For publishers: 5 tips for optimizing your vendor assessment process

Caitie Gonzalez
July 13, 2021

The shift to more transparent data practices continues to evolve. Users are taking more control over whether or not they want to allow third-party cookies, trackers, and tags access to their personal data when they visit their favorite publications. As a result, publishers need to adopt a more proactive approach to managing the vendors sourcing audience data from their websites.

If a publisher fails to curate their vendor list on a regular basis to understand what vendors are present on their digital properties, the consequences can be significant. For example, noncompliance with the GDPR can result in hefty fines of up to €20 million or 4% of annual revenue—whichever is higher. 

Not only are publishers at risk of regulatory fines, but you’re at risk of missing out on monetization opportunities. Data leakage, caused when unknown vendors triggered by redirects capture audience data in the programmatic bid request, is both a security risk and devalues your relationship with the consumer.  You need to identify the vendors who can provide value — and enter into a commercial arrangement — and block the ones who don’t. 

Protecting your website from compliance risk and data leakage should be a top priority, and it all comes down to understanding which vendors are adding value to your site. So how do you know which vendors are right for you? Below are five tips to help guide you. 

1. Analyze your current tech stack

Any vendor you choose to work with must adhere to the same level of data privacy as your existing tech stack. Ask yourself these three questions to better understand if a vendor is a good fit:

Does the vendor have servers in Europe, or is the data going to a county that does not offer the same level of data protection?

Does the vendor adhere to the principle of data minimization, or do they use permanent cookies with an excessively long lifespan?

Does the vendor use intrusive JavaScript methods to create a fingerprint of the device without providing users the option to opt out?

2. Make sure you and your vendors are up to date with the latest compliance guidelines

It seems like there’s a new data privacy regulation cropping up every few months. There are no signs of this slowing down as more and more regions focus on the importance of data privacy. Unfortunately, compliance to GDPR and other regulations has been uneven, with some vendors showing a lack of commitment to data privacy. These vendors put your website at risk of noncompliance. 

3. Focus on transparency

A key indicator of whether or not a vendor is a good fit for your website is transparency. Make sure that the vendor not only specializes in cookies but also covers all other technologies. The more vendors you involve, the higher the technical effort and less transparent the process, which opens up more opportunities for errors. Transparent documentation ensures that dubious vendors can be discovered and removed from your website.

4. Know where the data is coming from

It is essential to know the origin of the third-party data available. Was it collected with the consent of the users? Have users been informed about the use and processing of the data (i.e., personalized advertising)? These questions are necessary to answer for each vendor you allow on your website. Since compliance is not a static state, you should revisit these questions with your vendors on a regular basis.  

5. The timing of consent matters

Advertising cookies that are dropped before the user’s consent is given is still a fairly widespread practice, but regulators are cracking down. See the recent fine handed out to European supermarket giant Carrefour, from the French data protection authority, the CNIL. . When you’re reviewing your vendors, make sure to monitor the timing of when they access data. If cookies or trackers collect information as soon as a website page loads, that’s not only a violation under consent-based regimes, but it could be a red flag about other risky vendor behavior.

These five tips are an excellent place to start when evaluating which partners and technologies are a good fit for your business without impacting the performance of the website experience or your ad revenue. 

Looking for more resources on how to assess your vendors? Download your free copy of our guide, A Publisher’s Guide to Vendor List Curation.

Latest Blog Posts

What’s the IAB Tech Lab’s Global Privacy Platform (GPP) framework?

September 14, 2021

It’s not just GDPR and CCPA anymore. Data protection...

A little privacy: week of July 20

July 27, 2021

California's new Consumer Privacy Interactive Tool lets consumers notify...

A little privacy: week of July 16

July 23, 2021

CA attorney general reinforces requirements to honor GPC. Ohio...

Latest White Papers

Ebook: A Publisher’s Guide to Vendor List Curation

August 16, 2021

This guide covers everything you need to know about...

Keep in touch

Sign up for our newsletter to keep up with the latest privacy and media news.

Let's explore what we can do together.

We’ll be in touch within 48 hours

    First name *

    Last name *

    Email address *

    Company *

    LeadRegion *

    Country *

    Message *

    * indicates required fields