Home Privacy IAB Tech Lab Launches Global Privacy Platform To Transmit Kosher Consent Strings

IAB Tech Lab Launches Global Privacy Platform To Transmit Kosher Consent Strings

SHARE:
Internet network security concept with young man in the night

With so many regional privacy laws around the world, and more on the way, compliance is complicated. Rube Goldberg comes to mind.

On Wednesday, the IAB Tech Lab announced the launch of its Global Privacy Platform (GPP), which is a protocol designed to standardize the sharing of consent signals so companies can more easily comply with global privacy regulations.

The GPP is now open for public comment for the next 60 days.

GPP is the second spec to come out of Project Rearc, IAB Tech Lab’s overarching initiative to deal with signal loss, including the deprecation of third-party cookies in Chrome. Seller-defined audiences was the first.

The IAB Tech Lab has been working on the Global Privacy Platform for the past two years.

The best way to think of the GPP is as a technical framework for compliance as opposed to any sort of policy, CEO Anthony Katsur told AdExchanger.

“It’s a protocol for streamlining and managing cross-jurisdictional privacy compliance,” he said.

First steps

The platform works by inspecting data before it’s been transmitted between partners to make sure it abides by local privacy law and has been gathered with the proper consent.

The GPP also acts as a “transport mechanism” to move vetted data between publishers, advertisers and ad tech companies, Katsur said. “It’s basically a communication layer to ensure you’re carrying a valid consent string.”

Down the line, the IAB Tech Lab plans to also check on and transmit other parameters, such as how long data has been retained.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

The other piece of the GPP is a global vendors list that serves as a centralized record of IAB Tech Lab partners and the vendors they work with. The list also includes whether a company has registered at a regional or global level.

IAB Europe and IAB Canada are developing user interfaces for certification programs that will vet and approve vendors that are hoping to join the ranks of regional data bases, Katsur said.

Fragmentation nation

As data privacy regulations splinter across the globe and even regionally within one country – the US has five state privacy laws and counting – it raises new questions about how to approach compliance across borders.

Privacy protection is “inherently a cross-jurisdictional regulatory challenge,” Katsur said.

“If I’m a California citizen reading CNN and sipping espresso in Italy … is my data collection simultaneously compliant with both the CPRA and the GDPR?” he said.

Not a question you’re likely to ask yourself every day, but a critical one to answer nonetheless.

The GPP localizes consent string formats based on region and has APIs that can match and authenticate consent across centralized databases to check for compliance.

The current GPP framework supports the management of multiple consent strings, including those of the US and of IAB Europe’s embattled Transparency & Consent Framework (TCF) solution for GDPR compliance in Europe and Canada. You can expect more regional versions of privacy frameworks to come as additional US states pass their own privacy laws.

Katsur said the Tech Lab also plans to work with the governing bodies of other countries, such as Brazil, which isn’t on everyone’s radar despite having its own strong data protection law.

The GPP is designed to be extensible and easily integrated with existing compliance frameworks as new laws come into force, Katsur said, which is especially important because continued fragmentation is far more likely than a global data privacy consensus.

And that includes in the US. The Tech Lab “doesn’t foresee any sort of legislation at the federal level anytime in the near future,” Katsur said. “It could take until 2025.”

Until then, adding and authenticating a regional consent string is just a matter of building within the already existing framework. “It’s not hard to add a new strain to this,” Katsur said.

Which is why Katsur says the IAB Tech Lab can brave any additional changes to the TCF that may come following another pending decision by the Belgian Data Protection Authority. In February, the Belgians found the TCF to be illegal in its current form under the GDPR and called on IAB Europe to develop a plan to bring it into compliance. (The irony of a compliance mechanism being found to be uncompliant.)

Accountability

In addition to the GPP, IAB Tech Lab is also working on a separate but related platform to make sure the companies receiving consent signals actually follow them.

The Global Accountability Platform, which IAB Tech Lab hopes to launch later this year, will check to make sure companies are following the consent signals they throughout the entire supply chain, from the inception of the data to the delivery of the impression, Katsur said.

The purpose of the platform is to audit the supply chain and ensure the “integrity of the consent string” remains intact, Katsur said.

Auditing for compliance is “inherently more invasive,” he said, “and there are some people in the room who aren’t going to like it.”

“But we’re not the internet police,” Katsur said. “Either the advertising industry gets together and regulates tools like this, or someone else is going to do it for us.”

This article has been edited.

Must Read

Comic: What Else? (Google, Jedi Blue, Project Bernanke)

Project Cheat Sheet: A Rundown On All Of Google’s Secret Internal Projects, As Revealed By The DOJ

What do Hercule Poirot, Ben Bernanke, Star Wars and C.S. Lewis have in common? If you’re an ad tech nerd, you’ll know the answer immediately.

shopping cart

The Wonderful Brand Discusses Testing OOH And Online Snack Competition

Wonderful hadn’t done an out-of-home (OOH) marketing push in more than 15 years. That is, until a week ago, when it began a campaign across six major markets to promote its new no-shell pistachio packs.

Google filed a motion to exclude the testimony of any government witnesses who aren’t economists or antitrust experts during the upcoming ad tech antitrust trial starting on September 9.

Google Is Fighting To Keep Ad Tech Execs Off the Stand In Its Upcoming Antitrust Trial

Google doesn’t want AppNexus founder Brian O’Kelley – you know, the godfather of programmatic – to testify during its ad tech antitrust trial starting on September 9.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

How HUMAN Uncovered A Scam Serving 2.5 Billion Ads Per Day To Piracy Sites

Publishers trafficking in pirated movies, TV shows and games sold programmatic ads alongside this stolen content, while using domain cloaking to obscure the “cashout sites” where the ads actually ran.

In 2019, Google moved to a first-price auction and also ceded its last look advantage in AdX, in part because it had to. Most exchanges had already moved to first price.

Thanks To The DOJ, We Now Know What Google Really Thought About Header Bidding

Starting last week and into this week, hundreds of court-filed documents have been unsealed in the lead-up to the Google ad tech antitrust trial – and it’s a bonanza.

Will Alternative TV Currencies Ever Be More Than A Nielsen Add-On?

Ever since Nielsen was dinged for undercounting TV viewers during the pandemic, its competitors have been fighting to convince buyers and sellers alike to adopt them as alternatives. And yet, some industry insiders argue that alt currencies weren’t ever meant to supplant Nielsen.