The new IAB openRTB protocol introduces a bidstream data field that indicates if an individual is an EU data subject and whether the person has consented to see targeted ads, as well as what data is available as part of that consent, including age, gender, location and other information the EU considers sensitive.
The publisher supplies the consent and audience data to inform a buyer’s decision.
But this isn’t a magical checkbox for consent, said Oath CTO of global supply platforms Jim Butler, a co-chair of the Tech Lab’s openRTB working group since 2011.
The new consent data embedded in programmatic inventory won’t be authoritative. Rather, it’s a way for publishers to signal to bidders that data can be applied for targeting, meaning that inventory is likely to be considered more valuable.
But it’s still possible for an advertiser or ad tech company relying on openRTB consent data to violate GDPR.
In other words, adhering to the openRTB consent data isn’t a legal solution to GDPR, Butler said. It’s a functional solution for programmatic players looking for EU audiences they can feel comfortable targeting.
For now, at least, the string of openRTB consent data only moves one way along the supply chain, from publisher to buyer. More work is needed to connect the publisher data to opted-in audiences that vendors or brands bring to the table. That’s what advertisers will need if they want to target based on identity and not just demographic segmenting.
The GDPR working group and the openRTB working group are also developing methods to keep media companies or tech intermediaries from tampering with the data transmitted in the consent string, which “must be immutable throughout the flow of a transaction,” according to the IAB Tech Lab’s GDPR consent update.
The word “immutable” is a veiled allusion to blockchain-based cryptographic solutions, which the IAB Tech Lab and the main openRTB working group have recently embraced as a way to transmit data and inventory without the possibility of distortion, like ad networks replacing URLs or fudging audience info to trick exchange buyers.