We are now in the process of making the Cloudflare Zaraz Consent Managegement Platform "compliant" with the IAB demands. It's mandatory in order to run Google Ads in Europe.
Their demands are completely countering privacy and will only make our CMP more hostile towards users and less privacy oriented. It's ridiculous. But they have this alignment with Google and so you have to do what they say.
Well, I guess hurry up with that alignment before the IAB is forced to scrap the entire system:
> On 2 February 2022 the Belgian Data Protection Authority, in agreement with 27 other EU data protection authorities, ruled that the [IAB controlled] “TCF” consent spam system is illegal.
I tend to think these kind of things don't happen so fast, unfortunately. But if they are, I'd be full with joy to be making the PR that removes all that code.
It's been a while since I was reading through the specs so I could be wrong, but as far as I remember, you kinda had to "collect" the consent status server-side, which feels wrong (because sometimes there wasn't consent), and third-party vendors would get the full consent status even if it's irrelevant for them.
You could start be removing all tracking code from your site and code sharing with 3rd parties.
Boom, compliant (in that part) and not even a need for a consent form in the first place.
The you may add a feature to track and share with 3rds, but opt in. The you need the consent but can get it in a privacy friendly way.
Oh, but you “cannot” do this because the ads won’t work and you’ll loose profit? What you dont seem to realise is that this decision is already made for you by EU: with GDPR the eu made the decision that privacy is more important than your profit. You just have to face facts and stop trying to figure a way around it. Yes that means rethinking business models, but I would wager that had people known fully how they were tracked and profiled, they would not have done business with you in the first place thus your ad/tracking based business model was only valid through deception.
I honestly have no idea what you're talking about, which tracking code you want me to remove and in which of my websites you saw ads. I was never part of a company that had an ad/tracking-based business model, and in fact all my work in Zaraz is around making third-party online more transparent and permissions based so that scripts don't just run uncontrollably and that it would be possible to completely block their access to cookies, network etc. Your comment looks like you just came up with a fantasy story and replied to it instead... I mean, me losing profit because my ads won't work? what?
Yep, the thing you wrote about IAB made me think Zaraz did something it doesnt. My bad. My comment was intended for people writing (and using) those horrible consent dialogs.
Edit: why you need to care about demands from IAB I dont know, but you probably have a reason
Their demands are completely countering privacy and will only make our CMP more hostile towards users and less privacy oriented. It's ridiculous. But they have this alignment with Google and so you have to do what they say.