IAB Europe has notified vendors of changes to its consent management platform (CMP) program, which registers companies that collect and manage consent data for publishers, and is narrowing the gap between its GDPR framework and Google’s GDPR consent standards.
These changes also come with a significant price increase.
Last week, IAB Europe notified CMP vendors that the yearly fee to register as a CMP will increase from about $400 this first year to $1,350, according to an email shown to AdExchanger.
IAB Europe also tightened standards for its Transparency and Consent Framework (TCF) so consent could only be collected by “clear affirmative action of the user.” That means some common tactics like scrolling or clicking elsewhere on a page don’t count as consent.
IAB Europe confirmed the higher price and the “minor clarification” of its consent policy.
The price is increasing because the trade group underestimated the costs of the CMP program, said Patrick Verdon, IAB Europe’s technical director.
Google was expected to integrate with the TCF by the end of last summer, but the two sides couldn’t reconcile their consent standards, and that has turned into long-running policy discussions – and time spent on lawyers – as IAB Europe prepares to release a second version of the framework. A Google executive with knowledge of the discussions confirmed it has committed to join the updated TCF when it is released.
Monitoring CMPs has come with elevated costs as well. In February, IAB Europe introduced its “CMP Validator,” a Chrome browser extension it built to analyze site pages and CMPs for violations in consent pop-up notifications or privacy policies.
The higher CMP fee makes sense because it raises the bar for entrants and could help IAB Europe to proactively monitor vendors, said one CMP executive. There are significant downstream PR and legal issues for publishers, tech companies and ad buyers if the CMP is at fault.
Consent fraud, when a publisher or CMP pass incorrect consent data to ad tech vendors to juice inventory rates, is already a simmering issue.
Google has always required explicit consent – in line with the more stringent policy IAB Europe alerted CMP operators about last week – said Lisa Gradow, co-founder and product chief of the German CMP startup Usercentrics. Google also wants its supply chain vendors to be auditable so it isn’t exposed to GDPR penalties by unscrupulous CMPs.
Google and IAB Europe have similar interpretations of consent under GDPR, Gradow said. “But right now no one verifies the consent string generated by a CMP.”
There are quiet signs that IAB Europe is closer to bridging its consent framework with Google. Two CMP executives said some of their publisher clients were told by Google account executives to implement an IAB CMP.
Publishers and CMPs are more cautious since September 2018, when Google was first initially expected to integrate with the TCF, Gradow said. “But advising publishers to use an IAB CMP is something new.”
