BRUSSELS & NEW YORK – IAB Europe and IAB Technology Laboratory released the market-ready technical specifications for the Transparency & Consent Framework (“Framework”) following a 30-day public consultation in March and April 2018.
“When GDPR is enforced across Europe, publishers and vendors need not only a solution for today, but one that can evolve based on guidance from the regulatory community, internet users and companies relying on the framework for a standardised, supporting standard”
The official release version of the standard reflects extensive feedback from publishers, agencies, and ad tech companies collected during the consultation period. As with all standards, it is expected that this standard will be iterated with new features and attributes in the future.
The Framework allows users to have full authority over their data.
The Framework is a cross-industry standard that supports online services and their partners in their efforts to provide transparency and choice mechanisms for their users. In accordance with the General Data Protection Regulation (GDPR), users can now be made aware of not only online services’ use of their users’ personal data, but also use of that data by third parties that assist online services in showing advertisements to their users and measure the effectiveness of those advertisements. The Framework is particularly relevant for “first parties” (publishers) and other suppliers of online services, who partner with “third parties” (vendors) to enable those third parties to process user data on one of the legal bases laid down by the Regulation (including both legitimate interests and consent, where applicable).
The GDPR will be enforced as from 25 May 2018. Fines for non-compliance with the new regulation could run as high as 4% of companies’ annual global turnover.
IAB Europe and IAB Tech Lab call for immediate and cross-industry support for, involvement in, and adoption of the Framework.
CEO IAB Europe, Townsend Feehan said: “GDPR will mean European users get more information about, and control over, who is processing their data. This should give them increased confidence online – that is the challenge and opportunity that the complex new EU law presents. The Transparency & Consent Framework will sit at the intersection of users, publishers, and the third-party partners (vendors) that support the publishers in monetising their content, giving both users and publishers more control and transparency in the new environment.”
How does the Framework operate?
The technology is based on a JavaScript API and enables the surfacing of the selected third parties’ information, the storage of a user’s choices related to those third parties and the passing of information about approved third parties, so that parties in the online advertising ecosystem understand which parties have been approved by publishers and surfaced to and approved (or consented to, where necessary) by their users. A key piece of the Framework is a unique registry known as the Global Vendor List, which is a list of registered and approved third parties that a publisher may, in connection with the processing of personal data on its digital properties, choose to allow to access information on its users’ devices or process its users’ data for specified purposes. The Framework also facilitates management of signals by Consent Management Providers (CMP) across participating organisations that meet specific and required criteria.
Robert Whelan, Chief Operating Officer at Emerse, a registered vendor said: “Emerse DSP is now enrolled in the Transparency & Consent Framework, an excellent initiative for the digital advertising industry.”
Publishers can take advantage of the Framework in the following ways:
- Publishers can use the registry to view which of their partners have applied to adhere to the Framework’s policies and for which purposes their partners are using personal data to determine which third parties they choose to work with and include as vendors in their individual user interfaces they decide to make available
- Publishers can then surface information to their users about which vendor may be allowed to lawfully collect and use the personal data of their users in connection with the sale and measurement of ad space
- Publishers and vendors can communicate with one another about which vendors may be allowed to access or process the personal data of publishers’ users and for which purposes
- Publishers and vendors can capture, disclose, and maintain an audit trail of a user’s choice about those vendors and their data processing activities
Major European Publishers including Axel Springer and Schibsted Media Group recently endorsed the Framework:
“We believe a standardized industry framework is necessary to not only meet transparency and user choice requirements, but also to maintain a high-quality user experience for our audiences,” said Moritz Holzgraefe, Chief Operating Officer Corporate Digital Platforms at Axel Springer. “Closed or fragmented solutions don’t enable publishers to choose which technology providers they work with and don’t allow advertisers to operate effectively, which is critical to our business and to our users.”
