Consent Management Platform (CMP)
Simply put, Consent Management Platform (CMP) is a platform that can be used by the publishers,
- For requesting, receiving and storing users’ consent.
- For storing the list of preferred vendors along with why they’ve been collecting the users’ information.
A user can set their consent status for all the vendors (Individually or in a bulk manner) on a publisher’s site. CMPs will employ a user-friendly interface to let consumers allow/disallow vendors to track, target, share their online footprint.
IAB Europe defines CMPs as,
A company that captures and stores a Publisher’s preferred vendors and purposes and will also retrieve or set the vendor consent status of a user through a third-party cookie available to all CMPs
Why does a publisher need Consent Management Platform (CMP)?
Typically, publishers, directly and indirectly, collect a set of information (Both PII and non-PII) to target ads and deliver personalized Ad/Content experience to a user. As per GDPR guidelines, publishers have to “unambiguously” get the users’ consent for collecting, processing and using their data. That’s where Consent Management Platform comes in. Of course, we’re referring to EU users.
Without CMPs, a publisher might take a deep revenue cut, as digital advertising is the major source of revenue for many publishers.
Also read: What is Consent Act?
What if a CMP violates the rules?
The consortium (IAB Europe) will determine whether to let CMP continue the integration with the publisher, based on predetermined procedures and norms.
A CMP can read the vendors and users’ consent status of a publisher, it partnered with. And, it may use a first-party cookie or a third-party cookie (global) to function.
IAB Europe requires it to protect and pass the information in an authorized/agreed manner. And, it has opened registration for CMPs and has a list of registered ones too. Here’s the list.
Is it compulsory for publishers to work with a CMP?
No, it is safe to have a specialized entity in place. Also, publishers may choose to act as a CMP.
What do you need to keep-in-mind?
- CMPs will be growing over the EU region similar to SSPs and DSPs. Premium publishers, who are capable of maintaining a dedicated in-house for consent management can try to avoid external help. When it comes to mid-range market, it is advisable to partner with the registered CMPs. In addition, there are a few open source CMPs available in the market (similar to prebid), with the help of which mid-market publishers can customize and implement CMPs in-house.
- The system is flexible. It means, IAB Europe is planning to optimize the rules and regulations, technical standards, etc. based on the feedback from the market.
- Publishers have a complete power, even after they partner with an external CMP. They decide the UI, vendors, information sharing, etc.
- The maximum validity of a user consent should be 13 months.
Here‘s how Consent Management Platform distributes the consent to the ecosystem.
Top five CMPs* used by the US and UK Publishers
1. Cookie Consent by Insites (Consent Tool),
2. Quantcast (IAB-Registered),
3. Evidon/Crownpeak (IAB-Registered),
4. OneTrust (IAB-Registered), and
Source: Adzerk CMP Report – September 2018.