Unauthorized redirects are putting publishers at GDPR risk
The leaky nature of the real-time bidding advertising ecosystem continues to cause problems in a post-General Data Protection Regulation era.
Publishers that rely heavily on programmatic advertising bought via the open exchange as a revenue stream have always been vulnerable to sketchy ad tech vendors that drop tags on pages without the publisher’s knowledge. But when those same so-called vendors don’t have GDPR policies, they create bigger problems.
“We have yet to find one website whose CMP [consent management platform] vendor list covers all vendors that are dropping or reading cookies,” said Chloe Grutchfield, co-founder of ad tech consultancy RedBud. “And that includes publishers that opt to display the full IAB list of vendors in their CMP.”
RedBud has scanned 30 of the top U.K. publisher sites and flagged several dubious redirects occurring on a dozen sites, triggered by vendors that have no clear GDPR policy. That puts both publishers and legitimate vendors they work with at risk of penalties. Two companies flagged by RedBud have vague office addresses listed outside the European Union in countries like Israel and Russia.
Some redirects are vendors triggered by other, bona fide vendors for the purpose of cookie syncing. Some may be a little questionable and piggyback on a redirect to redirect to other smaller vendors, added Grutchfield. But in general, redirecting for cookie syncing purposes is a legitimate digital advertising method. The issue comes when the smaller players outside of Europe, that are not GDPR compliant, are triggered on U.K. browsers. There are several like this that are managing to slip through, she added. ..Read more..