GDPR Q&A: Consumer Consent and Your Website

GDPR Q&A: Consumer Consent and Your Website

Somer Simpson is Product & Growth Lead for Quantcast Measure. She has also been leading Quantcast’s product development around GDPR transparency and consent—the new consumer privacy and protection law taking effect May 25, 2018, in Europe.

We talked to Somer to get her point of view on what GDPR means for the digital industry, and what options publishers have for obtaining consumer consent under the new law.

  1. There’s been some industry commentary that GDPR, and the need to collect consumer consent to set a cookie, represents the end of digital advertising in Europe. What’s your POV?

Please, don’t panic. I’m not. The publishing and digital advertising industries have encountered many challenges over the years and we’ve adapted, and in many cases changed for the better.

The GDPR will trigger a significant shift in the way the digital content and advertising industry will operate, but it’s a shift that’s been needed for a long time and, as an industry, we’ve been slow in our efforts to respond. Besides, we still do not have enough information to know how things will play out exactly.  Honestly, NO ONE knows how it will impact the industry when it goes into effect in May.

The one thing we can rely on is that the landscape will shift often as we observe and learn and respond to how consumers, publishers, marketers and policy makers react.

From my point of view, the intent behind GDPR is very positive as it focuses on the right to privacy, transparency, and control for consumers and for publishers. For a long time, consumers have had no idea who is tracking them as they browse the web or for what purposes. Similarly, publishers have had a difficult time knowing what companies are tracking and collecting personal data from consumers through their sites and apps.

GDPR’s focus will bring much needed transparency to the entire ecosystem. The trick will be doing that and still being able to provide consumers with unhindered access to relevant news, advertising and information.

The technical and economic challenges that GDPR, and eventually the ePrivacy Regulation,  introduce to publishers — especially the smaller ones — are significant. That’s one reason Quantcast took a leadership role in helping the IAB EU develop an industry standard for collecting and managing consumer consent that could be used by all, and keep consent compliance from becoming another proprietary, technical debt the industry — , and more likely, publishers would have to pay for.

  1. Some people view this as an EU problem?  What’s the biggest misconception about GDPR?

I’ve heard that from a few people [laughing].  What some people have missed is that GDPR applies to where your traffic comes from, not where you think your audience is.  If you’re a publisher who receives ANY traffic from European visitors, GDPR applies to you.  While that might only be 10-20% of a publisher’s traffic, it’s still a significant potential impact on ad revenue and ad revenue is how many publishers pay for the quality content they create.

That revenue impact quickly flows downstream. Without quality content, news, information, and, yes, even cat videos, there’s content not much worth googling. And then Facebook feeds, become nothing but family albums and random friend ramblings without quality news and content to share, discuss and build community around.

We built this GDPR Revenue Impact calculator to help publishers identify what the potential impact to their revenue could be if they did not get consent to use consumer data to deliver relevant ads.

  1. The IAB Europe framework has been slow to roll out. You represented Quantcast on the Implementation Working Group (GIG), why was there the delay?

There’s the saying “If you want to go fast, go alone.  If you want to go far, go together.” WE wanted to build a mechanism that all companies — large and small; with deep technical expertise or more limited resources — could use to collect, manage and propagate consent with the vendors they work with and make that information transparent to their readers. We also knew that there was no way we would succeed and manage this major change as an industry if we didn’t come together and act as an industry. It has made for some interesting conversations between unlikely parties, but, you know, silver linings and all, I’ve made some great friendships from it as well.

The Open Transparency & Consent framework achieves that “act as one” goal, and delivers an open, non-commercial solution that will help publishers not only be GDPR compliant, but will offer more transparency to consumers about who and how they are being tracked.

  1. There are other consent solutions already on the market, why should a publisher consider a Consent Management Provider (CMP) solution using the IAB EU framework?

Well, in addition to being GDPR compliant, using a CMP solution based on the open standard should cost publishers a lot less, or in the case of Quantcast’s Consent solution, nothing at all. Sorry for the plug. Plus, with broader adoption across the digital ecosystem, it should reduce the operating costs and increase speed to market for everyone.  That’s an important step in making sure we maintain a healthy and vibrant digital content and ads ecosystem.

And since CMPs are based on an open standard, there will be multiple companies working on developing and innovating on the solution to deliver the best possible experiences for companies and consumers, especially within what we know is going to be an ever shifting landscape for a while. Consumers get transparency and control. Publishers get transparency and control. We all keep the lights on.

  1. Quantcast was part of the IAB EU Implementation Working Group (GIG).  Are you also building a CMP solution?

Yes, we’re developing Quantcast Consent, a CMP solution built on the IAB EU framework.  We’re in early alpha testing of the solution now, and will be moving into broader beta in March 2018.  If you’re interested in more details on Quantcast Consent, or want to apply to be part of the beta program, visit Quantcast Choice.

We recently published this white paper that provides more details on the IAB framework, as well as details on how Quantcast Consent is architected.  We’ve built the solution to deliver a seamless consumer-facing experience, while delivering a streamlined system for data controllers and processors to manage and distribute consent across the vendors they work with. Controllers and processors – that’s GDPR-speak for companies that dictate the capture and use personal data for themselves and then companies capture and use personal data but on behalf of controllers.

  1. What are the key differences of Quantcast Consent versus other CMP offerings?

Given where we are as an industry, and how quickly things are changing, that’s not an easy question to answer. Quantcast is agnostic when it comes to which CMP a publisher or website owner uses as long as it is built to work on the IAB framework. For example, even individual publishers can build their own consent solution against the framework.

I can say that we have done a significant amount of customer discovery with our own Quantcast customers — both on the publishing side as well as the advertising side — to inform what elements are most important for our transparency and consent solution to support.

Several customers are participating in an alpha, and the eventual beta program, that we’re running now through the May deadline.  We will share the test results publicly, with the ultimate goal being a solid, well-tested solution that goes to production for anyone to use in April that provides a simple, easy to understand experience for consumers, the right level of control and customization that publishers want and meets the requirements of ePrivacy and GDPR.