Consent Hack Day at Media Lab

Event site:


Functional Aspects

  1. Provide individuals an easy to use method for expressing they do not consent to add tracking in a way that services must comply with

  2. What is the policy? (Content)

  3. How is the policy rendered for user independently of whoever created it? (format, language, display)

  4. How is the policy coded? (Which bits mean what?)

GDPR Connection

Other considerations

… carrots for the ad industry

Technical Aspects


IABE Cookie Format:

JSON file for purposes & vendors (from above link):

IAB JS Library:


Registered CMPs

Organizations who could participate

Quick Hack Teams

hang out link:

Business: Describe “Go to Market” Use Case in Engineerable Way

End of Day Report Outs

Business (Go-to-Market)


Buildable description (scope)

Narrative to Technical Engineering Teams

Narrative to Users (Tech Wizards and Muggles)

Go to Market

Possible promotional partners


Data Subjects

Technical (Hack the Cookie)

Table to be updated! Link above up to date

Purposes IAB E Says Customer Commons Says
  Storage and access of information You can ask us to delete/forget when you want
  Personalisation Tracking (GDPR: Profiling)
  Ad selection, delivery, reporting My topic prefs and exclusions
  Content selection, delivery, reporting Where do I see the logs?
  Measurement Only aggregate info allowed (at least c. 10 subjects)
  Matching Data to Offline Sources You won’t use my data to correlate me with my offline self
  If you link my devices through pivotal data points I supply implicitly or explicitly, you will notify me?  
  Precise Geographic Locations  

Basic Chrome Extension demonstrating cookie setting mechanism:

Legal (Terms and Rules)