How The GDPR Helps Consent Management Platforms

Some vendors benefit from privacy regulations

While the EU’s General Data Protection Regulation (GDPR) has led several marketing tech firms to pivot their business models and pull out of Europe, it has been helpful for others in the crowded industry landscape.

The GDPR, which became enforceable on May 25 this year, states that a company cannot use someone's personal data unless they give explicit permission. Companies that violate the GDPR face a fine of €20 million ($22.1 million) or 4% of global revenues, whichever is greater. As the need to gather user consent became imperative for marketers, the synonymous buzzwords “consent management platform” and “consent management provider” gained popularity. Because this is ad tech where everything must be labeled as an acronym, these products are referred to as CMPs.

CMPs collect and store customers’ consent data. This helps marketers keep track of when users do and do not give consent to have their data tracked. CMP providers are hoping that new data privacy regulations like the GDPR and the California Consumer Privacy Act will bolster demand for their products.

Adzerk monitored how the 10,000 most popular websites (according to Alexa rankings) in the US and UK have used CMPs. It found that the number of top websites using CMPs in both the UK and US has increased by about 3 percentage points since July, which is the first month that Adzerk began tracking CMP usage. When looking specifically at web publishers that sell programmatic ads, one-third of UK publishers and about three in ten US publishers use CMPs.

Although CMP adoption rates are increasing—and it’s possible that some publishers may be using CMPs not included in the analysis—it is interesting that Adzerk found two-thirds of UK publishers aren’t using a CMP given the potential penalties under the GDPR.

“We are hearing that deployment of consent tools from CMPs and others is lagging,” said Daniel Jaye, co-founder and head of product for data lake vendor aqfer. “In fact, many smaller and mid-size EU publishers express ignorance of GDPR itself and its requirements, which seems absurd to those of us in the industry who have been living and breathing it for the past two years.”

According to a June 2018 survey of 328 privacy professionals worldwide conducted by TrustArc and the International Association of Privacy Professionals, companies are purchasing CMPs less often than other privacy-focused products. Just 40% of those polled said they have purchased or plan to purchase consent management products. However, it’s worth nothing that CMPs are newer than other privacy products, such as those that secure communications or monitor network activity.

“Even though a conservative approach is to ask for consent for all cookies, few companies are doing so,” said Chris Shuptrine, director of marketing at Adzerk. “But for publishers that show ads, it's more imperative.”

Getting consent is becoming more imperative for marketers, too, who worry that they may be fined if they work with companies that aren’t compliant with the GDPR.

In a June 2018 survey of 255 marketers worldwide conducted by Demandbase and Demand Metric, just one-fifth of respondents were not concerned about their tech vendors putting them at risk of violating the GDPR.