Home Privacy What Does Google’s GDPR Fine Mean For The IAB’s Consent Framework? (Probably Nothing Good)

What Does Google’s GDPR Fine Mean For The IAB’s Consent Framework? (Probably Nothing Good)

SHARE:

Google got dinged by France’s data protection watchdog on Monday for failing to properly collect user consent under the General Data Protection Regulation. It was only a scratch but the ruling could signal a rough road ahead for the industry’s consent framework.

The 50 million euro fine levied by the CNIL (the Commission nationale de l’informatique et des libertés) , around $57 million, is the largest GDPR-related penalty issued to date, but the amount is so slight that it won’t even register on the bottom line of a company that generates multiple billions in advertising revenue every single quarter.

“I think Google might be emboldened by both the magnitude of the fine and the focus on consent collection design specifics rather than their business as a whole,” said Andrew Frank, VP of research and a distinguished analyst at Gartner.

Google can probably improve its consent collection process “without making fundamental revisions,” he said. And as a consumer-facing utility provider, Google is better positioned to obtain consent on a purpose-by-purpose basis than many ad tech companies without direct consumer relationships.

But if Google is getting called out for porting and sharing consent for its own services, where does that leave IAB Europe’s GDPR Transparency and Consent Framework? The IAB proposal is widely seen as the industry’s best bet to enable publishers to effectively share user consent with their key ad tech vendors.

Is that framework in peril?

Maybe. The CNIL has already questioned its viability through a November 2018 enforcement action against Vectaury, a French ad tech company that was called out for using a defective consent management platform to collect permission from its publisher and SSP partners.

The IAB’s consent framework “has always been challenged” by the GDPR’s requirement that consent be “granular,” Frank said, meaning that separate advance consent must be obtained for each data processing purpose.

That said, the jury’s still out on whether the framework will be an acceptable solution from the regulatory perspective.

“It doesn’t seem completely clear whether separate companies can share a common purpose for data processing – that is, to offer targeted advertising – for the purposes of obtaining consent,” Frank said. “There are many parties working on resolving this point.”

But what does seem clear is that it’s time to strap in as regulators crack their knuckles and start to put their new legislative tools to the test.

“We’re in for a very long series of actions and reactions before we settle on some new equilibrium,” Frank said.

And the wind isn’t blowing in Big Tech’s favor. None Of Your Business, the privacy advocacy group whose complaint triggered the CNIL’s case against Google, also has related and  pending complaints filed in multiple European jurisdictions against Facebook’s family of apps along with a bunch of other large tech companies.

And that “bodes ill for any free online platform that makes its money through targeting advertising,” said Andrew Burt, chief privacy officer and legal engineer at Immuta, a data management platform that helps companies gather compliant data. “This might be good news for consumers, but it’s not good news for Silicon Valley.”

Must Read

Adobe Advertising Just Launched Its Own Custom Algorithms Product

Last week, Adobe Advertising announced the general release of its own Custom Algorithms product, which is “a huge departure from the TubeMogul days,” Erwin Castellanos, GM of Adobe Advertising, tells AdExchanger.

MFA Ad Spend Is Increasing. Is AI Slop To Blame?

This year, the percentage of ad spend going toward made-for-advertising (MFA) sites went up instead of down for the first time since 2023.

Kickbacks Takes An Outsider’s View While Bringing Ads To AI Agents

Andrew McCalip is a founding engineer at Varda Space Industries, where he oversees the manufacturing of things like hypersonic reentry vehicles and satellite buses.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

CTV Buyers Are Getting The Show-Level Performance Optimization They’ve Always Wanted

A collaboration between InterMedia Advertising, Peer39 and Pontiac Intelligence provided show-level cost-per-acquisition data for 94% of CTV ad impressions.

Advertisers Await Programmatic Pause Ads

The IAB Tech Lab is working on standardizing programmatic signals for new streaming TV ad formats, including pause ads. Meanwhile, many brands are eager to add pause ads to their repertoire.

Why Media Mergers And Spin-Offs Don’t Always Keep Their Promises

With media megamergers, acquisitions and spin-offs left and right, the media landscape is changing at a pace that is difficult to keep up with.