Don Marti at Mozilla, along with the Donald W. Reynolds Journalism Institute at the University of Missouri, realized there could be an opportunity for RJI, for researchers at Mizzou and the University of Nebraska Omaha, and the Information Trust Exchange Governing Association to take a leadership step in this area. Don introduced RJI to engineers and user researchers at Mizzou and the University of Nebraska to experiment with better ways to manage the confusing requests for “consent” to share user data.
The Global Consent Manager project is the result of this collaboration, with Sean P. Goggins at Missouri and Matt Germonprez at Nebraska as lead researchers. The core implementation is a browser extension now being prototyped by the Missouri-Nebraska engineering team, which stores privacy preferences of the user in a format which is machine readable by collaborating websites – or publishers – using an existing industry standard. The preferences, expressed in a special format called a “consent string” are passed in real time with an interaction with a content- or ad-serving site is begun.
The extension is open source and uses the WebExtensions API, making it portable to Firefox, Google Chrome, and other browsers. And the project is not just building the software, but also conducting in-person research with real users, to measure how well our new approach to consent management performs in two ways: first, making the experience less confusing for users, and second, more accurately reflecting the user’s preferences on how their data is shared among sites.
Goggins, at Missouri, thinks that if reputable publishers choose to support an open-standard consent management platform, it could reduce the need for ad-tech services that drop multiple tracking cookies on user’s broswers and then opaquely try to match users across platforms. Instead, he thinks the GCMP approach would allow the end user to manage and offer interest and demographic attributes in real time to sites they trust.
“There is a business model for these trusted publishers to take over how they manage their user data stream, opt out of the whole click-fraud problem space and find a way to monetize what they do in a different way,” says Goggins. “If you also have a kind of an understanding among end users that they’re only going to trust certain sites with their data, that is something that should be monetizable.”
Goggins thinks one way to promote such an understanding by users and participation by publishers is to encourage a common registration approach by websites where a single cookie is used to invoke the Global Consent Manager Protocol across all participating sites. “That’s an opportunity for ITEGA,” says Goggins. “There is a real alignment between the interests of publishers and individuals to protect their safety and privacy.”
“The goal of Global Consent Manager research is to help Firefox developers, and developers of other open-source browsers, make better design decisions on consent management in future browser versions,” says Marti.
Without a publisher-friendly consent-management platform, privacy experts worry that everyone will be able to snag content in places that allow for user-data leakage — away from legit publishers and toward ad fraud. Elements of the idea, now being prototyped by the Missouri-Nebraska engineering team, include:
- A browser extension (initially developed for Firefox) which stores privacy preferences of the user in a format which is machine readable by collaborating websites. The preferences adapt to reflect the list of sites trusted by the user, and they are passed in real time when an interaction with a content or third-party site is approached.
- Web site support for user data consent standards, including the ability to personalize a compliant response.
- Support for the IAB Europe GDPR Transparency and Consent Framework which already has an open-source implementation.
“Consent management can be confusing and time-consuming,” says Marti. “It’s important for browsers to test new approaches to consent management that work in the interests of legitimate publishers. Unless we have a publisher-friendly consent-management platform, users risk having their data leaked to companies they’ve never heard of, and legit publishers will continue to bear the costs of ad fraud.”