Muki′s AdTech Diary - February

The Digital Services Act coming into effect - Opportunity or Challenge?

The Digital Services Act (DSA) represents a significant step by the EU towards a secure and transparent digital space and is considered one of the most important digital policy frameworks in Europe – a kind of constitution for the internet. The aim is to protect users' fundamental rights and establish fair competition conditions for companies, fostering innovation, growth, and competitiveness both within the domestic market and globally. The DSA obliges online platforms to be more transparent, also regarding advertising. Users must be able to discern who is funding the advertising and what information was used to select it. From a user perspective, this creates transparency, which we, as marketers, naturally welcome. As part of the DSA, advertisers must disclose the parameters used for delivering advertisements. These parameters correspond directly with a purpose outlined in the Transparency Consent Framework:

1. Users receive a rough assessment based on which information they have seen advertisements.
2. There is a uniform standard for ad identification - previously, everyone had been doing their own thing.
3. As marketers, we can utilize the data to better understand the exact origin of the advertisements and optimize them more effectively.

Transparency, Control, and Consent

However, particularly the second point raises concerns among DSPs. The back- and-forth transmission of DSA information through the bid chain is undesirable as it reveals too much information about the buyers. DSPs prefer a solution where they control the information (the DSP receives the DSA info but does not send it back). To address this issue, Consentmanager has proposed mechanisms to restrict the SSPs' access to this DSA information to the IAB. The proposed solution entails the following: Instead of sending the DSA information back to the SSP via OpenRTB, the DSP only sends a URL to the SSP. The SSP forwards the URL to the Consent Management Platform (CMP) or the website. The CMP then retrieves the URL on the user's device to obtain the JSON-formatted DSA information.

I strongly support this proposal by Consentmanager and their commitment to certain standards in this area. Any publisher potentially falling under the DSA always needs a CMP if they wish to serve programmatic advertising. Therefore, GDPR and DSA apply simultaneously, necessitating the continuous use of a CMP. It can render the ad identifier on the page if publishers do not have the necessary resources to implement it themselves.

What does this mean for revenue?

As publishers and marketers for publishers, we now have to assess which DSPs and advertisers are actually implementing the DSA requirements. In essence, whether the necessary transparency information is being sent along with the requests. The problem arises when it is mandatory for an ad request to include transparency information – who bought the advertisement, who funded it, which targeting mechanisms were used, etc. If this information cannot be included because a DSP does not yet support it, then the demand suffers significantly. Currently, it's unclear what impact this will have on revenue. We are now A/B testing to find answers, but we fear that it will have rather negative consequences. The impact on revenue is therefore currently the biggest concern for publishers and marketers in relation to the DSA.