With less than six months until the implementation of the General Data Protection Regulation (GDPR), the Interactive Advertising Bureau (IAB) Europe has unveiled a technical standard designed to help marketers meet requirements relating to user content.
The guidance is geared towards helping players in the online media ecosystem, including media owners, adtech vendors and data processors, obtain the necessary user consent for handling data in order to improve ad targeting under the upcoming GDPR terms.
In instances where consent is required for further marketing communication under GDPR, the IAB is building out a set of standards and an open source tech platform which will help companies communicate and share information with audiences.
The tech part of the announcement will comprise a platform which enables transmission of user consent choices to the supply chain. IAB Europe has said it believes this will help increase accountability by enabling the creation of consent records and an audit trail.
The tool is still in the works, and it will enable those who use it to offer disclosure by first parties of any third-party ad partners they work with, as well as the purposes for which they collect and process data.
Companies relying on the forthcoming mechanism will have to adhere to principles and criteria that will be developed in consultation with brands, agencies, websites, publishers and tech companies.
Consent is a core tenet of GDPR, with the forthcoming legislation stating that any freely given, specific, informed and unambiguous indication of consumers’ wishes – either by statement or clear affirmative action – “signifies agreement to the processing of personal data relating to him or her”
“Advertising is a critical revenue stream for online services of all shapes and sizes, be they news publishers, mobile apps and other online media. It is an important step that affected players have come together to develop a robust response to the new legislation," said Townsend Feehan, IAB Europe chief executive.
A recent study indicated that seven out of ten brands are underprepared for GDPR. Further research from the International Association of Privacy Professionals (IAPP) found that just 41% of firms that aren't yet compliant expect to be so by the 18 May deadline.