 pm ET Tuesday, May 25, 2021.  (Register now, it’s free!)

The post Launch and Hone your Regwall Strategy Now…Full Stop appeared first on AdMonsters.

As one publisher told us at a recent Think Tank supported by OneTrust, the coming changes in iOS 14 seeking consent to share IDFA—and in general, the depreciation of the third-party cookie—are moving the consent conversation from being about regulation to detailing the publisher’s actual value proposition.

We’re now at a stage in the consent management and communication game where pubs can rebuild and strengthen their relationships with their audiences. Why would a publisher only ask for consent for regulatory compliance when they have a prime opportunity to educate customers about the services provided in exchange for data?

The Current State of CCPA 

GDPR compliance may have been a gateway to complying with CCPA, but it won’t get you all the way there. Under CCPA, users are allowed to opt-out of the sale of their data, which requires a “Do Not Sell” button. As well, CCPA and GDPR differ in requirements for service providers. 

It’s no lie that CCPA compliance has been costly and confusing for publishers overall. Because of this, approaches to compliance have varied greatly with some even waiting to see how Google would handle things first.

Complying with CCPA has been a hurdle for some as it required new processes and protocols. Additionally, for publishers leveraging the IAB CCPA Compliance Framework, getting vendors to sign up as service providers and understanding where each vendor sits in the flow of data collection has been a huge undertaking.

One publisher reported difficulties managing the login states of users and tracking those back to their consent options across a site’s various pages or multiple publisher brands. Another publisher shared: “It’s hard trying to figure out what an individual wants when you can’t identify the individual.”

Regulations like GDPR and CCPA have created a heavy overhead for large publishers, requiring a great deal of coordination and effort across teams, especially when it comes to working with developers and engineers.

When you’re trying to manage consent across various standards and frameworks like IAB Europe TCF v2.0, IAB CCPA Compliance Framework along with Google Ad Manager or Facebook Pixel, you need the right set of tools to help you manage consent across those multiple frameworks and standards while delivering personalized user experiences across mobile, web and OTT.

Consent Management Platforms (CMP) are becoming the tool of choice for managing consumer consent to comply with regulations and pass that data throughout the advertising ecosystem to deliver a better user experience. 

One publisher, at the Think Tank, also advocated for enacting highly restrictive privacy policies and deploying it globally so that it serves as a hard barrier for users to accept and comply with both CCPA and GDPR.

Often labeled the gold standard of consent, the IAB’s Transparency and Consent Framework, now in version 2.0, covers a broad set of publisher use cases and offers pubs more control. But from a user’s point of view, it’s not clear that it’s the gold standard. 

“Unless you’re using a very limited set of data processes and use cases, it seems difficult to expect users to give permission or understand,” said one publisher. 

Since CCPA went into effect, similar privacy bills have been introduced in the states of Washington, Nebraska, Virginia, Florida, and New York. Though it’s hard to predict if any of these bills will become laws, in the absence of overarching federal regulation it’s expected that even more states will introduce online privacy bills.

California opt-out numbers might be low, but interestingly one publisher noted that 60% of the requests they were receiving were coming from non-California residents.

“It’s clear that it’s something that people want,” he said. 

Demonstrating the Value Exchange

The deprecation of the third-party cookie, the upcoming changes to Apple’s IDFA, and privacy regulations like GDPR and CCPA all present pubs with the opportunity to rethink how they build relationships with audiences—and their first-party data strategies. 

As Internet users are getting smarter about privacy and gaining a better understanding of cookies, it’s time pubs take a hard look at how they communicate with and message their audiences. Why should anyone want to share their data with you? What are you offering them in exchange for not opting out? How can you encourage them to register or subscribe?

Demonstrating the value exchange for users is now both an opportunity and a challenge for publishers. “No audiences are created equally,” said one pub. 

Besides, landing the right messaging at the right time in the optimal user experience takes a lot of testing and technical work. You’re going to have to test wording and formats. 

“It’s imperative to test as much as you can,” another publisher added. “There’s a lack of understanding on the consumer’s part about opting in.”

In some verticals, like auto or travel, people might be more willing to share their personal data because they understand that they’ll receive recommendations or advertisements related to their interests.  

It might be an easier sale to offer users a more premium environment, something that’s a value add on top of the content they already receive for free behind a registration gate. “We asked users if they wanted a new experience directly related to what they’re interested in that limits their advertising experience,” one publisher told us. The results have been good thus far. 

“Just don’t threaten users with more ads if they don’t consent,” one publisher warns.

Publishers need to be transparent with users and clearly articulate the value of their content—perhaps even noting that content on the open web really isn’t free after all. 

Tailoring experiences and customizing content is definitely proving useful in driving consent, which ultimately brings more data into building those unique experiences for users. Publishers are also looking to use consent as a signal attribute for a propensity model and possibly building revenue models around their behaviors.

