Why You Need A Consent Strategy

Long gone are the days when the programmatic ecosystem was bracing up for the roll out of the General Data Protection Regulation (GDPR) in May 2018. Since then, we’ve seen a domino effect in the privacy realm where countries have announced or implemented new regulations one at a time. Today, 71% of countries across the globe have a data privacy legislation, showing that protecting consumer data has become of utmost importance in many countries’ governance. In regions like Europe, publishers need to have a consent strategy in place to be compliant and avoid missing out on up to 4x ad revenue

Key levels of user consent 

When it comes to data privacy compliance and monetizing their ad inventory, app developers need to take into consideration several key levels of user consent:  

• the region/country’s privacy law  
• the audience, specifically children’s privacy 
• the mobile OS + marketplace privacy policy 
• the sector in which the publisher operates 
• the purposes for which they collect consent from the users to process their data

For app developers with global audiences, they must keep abreast of the different regulations and understand their requirements. Let’s look at it at a high level: 

How to pass user consent to your ad tech partners to comply with regional/country privacy laws 

Collecting user consent is one thing — and mandatory in certain geographies like Europe where GDPR applies — passing it downstream to ad partners is the second part of the publisher’s job. Whilst there isn’t a mandatory way to pass user consent per se, it is important for app developers to be aware of the various consent signals available to them: 

• Boolean - A data type that can only represent two values: true or false:  
  • True if the user has given consent 
  • False if they’ve not given consent or withdrawn it. 
• IAB Transparency Consent Framework v2.0 - The Transparency and Consent Framework (TCF) is the GDPR consent solution developed by the IAB Europe and industry stakeholders to create an industry standard for collecting, managing, and sharing user consent.  
• U.S. Privacy String – Established by the IAB in response to the California Consumer Privacy Act (CCPA). The U.S. privacy string is a cookie that stores information about disclosures made and choices selected by the user regarding their rights. It mostly contains details on whether the consumer has opted-out of the sale of their personal information. 

To use the IAB TCF v2.0 and the U.S. Privacy String, you would need to use a certified Consent Management Platform (CMP). By now, you may have also heard of the IAB Global Privacy Platform (GPP) a new protocol aimed to streamline and unify the existing IAB transmission consent signals. It includes the U.S. Privacy String, the IAB Europe TCF, and the IAB Canada TCF. In the future, the protocol will also support more US- specific privacy strings for California, Virginia, Utah, Colorado, and Connecticut as some these new regulations will come into effect throughout 2023. InMobi will look to support the IAB GPP in Q2 2023.  

At InMobi, we have observed that 51% of ad requests in the European countries where GDPR applies use the Boolean consent method. A vast majority of our top demand partners use the IAB TCF v2.0 thanks to the transparency it offers them and have excluded inventory that is not TCF-enabled from their buying strategy. This means that app developers who are not using the IAB TCF v2.0 are missing out on significant budgets from Brand advertisers and omnichannel demand partners — up to 4x as per our analysis. For app developers to move away from other app performance advertisers and maximize revenue for their audiences in Europe, they need to implement the industry standard. You can talk to your Customer Success Manager to start adopting the TCF v2.0 and increase your yield. 

Why you need a Consent Management Platform (CMP) 

With privacy scrutiny increasing over ad tech and mobile OS companies, it is becoming imperative for publishers to be compliant and adopt practices and strategies that are enabling them to manage consumer privacy choices easily. A CMP is the perfect solution for that.  

A CMP is a solution for websites and apps to request, receive, and store users’ consent. It will enable them to protect the privacy of their users and be compliant with the world’s most major data privacy laws like the EU’s GDPR, the UK’s GDPR, California’s CCPA/CPRA, Brazil’s LGPD, and more. Some CMPs in the ecosystem are specializing in mobile and can support app developers to make an easy transition in supporting key industry consent strings like the IAB TCF v2.0. You can find the list here: https://iabeurope.eu/cmp-list/.  

2023 will have its own lot of new privacy regulations, with a few incoming in the United States. Mobile publishers will need to have a robust consent strategy to keep up with them, ensure thorough compliance, and optimize their ad revenue at the same time. At the end of the day, it is about ensuring that consumers’ privacy is being respected, and consumers will be loyal to you for that. 

If you wish to learn more, please contact your Customer Success Manager or pmm-ssp@inmobi.com.