Consent management platforms may violate GDPR

Industry Contributor 6 May 2019 - 2 min read

Consent management platforms may violate GDPR

By Paul McIntyre - Executive Editor

Market Voice 3 min read

Kicking bigger growth goals: Foxtel & Kayo Sports breaks AFL streaming record as power brands reap returns – big hits incoming

By Martin Medcraf - Sport Sales and Brand Partnerships Director, Foxtel Media | Partner Content

Sports streaming audiences are booming – with this month marking the highest ever streamed AFL round and Kayo’s most streamed sports weekend of all time.

Market Voice 3 min read

Sponsorships: The four things you need to maximise ROI and quantify sales – and why missing two of them could get it cancelled

By Jonathan Fox - Director of Client Services, Mutinex | Partner Content

Sponsorships can either power growth or turn out an expensive mistake. Mutinex MMM data for major Australian brand sponsorships shows dramatic ROI swings – from $8 for every $1 invested, to losses of fifty cents on the dollar.

Tags: GDPR, privacy, data, advertising, programmatic advertising, RTB, Google, EU, marketing

Brands, publishers and platforms may be violating GDPR because consent management platforms (CMPs) cannot provide informed consent in a programmatic world (AdExchanger).

Key info:

CMPs use popups asking users to "accept" or "deny" cookies, for data sharing with other parties in the chain
The problem: "A general consent, without specifying the exact purpose of the treatment, is not acceptable." - EU advisory board
That applies even if a manage consent list provides a detailed breakdown
France's data regulation authority has passed rules that suggest ad platforms cannot use data where they have not collected consent themselves, potentially hamstringing RTB
"It is technically impossible for the user to have prior information about every data controller in a real-time bidding (RTB) scenario ... this would seem, at least prima facie, to be incompatible with consent under GDPR." – IAB spokesperson
CMPs also failing GDPR stipulations on enabling users to update data and withdraw consent

Danger. The entire real-time bidding (RTB) and programmatic advertising supply chain is fundamentally challenged the way GDPR is currently playing out. The fact the IAB has said it's "technically impossible" to deliver user consent the way the EU wants it spells trouble. Sooner or later, GDPR will see regulators dishing out big fines – or making marketing businesses delete their data.

So far, Google has taken the biggest hit for digital advertising and data processing consent, with French regulators – the same authorities now apparently threatening the existence of RTB – stating the consent Google gathers for ad personalisation is not valid.

That should set alarm bells ringing for everyone else.

The definition of consent is a huge concern for everybody involved in the digital supply chain. These days, that is pretty much every business, but particularly to data-driven marketers and the parties with whom they transact.

If the threat of big fines is not sufficient, how about being forced to delete all your data?

The UK tax authority, HM Revenue and Customs, has just canned 5 million taxpayer voice records because it did not gain explicit consent to use voice recordings for identification.

"Innovative digital services help make our lives easier but it must not be at the expense of people's fundamental right to privacy," said the UK’s data regulator, the Information Commissioner’s Office.

The IAB has its work cut out.