Consent Management Platforms (CMP) have been cropping up rapidly in the wake of GDPR—(and soon CCPA)—as the tool du jour for aiding publishers in collecting and managing consumer consent and passing that data throughout the advertising ecosystem.
While there’s a glaring light shining on CMPs—driven by the launch of the IAB Consent Framework, that helps publishers, digital advertisers, and ad tech companies obtain consent or denial and then communicate those choices throughout the entire ad ecosystem—they aren’t exactly new. We’ve seen some consent tools in the wild as far back as 2011, when the EU Cookie Directive first went into effect. And some of those tools are still in use today, though many have not been updated to deal with the explicit opt-in consent rules that the GDPR requires.
The IAB Framework, for its part, provides a set of policies that sets a standard for compliance and establishes consistency across the industry, because CMPs and vendors have to follow it to be on the IABs verified list.
What Exactly Does a CMP Do?
On one hand, CMPs simplify an arduous process, especially for publishers working with multiple ad partners who need to enable user-level ad targeting. Some CMPs even help publishers monetize users who haven’t opted in to share their data.
In short, CMPs help publishers present opt-in or opt-out information, usually through a pop-up, widget or banner, so that site visitors can see how their data is being collected and for what purposes. These consent forms also offer users a peek at which companies have access to their data, the purposes their data is being processed for and the ability to opt-in and opt-out of each item individually. For the user, this provides greater transparency and choice.
When a CMP is built on the IAB Framework, it will add IAB authorized vendors to the consent form and share a user’s consent information with other vendors in the ad tech stack. This makes the sharing of each level of consent a lot easier for targeting purposes.
Google hasn’t made it easy to collect and manage GDPR-compliant consents when using their platforms though they ask that companies using their products provide transparency to users when processing and collecting their data. So it isn’t surprising that the ad giant has its own consent management solution called Funding Choices, and also offers publishers various content resources .
Why Not Just In-house a CMP?
The IAB Consent Framework and CMPs are solid stair steps towards improving data collection transparency, but there still isn’t really a standard CMP so the level of transparency users get varies. And IAB only requires CMPs to abide by a minimum of their policies. That could mean a publisher using a CMP that’s pushing the boundaries of the regulations getting fined down the road.
Since publishers are already collecting personal data for ad targeting in-house, it seems logical to manage all of that data and cookie information in-house. But things aren’t as easy as they look. Consent management requires that consent gathering be fully transparent with a separate expression of consent for each purpose of processing. And it needs to be easy for users to change their mind and withdraw their consent at a later date. Plus all of those levels of consent need to pass through an already complex ad ecosystem. The more ad tech partners you have, the more complicated managing consent will be.
Obtaining and managing user consent is at the root of compliance with GDPR, and likely with future privacy regulations to come, so having the right tool in place is critical to business success in the new age of consumer privacy regs.