Home Data-Driven Thinking Consent Fraud: A Simmering Problem That Could Scald The Ecosystem

Consent Fraud: A Simmering Problem That Could Scald The Ecosystem

Daniel Jaye headshot

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Daniel Jaye, founder and head of product at aqfer.

Ad fraud has long been on marketers’ radar, but there is another type of overlooked fraudulent activity that carries potential regulatory and reputation-related consequences: consent fraud.

For those not in the know, the potential fraud can be traced to the consent string, a technical feature used in relation to data privacy and the General Data Protection Regulation (GDPR).

A consent string is a set of numbers generated by the consent management platform (CMP) used by a company deemed to be a data controller under GDPR. Sometimes called a “daisybit,” the consent string indicates whether a vendor has gained a consumer’s consent to use relevant data to serve personalized ads and specifies how the identifying data is used. It’s framed through single digits, or bits: a 1 means the ad tech vendor has the consent required, and a 0 means it doesn’t.

This simple algorithm goes to the heart of whether ads can be served as they have since the advent of the digital era – and that, in turn, goes to the heart of GDPR’s wide-ranging regulations. It’s why the Interactive Advertising Bureau (IAB) of Europe specifically opted to assign a consent string to all providers on its global vendor list, which is fundamental to the IAB Transparency and Consent Framework.

GDPR only went into effect last May, and we’re already hearing that some vendors are pulling the strings needed to push through unwanted ads. It doesn’t take too much technical prowess to hack the system and change daisybits, and that’s become an option for some unscrupulous players.

At the most basic level, a 0 becomes a 1, and presto, the consumer’s wishes are ignored and many more ads are allowed. To be fair, it’s only one or two bad actors so far (that I know of). But misdeeds this early send a bad signal.

Another issue may be that while IAB’s consent string is the clear standard, there’s at least one alternative: Google and its Funding Choices platform. Launched in the United States back in summer 2017 (it’s since been rolled out in other markets), it was created to help publishers get back some of the revenue they were losing to ad blockers.

This is more of an approach than a standard, but it can serve different results for the same ad bid request – and given Google’s reach, that matters. However, the company has indicated that it will accept the next iteration of the IAB standard, assuming certain adjustments are made.

But many US enterprises doing business in Europe, and even some European vendors directly in the line of fire, lack the experience and commitment to deploy the right CMPs and guarantee the integrity of the process. It’s even more troubling that although GDPR was supposed to establish a common standard, it is interpreted differently in different jurisdictions. A depressing number of companies don’t understand fundamental requirements, and a few seem to think the old cookie notices are enough.


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

In other words, the message that what was previously a directive is now a law – and breaking it will bring consequences – hasn’t resonated loudly enough yet.

Sure, there are nuances. Balancing a legitimate interest assessment that takes into account risks and intrusiveness makes for a complex equation. But we should be able to tell the difference between a 1 and a 0.

GDPR is real and consequential, and there are surely more privacy mandates coming. Consent fraud isn’t even a simmer yet, but anything close to a boil will hurt the whole ecosystem. It might begin with greater scrutiny and exposure, then proceed to additional sanctions and even heavier regulation.

But more than the fear of punishment, we should consider the upside. Just as attempts to do an end run around legitimate interest could backfire, gaining appropriate consent can pay rich dividends. There’s often a stigma associated with data-driven marketing. Respecting consumer preferences, remaining accountable and meeting consumer needs helps us all in the long run.

Yes, any kind of regulation can be painful. But with GDPR and other privacy mandates, playing by the rules could create big wins.

Follow aqfer (@aqferinc) and AdExchanger (@adexchanger) on Twitter.

Must Read

Advertible Makes Its Case To SSPs For Running Native Channel Extensions

Companies like TripleLift that created the programmatic native category are now in their awkward tween years. Cue Advertible, a “native-as-a-service” programmatic vendor, as put by co-founder and CEO Tom Anderson.

Mozilla acquires Anonym

Mozilla Acquires Anonym, A Privacy Tech Startup Founded By Two Top Former Meta Execs

Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla.

Nope, We Haven’t Hit Peak Retail Media Yet

The move from in-store to digital shopper marketing continues, as United Airlines, Costco, PayPal, Chase and Expedia make new retail media plays. Plus: what the DSP Madhive saw in advertising sales software company Frequence.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: Ad-ception

The New York Times And Instacart Integrate For Shoppable Recipes

The New York Times and Instacart are partnering for shoppable recipe videos.

Experian Enters The Third-Party Data Onboarding Business

Experian entered the third-party data onboarder market on Tuesday with a new product based on its Tapad acquisition.

Albertsons Takes Its First Steps Into Non-Endemic Advertising, Retail Media’s Next Frontier

Albertsons is taking that first step into non-endemic advertising next week via a partnership with Rokt to serve ads to people who have already purchased groceries.