In The GDPR Era, Publishers Also Need A Data Opt-Out

“The Sell Sider” is a column written by the sell side of the digital media community.

Today’s column is written by Manny Puentes, founder and CEO at Rebel AI.

The average page load on an ad-supported website includes 172 network requests just for advertising, according to recent research. That’s 172 opportunities for a publisher’s audience data to be collected, stored and re-monetized by other partners every time a page displays.

The rise of header bidding has only made this data leakage worse. One agency buyer recently admitted that buyers frequently bid on impression opportunities they never intend to win so they can collect publisher audience data and sell to the same readers at a much cheaper cost elsewhere.

Most publishers have a challenging time unearthing this kind of behavior, let alone preventing it. The growing importance of data governance, however, has made controlling the issue an imperative one.

Programmatic’s Leaky Data Pipes

In programmatic buying and selling, supply-side platforms (SSPs) and demand-side platforms rarely fill 100% of a publisher’s inventory; instead, they work with other platforms to fill a percentage of their inventory.

This means that every time an SSP is called, it may call other platforms. For example, on any given page load on CNN.com, Amazon Associates may call OpenX, AppNexus, and PubMatic, and PubMatic may, in turn, call The Trade Desk, RocketFuel, BrightRoll and others.

Each platform collects and stores valuable audience data, whether or not they ever actually fill the ad space and contribute to revenue.

The Limits Of Human Intervention

With this much complexity, publishers have limited options in controlling the data leaking from their sites. Some publishers have implemented strict contracts with their partners about who can collect their data and, in some cases, they prohibit the use of cookies for data capture. While this limits potential programmatic partnerships, these publishers retain the use of their data and can run their own retargeting campaigns directly with advertisers who want to reach a high-value audience.

Other publishers rely on browser monitoring tools to track data pixels on their site and use the information to chase down noncompliant partners. But for the most part, publishers have to trust their programmatic partners not to fire unnecessary pixels or JavaScript. In cases of discovered violations, they rely on contract enforcement, which can become time-consuming and costly.

While these are all options publishers pursue today, these practices won’t be sustainable or successful in the coming era when data – and the successful management of it – truly defines a publisher’s value. It’s time for a more sophisticated solution.

Defining Domain Data Permissions

With the advent of General Data Protection Regulation (GDPR), publishers and platforms are looking more closely than ever at data governance practices. The attention has primarily focused on individual consumer privacy rights, but since GDPR directly affects publishers, which could be held liable for data misuse, publishers also need to advocate for their own data rights and protections.

To start, publishers need to work with trade groups to establish data-collection specifications and standards and the browser vendors to enforce them.

For instance, publishers could create a way to specify which platforms and companies are allowed to fire pixels and collect data, which would be the equivalent of a data white list. Browsers could enforce this by controlling the code that is allowed to execute on a given site. Browsers such as Chrome have indicated they will begin adhering to the Better Ads Standards created by the Coalition for Better Ads as soon as next month, and domain data permissions could become a logical next step to better protect both publisher and consumer data.

Just as consumers have the option to opt out of data collection, publishers should assert control over who can collect data from their sites. As data ownership increasingly defines value, it is the publishers and consumers who should have the tools necessary to properly control it.

Follow Manny Puentes (@epuentes), Rebel AI (@Rebel_AI_) and AdExchanger (@adexchanger) on Twitter.

This post was syndicated from Ad Exchanger.