“It is important to us to have a solution that can evolve as other publishers, advertisers, and technology providers work with regulators and end users to iterate over time,” said Ingvild Naess, Group Privacy Officer, Schibsted. “IAB Europe’s Transparency and Consent Framework is designed to be fine-tuned as best practices become clearer in the coming months and years.”
“The Framework we’ve developed establishes a way to communicate user choices about the processing of their data for advertising and other purposes,” said Alice Lincoln, VP – Data Policy & Governance, MediaMath, who chaired the initial IAB Europe Working Group on Consent that led to the creation of the Framework. “In addition, the Framework provides technical measures for publishers that help ensure their audience data is secure. We believe these two accomplishments will help the ecosystem adopt a consumer-first mindset in which data processing practices are in alignment with users’ rightful expectations of both privacy and better advertising experiences.”
The updated technical specifications for the GDPR Transparency and Consent Framework can be found HERE. The specifications include:
- Consent Management Provider Javascript API spec v1.1
- Consent String and Global Vendor List format spec v1.1
An additional draft specification being made available for public comment within the coming week in conjunction with the release includes:
- publisher-vendors.json spec v.1.0 (draft)
This additional draft specification will provide more robust support for vendors operating on different legal bases, secondary audit trails, and more granular controls for publishers over approved purposes for each of their approved vendors.
“When GDPR is enforced across Europe, publishers and vendors need not only a solution for today, but one that can evolve based on guidance from the regulatory community, internet users and companies relying on the framework for a standardised, supporting standard,” said Dennis Buchheim, Senior Vice President and General Manager, IAB Tech Lab. “The team at the IAB Tech Lab has taken on technical governance of the Framework to ensure that it meets policy needs, works with other relevant standards (such as OpenRTB), and is flexible enough to continue to evolve and to support future data-privacy-related needs.”
With the GDPR enforcement date fast approaching, publishers and their advertising partners are strongly encouraged to implement the Framework immediately. For publishers that wish to enlist a third-party CMP, a regularly-updated list of fully operational CMPs is available HERE.
In addition:
- Information and resources about the Transparency & Consent Framework are available here.
- Implementation Guidelines are available here.
- List of the current supporters of the Framework is available here
- Register as a vendor and/or a CMP here
- CMP Demos from Quantcast, Faktor and Didomi are available here.
- Register here for this week’s webinar on Friday 27 April at 8am PDT/ 11am EDT/ 4pm BST/ 5pm CEST
—
About IAB Europe
IAB Europe is the leading European-level industry association for the digital advertising ecosystem. Its mission is to promote the development of this innovative sector and ensure its sustainability by shaping the regulatory environment, demonstrating the value digital advertising brings to Europe’s economy, to consumers and to the market, and developing and facilitating the uptake of harmonised business practices that take account of changing user expectations and enable digital brand advertising to scale in Europe.
About IAB Technology Laboratory
The IAB Technology Laboratory (“Tech Lab”) is a non-profit research and development consortium that produces and provides standards, software, and services to drive growth of an effective and sustainable global digital media ecosystem. Comprised of digital publishers and ad technology firms, as well as marketers, agencies, and other companies with interests in the interactive marketing arena, IAB Tech Lab aims to enable brand and media growth via a transparent, safe, effective supply chain, simpler and more consistent measurement, and better advertising experiences for consumers, with a focus on mobile and “TV”/digital video channel enablement. The IAB Tech Lab portfolio includes the DigiTrust real-time standardized identity service designed to improve the digital experience for consumers, publishers, advertisers, and third-party platforms. Board members include AppNexus, ExtremeReach, Google, GroupM, Hearst Digital Media, Integral Ad Science, Index Exchange, LinkedIn, MediaMath, Microsoft, Moat, Pandora, PubMatic, Quantcast, Telaria, The Trade Desk, and Yahoo! Japan. Established in 2014, the IAB Tech Lab is headquartered in New York City with an office in San Francisco and representation in Seattle and London.