The CMP category is pretty bare at the moment, and it may be greeted with suspicion by some publishers.
There are eight initial CMPs: two publisher tech companies with roots in ad-blocker solutions, Sourcepoint and Admiral, as well as the ad tech companies Quantcast and Conversant and a few blockchain-based advertising startups.
Adding new CMPs won’t be an issue, since those with the technology can easily register, said Bill Simmons, co-founder and CTO of Dataxu, who contributes to the IAB Tech Lab’s GDPR working group.
No publishers Dataxu works with have confirmed they’ll pass along consent in accordance with the framework, “but ultimately, economics and liability fears will drive them to put a CMP on their site,” Simmons said.
There will be a drop-off in EU audience inventory rates for publishers not aligned with the IAB Europe’s framework, because buyers won’t be able to apply location data, audience data, device IDs or cookies, said Drew Bradstock, senior VP of product at Index Exchange.
“We’ll send the traffic to buyers and monetize as effectively as we can, but it will be less valuable inventory,” he said.
Most publishers seem content to wait and test the waters of GDPR before adopting the framework.
Implementing the framework is easy from a technical standpoint, “but the larger challenge is interpretation of GDPR,” said Brian Kane, co-founder and COO of Sourcepoint, one of the initial CMPs.
Even in the past month, many in the industry have embraced the notion that publishers can secure consent on behalf of technology companies, Kane said, pointing to Google’s long-awaited announcement of its GDPR strategy.
Publishers, however, may not be on the same page.
Digital Content Next, a trade group representing online news publishers, is advising publishers to reject the framework, which CEO Jason Kint said “doesn’t meet the letter or spirit of GDPR.”
Only two publishers have publicly adopted the Consent and Transparency Framework, but they’re heavy hitters with blue-chip value in the market: Axel Springer, Europe’s largest digital media company, and the 180-year-old Schibsted Media, a respected newspaper publisher in Sweden and Norway.
Schibsted is “confident in the flexible and iterative nature of the framework” to address enforcement standards once GDPR is in effect, said Ingvild Næss, chief privacy officer, in an email to AdExchanger.
The framework will evolve based on feedback from regulators, publishers and users, but what’s important is that it “gives us as publishers complete control over which technology partners we choose to work with and over the purposes for which those partners use user data,” she said.
Publishers have been heads-down on internal GDPR compliance, like data recall requests and overhauling how they collect and use data, so considering a non-existent framework for transmitting consent to partners hasn’t been a priority, Bradstock said.
But now “publishers need to hurry up and get it in place, or they and their partners are going to be in an awkward position,” he said, meaning either inventory devaluations or, potentially, breaking the law.
For some, the choice is a stark one.
“Given what is currently known about the regulatory intent of the GDPR, we believe the framework is currently the best and arguably the only viable industry solution,” Næss said.