Schedule a demo
Login to console
  • Solution

  • Ad Tech

Didomi now supports the IAB Europe consent framework

April 20, 2018 by Romain Gauthier

Didomi is proud to announce that our Consent Management Platform (CMP) is now officially registered with the IAB Europe’s GDPR consent framework. We’re one of the first CMPs to fully support the framework.






The IAB Europe Consent Framework


The IAB Europe Consent Framework aims at standardising consent flows between advertising partners. Online advertising involves a complex chain of data controllers and processors which varies from one ad to the other. Ad impression after ad impression, personal data of users (such as cookies, geolocation, user identifiers) flows in real-time among various vendors. The main difficulty is that no one in the chain has visibility over the exact number and quality of the vendors. All these vendors get access to the data, usually in the form of a bid request following the OpenRTB standards. Within the GDPR and soon-to-come ePrivacy frameworks, processing this data will in certain situations require user consent.


The IAB Consent Framework is the first attempt to solve a key privacy problem with a standardised approach for all players. The idea is fairly simple: attach a consent token to the data so that consent follows the data wherever it flows. The token is an encrypted consent message which details which vendors have permissions for which purposes. Practically, the OpenRTB bid request will have a new field containing the token. This means that any vendor receiving the data can decode the token and check whether it has sufficient permission to process the data for its own purposes prior to anything else happening in its systems. If it has no permission, the vendor will not retain the data in its system and, voilà, compliance is maintained across the whole chain.


This solution is not perfect as it relies on trust: a bad player can receive the data and process it without permission. However, it’s the most elegant way to solve a complex problem with a solution that doesn’t lock the whole market in the hands of a few players. With this system, publishers and advertisers will have a strong incentive to only collect consents for compliant vendors which will therefore be rewarded for being privacy friendly. There are still some limitations with the implementation of the first version of the standard, but it’s great to see that serious vendors are working together to find solutions that fit into the new privacy framework.


The role of the Consent Management Platform


In this new GDPR world, a new breed of vendors is emerging: the consent management platforms. Their role is to help advertisers and publishers manage their user consents. At Didomi, we break down consent management in 3 distinct yet essential steps: collecting consent, storing and accessing consent, and sharing consent.


Discover our CMP


Collecting consent is arguably one of the most exciting field of research these days. It’s the perfect use case for advanced technologies and innovative designs. We’re probably at year 0 in terms of user experience: consent is collected via banners positioned on the first landing page. The message presented is most of the time obscure and it poorly informs a user about what is being asked from him. Yet this is a tough challenge because the regulatory framework is strict and can’t be tweaked that much while you want to guarantee the best user experience. Expect a lot of innovation in this field in the coming years.


Storing consent is a legal obligation. As a data controller (be it an advertiser or a publisher) you must be in a position to prove that you collected consent adequately for the data processing that required consent as legal basis under GDPR or ePrivacy. If any European Data Protection Authority knocks on your door, you need to show that you effectively collected consent for the data processing which needed it for all the clients/users/individuals you collected data from.


When consent is stored, you also need your users to be in a position to revoke the consent at any time as simply as the consent has been given otherwise the said consent will not be considered valid. How do you do that? There is a need for revisiting the whole user privacy experience on websites and apps, but that’s another topic.


Sharing consent is where the IAB Europe Consent framework gets in. Not only do you collect consent for your company, but most of the time also for your vendors, whose ability to provide their services often depends on consent as well. But wait, this isn’t the only consent framework. Ever heard of OpenGDPR? And this  IAB Europe Consent framework only deals with the advertising purposes. What about Direct marketing (aka emailing)?


Now all this can be fairly complex. Consents can be given but also withdrawn. They can be attached to a cookie or to an email (or another offline key). The volumes you need to manage can be massive or really small. Your business could suffer from neglecting some key technical constraints: your advertising vendors need you to pass them consents in real-time as every millisecond lost is less business for everyone.


You’ll need to integrate with all the consent frameworks that exist out there. In all cases, companies will most of the time be better off not distracting themselves from their core business and getting some help from a Consent Management Platform. Want to find out more about the Didomi solution? 


Discover our CMP

How is Didomi contributing?


As a member of the IAB Europe and the IAB Techlab GDPR working groups, Didomi is actively contributing to shape the Consent Framework and its evolutions. We released and maintain the open source JavaScript library Consent String (the reference implementation of the consent specification) to help developers encode and decode consent information. We also built an online tool to help adtech vendors check the compatibility of their tags with our consent management technology. And that’s just the beginning!


Discover Didomi for AdTech


This is part of a larger effort to provide publishers and advertisers with easy-to-use privacy management solutions that are needed to help the industry take the plunge of GDPR compliance and also embrace the new European privacy framework as an opportunity to reinvigorate online advertising.


At Didomi, we’re convinced that privacy will prevail. 


Want to ensure compliance and continue optimising monetisation? 


Schedule a demo

Related articles