Industry Perspectives

We Support IAB's Transparency & Consent Framework

Today, IAB Europe, released the draft technical specifications for the Transparency and Consent Framework for public comment: a framework designed for the online advertising ecosystem to use to meet the transparency and user choice requirements of GDPR in advance of the regulation coming into effect on May 25th.

Blog Post
The AppNexus Team
Reading Time: ~5min

As critical as the IAB Europe's framework is, it’s important to note its specific and limited remit. The framework  creates technical specifications and pipes that enable publishers working in different countries and regulatory regimes to meet local transparency or consent requirements. It's designed to provide a standard infrastructure to pass information between publishers and their technology partners without imposing a single policy interpretation. 

We’ve worked in close partnership with IAB Europe and other industry participants in its development. We strongly support the Transparency and Consent Framework and encourage our clients and partners to adopt it as soon as possible. 



GDPR reaffirms the importance of a social contract between publishers and consumers

The publisher-consumer relationship revolves around an important social contract: Publishers agree to produce high-quality content that users get to consume for free (or, in some cases, for a small subscription fee). But of course, publishers need to be able to fund the creation of high-quality content. To fund great content , publishers sell advertising space on their sites to brands and serve ads to their readers.

But here’s the catch: Publishers, advertisers and their tech partners today need to collect and process consumer data in order to deliver the most relevant advertising experiences. The GDPR is designed to protect and empower all EU citizens and individuals located in Europe in relation to the privacy and security of their data. For the online advertising industry, this means we have to do an even better job informing users about the data we’re collecting from them, who it will be shared with, and what all of those parties are doing with the data, forming the other side of the social contract. 

But, if everyone in the ecosystem uses a different method and different language to describe the data being collected from users, how that data is being used, and how users can exercise choice and control over that data, there will be mass confusion and the online advertising ecosystem will face existential challenges. No one should want to see that happen.

The IAB Europe framework is essential to preserving the social contract that publishers have with consumers: they produce world-class content in return for the limited ability to serve advertisements in a targeted but privacy-safe and transparent fashion.

Importantly, it’s not just about advertising. The GDPR requires digital publishers to provide heightened  transparency about their use and sharing of data with a wide variety of third-party vendors, such as certain analytics and dynamic content systems, that help them keep their sites and applications running using data in a more sophisticated manner.  This is an issue that will touch many participants in the digital ecosystem.


What is the IAB Transparency and Consent Framework?

The IAB’s framework has three key components:

  1. global list of third parties (“vendors”) that are accessing users’ devices and collecting and processing users’ data.  This vendor list allows those third parties to make standardized disclosures about who they are, what data they collect, how they use it (“purposes”) and what legal basis they rely on to use the data, among other disclosures.  Publishers and advertisers can use this list to select the vendors they’ll be working with to monetize their ad space, including enable targeting of their users.
  2. technical specification providing companies with a means to build a standardized technical solution for how to surface a user interface designed to dialogue with consumers to provide transparency disclosures and obtain consent (where necessary) for approved vendors and their purposes; and how to store and pass on the information (through the OpenRTB protocol) about these approved vendors, their approved purposes and consumer related to the vendors.
  3. common policy and set of guidelines all participants using the framework agree to follow, including requirements for publishers on how to inform consumers which vendors will be using their data (and get their consent where necessary) and  dictating that publishers inform the vendors they work with that they’ve disclosed their presence and data usage intentions to their consumers and dictating how the vendors ingest and use that information and data.


Why should participants in the online advertising ecosystem adopt the framework?

This framework offers a simple, industry-wide solution for companies that want to access and process the personal data of individuals within the EU after the GDPR is implemented. The framework can be used by companies globally when they interact with users located in Europe and is designed to work across all formats (i.e. mobile and desktop).

It offers a standardised method and language to use to describe the data being collected from users, how that data is being used, and how users can exercise choice and control over that data. 

This is why we stand behind the IAB Transparency and Consent Framework.

At AppNexus, we’ve worked closely with IAB Europe in developing the framework, and we’re confident that it’s the simplest way for participants in the online advertising ecosystem to take control over the vendors accessing their users’ data, provide dynamic transparency to their users about the vendors they’ve approved that may access and process their data, and provide users with choice (including the opportunity to consent, where necessary) required under the existing ePrivacy Directive and the GDPR.

We’ve also built reference architecture, documentation, and a free, open source Consent Management Platform that shows how companies can ensure their own user interfaces integrate with the IAB framework.

For more information and updates on the proposed framework and its supporters, we encourage you to visit the dedicated site at We also invite you to attend our webinar later today, (15:00CET / 14:00GMT / 09:00EST), where we’ll discuss among other things, an overview of the Framework.  You can register for the webinar here.  Finally, stay up to date with our blog to learn more about the GDPR, and how best to prepare.