Monitoring CMPs has come with elevated costs as well. In February, IAB Europe introduced its “CMP Validator,” a Chrome browser extension it built to analyze site pages and CMPs for violations in consent pop-up notifications or privacy policies.
The higher CMP fee makes sense because it raises the bar for entrants and could help IAB Europe to proactively monitor vendors, said one CMP executive. There are significant downstream PR and legal issues for publishers, tech companies and ad buyers if the CMP is at fault.
Consent fraud, when a publisher or CMP pass incorrect consent data to ad tech vendors to juice inventory rates, is already a simmering issue.
Google has always required explicit consent – in line with the more stringent policy IAB Europe alerted CMP operators about last week – said Lisa Gradow, co-founder and product chief of the German CMP startup Usercentrics. Google also wants its supply chain vendors to be auditable so it isn’t exposed to GDPR penalties by unscrupulous CMPs.
Google and IAB Europe have similar interpretations of consent under GDPR, Gradow said. “But right now no one verifies the consent string generated by a CMP.”
There are quiet signs that IAB Europe is closer to bridging its consent framework with Google. Two CMP executives said some of their publisher clients were told by Google account executives to implement an IAB CMP.
Publishers and CMPs are more cautious since September 2018, when Google was first initially expected to integrate with the TCF, Gradow said. “But advising publishers to use an IAB CMP is something new.”