The Next Phase of Consent

In a privacy-forward world, where regulations like GDPR and CCPA have made data collection more complex, publishers are actually thinking beyond regulatory compliance and moving to the next chapter of consumer consent—demonstrating the value exchange.

As one publisher told us at a recent Think Tank supported by OneTrust, the coming changes in iOS 14 seeking consent to share IDFA—and in general, the depreciation of the third-party cookie—are moving the consent conversation from being about regulation to detailing the publisher’s actual value proposition.

OneTrust technology helps companies operationalize privacy, security, data governance, and compliance programs.

We’re now at a stage in the consent management and communication game where pubs can rebuild and strengthen their relationships with their audiences. Why would a publisher only ask for consent for regulatory compliance when they have a prime opportunity to educate customers about the services provided in exchange for data?

The Current State of CCPA 

GDPR compliance may have been a gateway to complying with CCPA, but it won’t get you all the way there. Under CCPA, users are allowed to opt-out of the sale of their data, which requires a “Do Not Sell” button. As well, CCPA and GDPR differ in requirements for service providers. 

It’s no lie that CCPA compliance has been costly and confusing for publishers overall. Because of this, approaches to compliance have varied greatly with some even waiting to see how Google would handle things first.

Complying with CCPA has been a hurdle for some as it required new processes and protocols. Additionally, for publishers leveraging the IAB CCPA Compliance Framework, getting vendors to sign up as service providers and understanding where each vendor sits in the flow of data collection has been a huge undertaking.

One publisher reported difficulties managing the login states of users and tracking those back to their consent options across a site’s various pages or multiple publisher brands. Another publisher shared: “It’s hard trying to figure out what an individual wants when you can’t identify the individual.”

Regulations like GDPR and CCPA have created a heavy overhead for large publishers, requiring a great deal of coordination and effort across teams, especially when it comes to working with developers and engineers.

When you’re trying to manage consent across various standards and frameworks like IAB Europe TCF v2.0, IAB CCPA Compliance Framework along with Google Ad Manager or Facebook Pixel, you need the right set of tools to help you manage consent across those multiple frameworks and standards while delivering personalized user experiences across mobile, web and OTT.

Consent Management Platforms (CMP) are becoming the tool of choice for managing consumer consent to comply with regulations and pass that data throughout the advertising ecosystem to deliver a better user experience. 

One publisher, at the Think Tank, also advocated for enacting highly restrictive privacy policies and deploying it globally so that it serves as a hard barrier for users to accept and comply with both CCPA and GDPR.

Often labeled the gold standard of consent, the IAB’s Transparency and Consent Framework, now in version 2.0, covers a broad set of publisher use cases and offers pubs more control. But from a user’s point of view, it’s not clear that it’s the gold standard. 

“Unless you’re using a very limited set of data processes and use cases, it seems difficult to expect users to give permission or understand,” said one publisher. 

Since CCPA went into effect, similar privacy bills have been introduced in the states of Washington, Nebraska, Virginia, Florida, and New York. Though it’s hard to predict if any of these bills will become laws, in the absence of overarching federal regulation it’s expected that even more states will introduce online privacy bills.

California opt-out numbers might be low, but interestingly one publisher noted that 60% of the requests they were receiving were coming from non-California residents.

“It’s clear that it’s something that people want,” he said. 

Demonstrating the Value Exchange

The deprecation of the third-party cookie, the upcoming changes to Apple’s IDFA, and privacy regulations like GDPR and CCPA all present pubs with the opportunity to rethink how they build relationships with audiences—and their first-party data strategies. 

As Internet users are getting smarter about privacy and gaining a better understanding of cookies, it’s time pubs take a hard look at how they communicate with and message their audiences. Why should anyone want to share their data with you? What are you offering them in exchange for not opting out? How can you encourage them to register or subscribe?

Demonstrating the value exchange for users is now both an opportunity and a challenge for publishers. “No audiences are created equally,” said one pub. 

Besides, landing the right messaging at the right time in the optimal user experience takes a lot of testing and technical work. You’re going to have to test wording and formats. 

“It’s imperative to test as much as you can,” another publisher added. “There’s a lack of understanding on the consumer’s part about opting in.”

In some verticals, like auto or travel, people might be more willing to share their personal data because they understand that they’ll receive recommendations or advertisements related to their interests.  

It might be an easier sale to offer users a more premium environment, something that’s a value add on top of the content they already receive for free behind a registration gate. “We asked users if they wanted a new experience directly related to what they’re interested in that limits their advertising experience,” one publisher told us. The results have been good thus far. 

“Just don’t threaten users with more ads if they don’t consent,” one publisher warns.

Publishers need to be transparent with users and clearly articulate the value of their content—perhaps even noting that content on the open web really isn’t free after all. 

Tailoring experiences and customizing content is definitely proving useful in driving consent, which ultimately brings more data into building those unique experiences for users. Publishers are also looking to use consent as a signal attribute for a propensity model and possibly building revenue models around their behaviors.

Unfortunately, there remains a technological gap in tying the data pubs are using for custom content experiences to advertising. This is particularly true on the mobile side of the equation, though not completely unsolvable as identity solutions based around hashed email addresses and/or phone numbers are quickly becoming proven alternatives to IDFA.

Consent Drives the Future

But while there are still technical obstacles to climb, it’s clear publishers are looking at the future of consent—not just a tool to gain regulatory compliance, but a key aspect in the publisher-audience relationship and potentially a crucial factor in revenue-driving audience strategies.