In The GDPR Era, Publishers Also Need A Data Opt-Out
This article was originally published on AdExchanger.
The average page load on an ad-supported website includes 172 network requests just for advertising, according to recent research. That’s 172 opportunities for a publisher’s audience data to be collected, stored and re-monetized by other partners every time a page displays.
The rise of header bidding has only made this data leakage worse. One agency buyer recently admitted that buyers frequently bid on impression opportunities they never intend to win so they can collect publisher audience data and sell to the same readers at a much cheaper cost elsewhere.
Most publishers have a challenging time unearthing this kind of behavior, let alone preventing it. The growing importance of data governance, however, has made controlling the issue an imperative one.
Programmatic’s Leaky Data Pipes
In programmatic buying and selling, supply-side platforms (SSPs) and demand-side platforms rarely fill 100% of a publisher’s inventory; instead, they work with other platforms to fill a percentage of their inventory.
This means that every time an SSP is called, it may call other platforms. For example, on any given page load on CNN.com, Amazon Associates may call OpenX, AppNexus, and PubMatic, and PubMatic may, in turn, call The Trade Desk, RocketFuel, BrightRoll and others
Each platform collects and stores valuable audience data, whether or not they ever actually fill the ad space and contribute to revenue.
The Limits Of Human Intervention
While these are all options publishers pursue today, these practices won’t be sustainable or successful in the coming era when data – and the successful management of it – truly defines a publisher’s value. It’s time for a more sophisticated solution.
Defining Domain Data Permissions
With the advent of General Data Protection Regulation (GDPR), publishers and platforms are looking more closely than ever at data governance practices. The attention has primarily focused on individual consumer privacy rights, but since GDPR directly affects publishers, which could be held liable for data misuse, publishers also need to advocate for their own data rights and protections.
To start, publishers need to work with trade groups to establish data-collection specifications and standards and the browser vendors to enforce them.
For instance, publishers could create a way to specify which platforms and companies are allowed to fire pixels and collect data, which would be the equivalent of a data white list. Browsers could enforce this by controlling the code that is allowed to execute on a given site. Browsers such as Chrome have indicated they will begin adhering to the Better Ads Standards created by the Coalition for Better Ads as soon as next month, and domain data permissions could become a logical next step to better protect both publisher and consumer data.
Just as consumers have the option to opt out of data collection, publishers should assert control over who can collect data from their sites. As data ownership increasingly defines value, it is the publishers and consumers who should have the tools necessary to properly control it.