In the Privacy Soapbox, we give privacy professionals, guest writers, and opinionated industry members the stage to share their unique points of view, stories, and insights about data privacy. Authors contribute to these articles in their personal capacity. The views expressed are their own and do not necessarily represent the views of Didomi.
Do you have something to share and want to take over the Privacy Soapbox? Get in touch at blog(at)didomi.io
I was recently asked by the Association of Online Publishers (AOP) to participate in their “Ask the associates” series, answering the question, in 100 words, “How can premium publishers turn privacy into a competitive advantage?” When putting together my answer (which you can read here), I realised there was much more I wanted to say….well, more than 100 words anyway.
In my role as Managing Director UK & Ireland at Didomi, and before that at Sourcepoint (who are now part of Didomi for those who haven't been following), I have worked with most of the major publishers in the United Kingdom, and have observed attitudes and perceptions toward data privacy change over the years, from being a regulation-driven cost center to becoming a mission-critical part of their technology stack. Nothing happens without consent.
The conversations I have with publishers every week keep circling back to the same questions, and this article is where I've tried to answer them properly.
User trust has become a commercial signal for publishers
Trust gets talked about a lot on conference panels, privacy circles and in the boardroom. It’s clearly part of the customer relationship that all organisations must value, but while it's easy to say, it’s difficult to deliver and equally hard to measure. However, in the context of publisher-audience relationships, trust does produce something concrete: user consent.
When users trust a publisher, they consent to data collection at higher rates. According to Didomi's 2026 State of Data Privacy benchmark, media and publishers lead all industries in European consent rates, at 82.7%. It can therefore be argued that Publishers are more trusted than many (all?) other industries.
This obviously runs counter to themes of “fake news” and disinformation, but this is what the stats say and is no doubt a reflection of years of audience relationship-building, brand investment, and increasingly deliberate privacy UX. And when consent rates are high, everything downstream improves, from programmatic yields to the impact of first-party audience segments, and the ability to activate data in a privacy-preserving way.
I’ve seen this play out most clearly with consent or pay models. A significant majority of major UK digital publishers have now deployed this model, and the results are measurable. Giving users a genuine, transparent, value exchange-driven choice produces higher-quality consent, is more valuable to advertisers, and is more durable when building a relationship with your audience.
Preference management extends that logic further by moving the conversation beyond tracking permissions into understanding what users actually want to hear and how they want to be marketed to and communicated with. For premium publishers building subscription and direct revenue models, that distinction matters, and a user who has actively told you what they want from you is a fundamentally different commercial relationship than one who simply didn't opt out.
First-party data, AI, and why data quality is now a strategic moat
The AI conversation in publishing tends to focus on threats, including content scraped at scale, organic traffic disrupted by AI-generated summaries, and advertising models under pressure. Those concerns are legitimate, but there's a less-discussed dimension in which publishers with strong consent practices are better positioned than they might realize.
The great paradox of this moment is that AI is particularly data-hungry. It needs data to learn, understand, predict, and automate, while the quality of available data is actually deteriorating.
- Romain Baert, Managing Director, Server-Side at Didomi (Source: AI won't save a poorly instrumented marketing operation, Didomi blog)
AI applications are only as good as the data that feeds them. A personalisation engine or recommendation model built on consented, well-structured first-party data will consistently outperform one built on whatever signals survived the last browser update or a consent rejection. Publishers who know exactly what they're collecting and can account for what they're not collecting have a genuine edge when it comes to deploying AI in a way that actually works.
First-party data, properly consented and well-instrumented, is what makes that readiness possible. It's also already within reach for most premium publishers.
The ICO is watching, and so are other global regulators
The UK's regulatory environment has never been static, and the Information Commissioner’s Office (ICO) has been particularly active in the publishing and adtech space. Publishers who treat compliance as a one-time project rather than an ongoing practice tend to find themselves exposed when the ground shifts.
Case in point, a few weeks ago, when the ICO published its formal advice to the government on potential changes to Regulation 6 of the Privacy and Electronic Communications Regulations (PECR), proposing a "first-party framework" that would allow certain lower-risk advertising practices to operate without the explicit consent currently required. As the regulator put it:
People rightly expect high standards of transparency and control in relation to online advertising.
- William Malcolm Executive Director, Regulatory Risk and Innovation at the Information Commissioner’s Office (source: Our advice to government on potential changes to online advertising rules, ICO website)
Crucially, no legal change has been made yet, and current PECR rules remain in force. But we can already predict that publishers who've built flexible consent infrastructure will adapt when changes come, while those locked into rigid implementations will react under pressure, at a cost.
And the ICO is only part of the picture. Many premium UK publishers serve significant US audiences, which means they're operating in a multi-jurisdictional environment, whether they've planned for it or not. The growing patchwork of US state privacy laws creates real obligations for publishers whose audiences cross borders, and that list is only getting longer.
Platform complexity adds another dimension to this. Several of the large media groups we work with in the UK operate across web, connected TV, and mobile apps. Delivering consistent, compliant consent experiences across all of those surfaces requires a level of technical sophistication that a generic banner solution doesn't provide. Publishers who've solved that problem are in a materially different position from those still treating consent as a web-only concern.
Server-side tracking: where privacy and performance meet
The part of this conversation that tends to surprise publishers most is server-side tracking. Privacy and performance don't always feel like they belong in the same sentence, but the connection is more direct than most people expect.
Moving tag infrastructure server-side reduces the number of third-party scripts running on the page, gives publishers more control over what data is collected and shared, and produces a cleaner, more auditable consent signal. The performance case is what makes it commercially urgent, as publishers using server-side infrastructure for conversion tracking have seen measurable improvements in return on ad spend, particularly for subscription and events-driven revenue models where conversion accuracy is critical.

Most publishers are still running primarily client-side tag infrastructure. That creates a real window for early movers, and it won't stay open indefinitely as the ecosystem catches up.
There's also a trust dimension here that's easy to overlook. A publisher who can tell an advertiser exactly how their tags are firing, what data is being collected, and how the consent signal flows through the full stack is a more credible, more valuable partner. Compliance monitoring is the difference between assuming your consent solution is working and actually knowing it is.
For premium publishers, privacy is the infrastructure that makes everything else work
The publishers who've turned privacy into a competitive advantage are treating it as the foundation on which everything else runs.
By doing so, their consent strategy sits closer to the revenue conversation, first-party data is treated as an asset to be maintained, and regulatory change becomes something you absorb rather than scramble to respond to. And when a fresh ICO ruling, a new US state law, or an AI tool that needs clean data lands on your desk, the answer is already mostly in place.
Genuine audience trust, built over years, is something most businesses can only approximate. For premium publishers, it's already there, but the question is what they're doing with it.








.avif)





