With GDPR compliance deadline taking effect on 25th May 2018, we feel it is crucial for Publishers in the APAC region to understand how this affect them and make sure they are compliant. This is a summary of what DFP clients should be aware of and a few steps to make sure they play safe with the GDPR compliance required when using personal data from European citizens.
How GDPR affects Publishers in APAC? (1)
Here’s a diagram helping you answer how you are impacted by GDPR.
Now that we explained GDPR and why it is important for Publisher to comply, let’s see what the setup process looks like when using DFP.
How should Publishers implement it in DoubleClick For Publishers? (2)
Whether you’re a small business or a premium user on DFP, Google provides guidance to publishers in meeting their duties under the EU User Consent Policy which is accessible in the Admin section, under “EU user consent”.
We’ve crunched the steps to give an overview of the key steps to follow in order for Publishers to meet their duties under this policy, which reflects the requirements of the EU ePrivacy Directive and the GDPR.
|DFP – Step-by-step Process for AdOps
1 – Select the type of ads you want to show
2 – Select ad technology providers (for personalised ads)
3 – Select a line item serving option
4 – Set up consent gathering
What should Publishers be aware of through this process?
1 – Personalised or non-personalised ads, that is the question
Personalised ads reach users based on their interests, demographics, and other criteria. Because ad technology providers may collect, receive, and use personal data from users in personalized ads,
If you wish to continue showing personalised ads to users in the EEA, it is a requirement to clearly identify all ad technology providers when you obtain user consent for the collection, sharing, and use of personal data for ads personalisation.
As a result, Publishers can choose the option that suits best to their needs in their DFP set-up.
2 – Challenging limitation on Ad Technology providers (3 & 4)
Publishers who use Google’s consent-gathering tool, Funding Choices, can only use 12 ad tech vendors, according to an update on Google’s support blog. The ad tech vendors publishers can get user consent for have been largely limited should they choose to use Google’s consent manager provider, or CMP, under the GDPR, as first reported by AdExchanger.
|What is Google CMP?
The Google consent interface greets site visitors with a request to use data to tailor advertising, with equally prominent “no” and “yes” buttons. If a reader declines to be tracked, he or she sees a notice saying the ads will be less relevant and asking to “agree” or go back to the previous page. According to a source, one research study on this type of opt-out mechanism led to opt-out rates of more than 70%.
Google’s and other consent-gathering solutions are basically a series of pop-up notifications that provide a mechanism for publishers to provide clear disclosure and consent in accordance with data regulations.
Another point worth your attention is the use of personalised ads through programmatic transactions (DFP/AdX), here’s what Google says:
3 – Consent across Mobile apps & AMP (5)
Since GDPR applies across all devices and platforms, Publishers also need to carefully add user consent options in their mobile apps. On this matter, Google provides the following process set-up recommendations using their Consent SDK.
|What is Consent SDK?
The Consent SDK is an open-source library that provides utility functions for collecting consent from your users.
3.1 – Update consent status
When using the Consent SDK, it is recommended that you determine the state of a user’s consent at every app launch.
Google’s Consent SDK provides two ways to collect consent from a user:
- Present the user with a Google-rendered consent dialog.
- Request the list of ad technology providers and collect consent yourself with the Publisher-managed consent collection option.
Remember to provide users with the option to Change or revoke consent.
|What is Google-rendered consent dialog?
The Google-rendered consent dialog is a full-screen configurable dialog that displays over your app content. You can configure the dialog to present the user with combinations of the following options:
If you use Google to monetise your app, it is the Publisher’s responsibility to review the consent text carefully, as they do not provide any legal advice on the consent text that is appropriate.
3.2 – Forwarding user consent status to the Google Mobile Ads SDK
- Use the open-source Consent SDK to obtain consent from users. Once collected, consent state will be shared automatically with the Google Mobile Ads SDK.
- Forward consent without the Consent SDK to the Google Mobile Ads SDK. This option is for publishers who implement their own consent collection or are a third-party building a consent solution for publishers using the Google Mobile Ads SDK.
3.3 Forward consent without the Consent SDK
The default behavior of the Google Mobile Ads SDK is to serve personalized ads. If a user has consented to receive only non-personalized ads, you can configure an DFPRequest object with the following code to specify that only non-personalized ads should be returned.
3.4 Ads personalisation settings for AMP pages
Ad requests from AMP pages offer the same ads personalisation settings as the non-AMP pages previously described: publishers may choose to serve personalised ads to all users located in the European Economic Activity (EEA), or they may choose to serve personalised/non-personalised ads selectively based on consent.
Despite a majority of Publishers in the APAC region deciding to simplify block all traffic coming from from EEA in order to avoid any fines by the regulators, we believe it is still core for Publishers to understand the ins and out of such regulation for the future of their business.
For the ones targeting European audiences, this is an amazing opportunity to lift up their game and become a true international leader. For further advice, feel free to contact us for consulting and training services on GDPR data compliance and DFP implementation.
Disclaimer: this guide is based on public resources available on DFP at the time the article was written. We do not take any responsibility for any Publisher’s compliance nor legal liability in relation to user consent under GDPR. Please speak with your existing ad technology providers, as well as your internal teams for bespoke set-up and legal compliance.
About T-Shape Consulting
T-Shape Consulting is fast-growing strategic consultancy firm in digital advertising and marketing. We provide consulting and training services to support companies in successfully leveraging their digital properties through tailor-made strategies using data, media and creative solutions. For more information, visit our website www.tshape.me
- Tools to help publishers comply with the GDPR
- Comply with EU user consent policy
- Google’s GDPR Consent Tool Will Limit Publishers To 12 Ad Tech Vendors
- The media industry scrambles to understand Google’s latest GDPR update
- Requesting Consent from European Users