Categorising Cookies for Transparency: Q&A with The AOP & The Media Trust


In association with The Media Trust.

The programmatic industry, and the use of cookies, has for many years been a systemically opaque business, which has led to concern for publishers as their sites are populated by a range of unknown cookies. To that end, earlier this year the Association of Online Publishers (AOP) launched its Protocol, the second phase of its Cookie Consortium programme, in conjunction with The Media Trust, to accurately identify and categorise cookies.

ExchangeWire speaks to Richard Reeves, managing director, AOP; along with Matt O'Neill, GM Europe, The Media Trust, for an update on the consortium programme, details behind its inception, and how its role will evolve in the GDPR/ITP landscape.

What are the main benefits for publishers and vendors using the AOP Cookie Consortium? In turn, how do consumers benefit?

Richard Reeves: The Cookie Consortium enables the implementation of the AOP Protocol, which aims to reduce risk and create greater transparency particularly in a GDPR era. The partnership with The Media Trust and launch of the Cookie Consortium provides a platform for sharing information between publishers and vendors. Publishers are not only able to see which cookies are running on their sites, but also understand the purpose of those cookies through a categorisation process, prompting further investigative action if suspicious activity is detected. The platform also benefits vendors by reducing the risk of genuine cookies being blocked, as well as saving them time in identifying and disclosing cookies to publishers individually.

While consumers may not directly see the impact of the Cookie Consortium, the premise is built upon creating greater transparency and reducing data compliance risk, and ensures that anyone engaging with consumers is acting to ensure all partners are compliant.

How are AOP members, and vendors contributing to the Cookie Consortium platform, preparing for the upcoming ePrivacy regulation?

Richard Reeves: The AOP Protocol and Cookie Consortium aim to create transparency in a post-GDPR and pre-ePrivacy era. We’re in constant dialogue with AOP members, trade bodies, regulators, agencies, and vendors to ensure we can provide the best direction and support in line with existing and future regulations. While the industry faces constant change, premium publishers have always operated to the highest standards and continue to champion and support best practice and transparency from all parties, ensuring that, ultimately, the user is placed front and centre in terms of both experience and privacy.

What is the next phase of the AOP Cookie Consortium programme?

Richard Reeves: Together with The Media Trust, we will continue to populate the platform, working with vendors and agencies to categorise and describe cookies deployed across publisher websites. To date, around 20% of the 2,000 cookies identified have been classified, and we’ll be aiming for 80% over the next 12 months.

We are getting closer to an industry where it’s difficult to operate opaquely. Publishers need assurances the partners they work with are compliant and operate to the same high standards that are expected from media owners. The continued adoption of the AOP Protocol and initiatives, such as the Cookie Consortium, will play an important role in creating greater transparency throughout the supply chain.

What safeguards have been implemented to ensure that rogue vendors cannot deliberately mis-classify, or hide, their cookies on the Digital Vendor Risk Management (DVRM) platform?

Matt O'Neill: Continuous monitoring of more than 60 AOP member digital properties elicits tracking technologies, not only cookies. Attempts to hide are fruitless as The Media Trust platform detects all technologies present on a page and attribute to the relevant domain and vendor owner.

In order to build a stronger, more trustworthy relationship with publishers it’s in every vendor’s best interest to be fully transparent. Under GDPR and its shared liability, a vendor who is found to be intentionally misleading the purpose of their cookies would most likely be punished by the ICO if discovered. And, as publishers dig into their digital ecosystems and uncover unnecessary or problematic vendors, cookie declarations could become a deciding factor in maintaining relationships.

Approximately how many cookies have you identified so far? Do you expect to see a marked reduction in the number of tracking technologies following the rise of unified ID schemes and the introduction of Google Chrome privacy tools?

Matt O'Neill:To date, more than 2000 cookies have been detected. While we expect a drop in third-party cookie detection due to coming browser changes, we anticipate an increase in additional tracking technologies, i.e., device identifiers, web storage, etc. The bigger issue is a vendor recognising that they can bring another party’s tracking technology to a publisher’s property. Even worse, these vendors are also responsible for propagating hundreds of malicious domains into the UK user experience.

The Cookie Consortium allows for the detection and display of this information easily and in near real time. This increased transparency, we believe, will lead to better data hygiene in the overall digital ecosystem and ultimately reduce risk throughout the supply chain.

Richard Reeves: The way we advise publishers to utilise the platform is to not only collaborate and share insights, but to also prompt investigative action where a cookie category is missing or detected as suspicious. It’s fair to say we are heading towards a future where there is a reduced dependency on cookies, but it’s hard to know what that will look like at the moment.