Unfortunately, there remains a technological gap in tying the data pubs are using for custom content experiences to advertising. This is particularly true on the mobile side of the equation, though not completely unsolvable as identity solutions based around hashed email addresses and/or phone numbers are quickly becoming proven alternatives to IDFA.

Consent Drives the Future

But while there are still technical obstacles to climb, it’s clear publishers are looking at the future of consent—not just a tool to gain regulatory compliance, but a key aspect in the publisher-audience relationship and potentially a crucial factor in revenue-driving audience strategies.

The post The Next Phase of Consent appeared first on AdMonsters.

A privacy policy gives consumers “notice” about how their personal information will be collected, used, and shared and then tells the consumer what “choices” they have. Websites present checkboxes and buttons labeled “Agree,” all designed to give consumers options for how they participate online.

As the digital landscape has evolved, however, it has become apparent that this notice and choice approach may fail to protect individual privacy. Instead, it puts the burden of privacy protection on the consumer. Consumers are asked to understand unclear concepts (“what IS a sale”?) and are then presented with a  false choice—agree or don’t use the website.

The focus on consumer choice fails, in part, because consumers often don’t understand how information is collected and used online (and how they may benefit or be harmed by that use).

There are also practical limitations to the choices provided, and consumers ultimately don’t want to make these complicated decisions every time they visit a website. Consent-fatigue hits even the most vigilant consumer, and at some point, it’s just easier to click accept so you can read that article and move on with your life.

The Failure of “Notice”

Website publishers are expected to create privacy policies that are both short and easy to read, but that disclose in detail the data that is collected, used, and shared by the site.

Having written countless policies addressing the myriad of privacy regulations, I can attest to the difficulty of this task.

Privacy policies aren’t 20 pages long because companies want them to be. They are that long because that is the space required to disclose all of the information regulators expect to see.

These requirements rarely consider or emphasize what is meaningful to the consumer and what would help the consumer make a (quick) decision about how to engage with that website.

For example, one of the regulations issued under the California Consumer Privacy Act is a requirement to disclose metrics about the number of individual rights requests a company has received.  How is this information at all useful to the consumer? It’s not. Instead, it adds more length to the policy, more text for the consumer to parse through, and ultimately little value.

The Reality of Consent Fatigue

There have been several studies examining the impact of “decision fatigue” – the mental impact of having to make too many decisions. As one study noted, “people who lack choices seem to want them and often will fight for them”; yet at the same time, “people find that making many choices can be [psychologically] aversive.”

Similarly, requiring consumers to accept or agree to the cookie or privacy policy on every website they visit, to understand and make decisions about whether to opt-out of “sales,” is draining.

The same fatigue that sets in after someone is asked to make decisions throughout the day sets in when consumers are asked about exercising their choices online, and it’s not clear how meaningful these choices are.

What’s the Alternative?

If the notice and choice framework is failing us, then we have to find a better way. Here’s what I suggest:

1. Invest in consumer education – Consumers should understand what to expect online: what activities are routine and (relatively) harmless, what activities are out of the ordinary, and why. Ideally, this would be a “just the facts” delivery of information, without the spin or rhetoric from either side.
2. Adopt a one-page, easy to read privacy notice – The concept of a “privacy nutrition label” has been discussed for over a decade, but has never been widely adopted. The time has come. We should identify the most important questions a consumer may have based on the platform (website, app, etc.) and answer them with a yes or no (“Do you give my email address to third parties to send me marketing messages? Yes/No”…” Does this app track my location for advertising purposes” Yes/No). The details can be included on a longer notice for those who want to read it and for regulators who will still demand to have it.
3. Adopt a white list of advertising activities – There are some advertising activities that we should collectively agree are ok, they are business activities that will not cause the consumer harm. Website analytics, measurement, and attribution come to mind. These activities are critical to digital advertising and should be permitted.
4. Adopt a white list of advertising partners – Privacy laws are requiring companies to disclose more detail about the third parties they share information with or allow to collect information on their site. Consumers can take advantage of certain frameworks that allow them to opt-out of data collection from these companies, but most consumers don’t have enough information to know who they are or whether they should opt-out. Instead, if a company signs on to a set of data governance principles, then websites should only have to disclose if they work with partners outside of that framework. Rather than requiring consumers to make decisions about a company’s practices, the industry should agree to a collective set of data practices, communicate those practices to consumers (see #1), and then notify the consumer when a company or its partner is acting outside of that framework.

Shifting our mindset from notice and choice will not be easy and will require agreement in an ecosystem of competing interests. However, in the long term, both consumers and businesses may benefit from this change.

This article is the third written in a series by Jessica B. Lee, Partner, Co-Chair, Privacy, Security & Data Innovations at Loeb & Loeb:

1. California in Chaos: 3 Things You Need to Know to Stay on Top of CCPA
2. The Value of Talking About the Value of Consumer Data
3. The Trouble with Consumer Choice

Lee will lead a session—Are You Ready For CCPA 2.0?—of privacy experts explaining CCPA and CCPA 2.0, as well as what digital media companies need to do to stay ahead of privacy regulations at AdMonsters Publisher Forum Virtual, AUG 26, 2020.

