In early 2017, I wrote a couple of posts where I described the problem of data leakage in the ad tech industry and I proposed a solution: publishers should list their Trusted Data Partners and require the ad tech ecosystem to only send the publisher's data to companies on this list. While I had GDPR in mind when I wrote these posts, I'll admit that I was just beginning to understand the regulation and its implications on ad tech.

Over the spring and summer of 2017, this basic idea of Trusted Data Partners evolved. It was evaluated by the OpenRTB 3.0 steering committee for inclusion in the OpenRTB 3.0 spec, and made it in - see the tdp element. However, as the industry began to address GDPR, the need for publishers to control the use of their data went from "nice to have" to existential. The basic ideas of TDP formed the foundation for the IAB Transparency and Consent Framework. After months of negotiation and iteration, the industry seems to have adopted both the principle of TDP - that publishers should decide who gets their data, that consumers should be aware of these decisions, and that ad tech companies must abide by these decisions - and actually begun to implement it. What's more, the technology needed to implement GDPR protections will also help publishers prevent data leakage across the internet.

A few takeaways from this experience:

Government can be effective in regulating the internet. While it is tempting to denigrate government's ability to set policy, especially in the technology arena, GDPR worked. It caused industry to adapt its practices to protect consumers, and did so without destroying the internet (at least, so far!)

Industry groups have a critical role in aligning industry. When IAB Europe and the IAB Tech Lab agreed to work together on the Transparency and Consent Framework, it brought publishers and ad tech companies together to solve a problem in a collaborative way.

It feels good to be part of solving an important problem. At my last board meeting I was asked "why not just sit back and let other companies lead the way on GDPR? Wouldn't that be a lot easier?" I thought for a moment and responded: "AppNexus is the largest independent company in the industry. The largest publishers in Europe trust us to be their technology partner. There's nobody else to follow here, and if we don't set an open standard, then we're stuck hoping Google gets this right." That's true. But it's more than that. Our mission at AppNexus is to "create a better internet". By helping to create the IAB Transparency and Consent Framework, we did just that.

I write this epilogue not for pride of ownership but to acknowledge how special it is to be part of something so significant for our industry and for the internet. Over the past 18 months there have been tens of people who have taken this idea far beyond where I started with it. I'd especially like to thank Steve Truxal, Julia Shullman, Ben John, and Andrew Sweeney from AppNexus; Towney Feehan, Matthias Matthiesen and the rest of IAB Europe team; Dennis Buchheim and Jennifer Derke from the IAB Tech Lab; Wil Schobeiri and Alice Lincoln from MediaMath; Ari Levenfeld from Sizmek; Ingvild Naess and Christer Jones from Schibsted; Johannes Fenner and Timo Nolte from Axel Springer; and Wil Hutchinson and Mary Russell from MailOnline for their tireless work on the Transparency and Consent framework.