If at first they don’t consent, try, try again?
A new form of privacy fraud further complicates the relationship between the Ad Tech industry and GDPR.
As Ad Tech vendors struggle to comply with the strict requirements of the EU General Data Protection Regulation (GDPR), especially around the acquisition of freely given, specific, informed and unambiguous user consent for the use of personal data – a new form of privacy fraud called “consent string fraud” has been detected.
What is a GDPR consent string? This is “a series of numbers added to an ad bid request, which identifies the consent status of an ad tech vendor. That means whether or not they have a user’s consent to use their data in order to serve them personalized advertising.”
What is consent string fraud? In this practice, companies (whether knowingly or mistakenly), tamper with the consent string, changing the “0” (no user consent) to a “1” (have user consent).
CPO Magazine has more details.