The post The Trouble with Consumer Choice appeared first on AdMonsters.

Obviously, we’ll discuss this question in depth at next week’s Publisher Forum in Miami—which includes a session focused on consent management platforms (CMPs) and compliance—but we hit up Ben Barokas, veteran AdMonster as well as Founder and CEO of Sourcepoint, about recent GDPR developments, the looming CCPA, and the value of third-party CMPs versus homegrown efforts.

GAVIN DUNAWAY: While a €50 million fine is pretty big, it still seems a pittance for Google, which brings in tens of billions in revenue every quarter. Do you think the size of the fine was tied to the “seriousness” of the offense?

BEN BAROKAS: It’s certainly in the regulators’ interests to make businesses understand the importance of complying with the GDPR – and these huge fines are an effective way of sending a warning message to businesses across the board. The Commission Nationale de l’Informatique et des Libertés (CNIL) received a complaint, evaluated it on the merits of the claim, its severity, and made a ruling based on the full picture. The CNIL could have set a lower fine, but stated that the fine of €50 million reflects the seriousness of Google’s failing, given its dominance in the market.

GD: The main charge against Google is that “user consent is not sufficiently informed”— is there anything other companies can take away from what’s laid out against Google?

BB: The purpose of data protection regulation is to give the consumer greater information and choice about how their data is used. It’s not just a tick-box exercise.

Businesses need to put themselves in the shoes of the consumer and carefully consider whether they are providing enough of the right information to allow the consumer to make an informed choice, and then enable them to make that choice—easily, and without negatively impacting the user experience. Consent processes should be carefully planned and reviewed, with the appropriate guidance, and should form part of the user experience as a whole, giving the consumer full control.

GD: It seems like a lot of GDPR complaints are being filed these days—are there any trends among these that should make advertisers, publishers, and intermediaries nervous?

BB: GDPR is a complicated piece of legislation, with many nuances that need to be understood and incorporated into consent strategies if publishers are to be compliant. But businesses change over time, along with consumer needs, so to stay ahead of the game, they need to ensure they review and update their consent procedures on a regular basis. Any new ruling can result in a new interpretation of the numerous GDPR points, so businesses must have flexibility built in to keep their processes compliant.

GD: So only the French DPA seems to be tossing out fines. Is that a sign that the French DPA is especially rigid, or do you think other DPAs are just warming up their engines?

BB: CNIL has been the most active in issuing fines to date, but we anticipate other regulators will begin to pick up the pace. The UK’s Information Commissioner’s Office (ICO) has been active behind the scenes to ensure businesses have a solid understanding of best practices.

So far, its reprimands have come in the form of warnings in press statements – for example the warning issued to the Washington Post that its subscription options were deemed non-compliant with the GDPR. But we expect that over time the ICO and other regulators will take a firmer hand, with more regulatory investigations to come.

GD: What about the California Consumer Data Privacy Act—is there anything in it harsher than GDPR? 

BB: While the California Consumer Privacy Act (CCPA) is not harsher per se, there are a number of similarities between the CCPA and the GDPR – such as the definition of data controllers and data processors. Companies must ensure they have clear documentation in place to define and formalize these relationships.

Publishers that have prepared well for GDPR will be in a stronger position when the CCPA comes into force and will have a head start in prioritizing consumer choice. As the regulatory landscape continues to evolve, businesses need to understand that consent lies at the heart of data protection, so building trust with consumers must be at the top of the agenda.

GD: What factors make a third-party CMP really necessary versus a homegrown effort?

BB: Consent is a complex space to operate in—and that’s becoming more evident over time. For some publishers, a homegrown consent management solution may work well, but it will need a significant level of upkeep. What might have seemed like the best solution on day one of compliance can quickly become outdated if it can’t adapt with business needs and an alternative solution is then required.

We’ve seen many changes in the consent landscape and interpretation of regulation—and we can expect to see more in the future, as the macro-climate continues to be in flux. Utilizing third-party CMPs, with the technology to support the consent process and the flexibility to scale in line with business growth, allows companies to focus on core strategies, with the reassurance that consent signals are being captured in a compliant way.

GD: In a recent playbook, AdMonsters suggested that companies use GDPR compliance as a blueprint and fully embrace opt-in consent. Do you agree?

BB: We believe there should be a transparent value exchange between publishers and consumers and have been advocates of consumer choice since 2015. The GDPR is helping to bring companies in line with this, encouraging businesses to hand control to consumers over how their data is collected and processed.

However, outside the regulatory sphere, publishers should look to engage with their audience about compensation consent, because it makes business sense. Ensuring users are aware of how they are paying for content—whether it’s via advertising and personal data, or otherwise—builds trust, leads to long-term relationships and increased insight, ultimately increasing monetization.

The post Surviving the GDPR/CCPA Squeeze: Sourcepoint’s Ben Barokas on CMPs and Regulatory Compliance appeared first on AdMonsters.