GDPR-compliant framework helps companies track and expose how consumer data is used


The General Data Protection Regulation (GDPR) kicks in for the European Union at the end of May 2018, and it promises surprises not only for consumers but for advertisers as well.

Despite sounding like a cold-war-era spy service, the GDPR is about revealing secrets – consumers will be exposed to how their data is used when they view an advertisement. But this will also help advertisers understand and manage the multiple players and layers involved in their own relationships, and how user data is shuttled among them.


In anticipation of the GDPR, in April 2018, the Interactive Advertising Bureau Europe (IAB Europe) and IAB Technology Laboratory (IAB Tech Lab) crafted a Transparency & Consent Framework (the Framework). Reflecting the input of a number of publishers, agencies and ad tech companies, the standard “supports online services and their partners in their efforts to provide transparency and choice mechanisms for their users.” The Framework will allow adopters to observe how online services use personal data and also track third-party use of the same in accordance with the requirements of the GDPR. Notably, the Framework is aimed at enhancing the relationship between publishers and vendors and provides guidance to vendors with regard to their use of publisher customer data.

The underlying technical structure of the Framework creates transparency about third-party information and stores user preferences as well. The Framework’s key attribute, a Global Vendor List, bolsters the whole and provides a registry of third parties that publishers can trust with their users’ information and end devices.

The Takeaway

The IAB believes that the Framework will help content publishers identify companies that will collect their users’ data and provide a lasting “audit trail” of a user’s decisions regarding how the user’s data is handled. The Framework will disclose which companies are adhering to its standards and profile how they handle user data – helping publishers choose which vendors to work with. 

According to one media outlet, the Framework was designed to be compatible with future regulations, such as the California Consumer Privacy Act, which is up for a vote later in 2018.