Growl
4 min read

Consent stops being a banner when the user just asked

Privacy on the open web leaked because the surface leaked. AI products aren't the same surface — and the privacy posture shouldn't be either.

privacy consent thesis

Every privacy regime on the open web has the same structural flaw: it’s implemented as a banner. The user loads a page, sees a modal they didn’t ask for, clicks the button that makes it go away, and the site drops the cookies it was going to drop anyway. Consent, as practiced, is a reflex in the user’s wrist.

AI products don’t have to work this way. They have something the open web never did: an explicit statement of what the user wants, in their own words, at the moment they want it.

When someone asks an AI assistant for a running shoe recommendation, they have told the system, unambiguously, that they are interested in running shoes. No tracking pixel, no third-party cookie, no cross-site identity graph. Just a sentence. The signal is stronger than anything GDPR was built to regulate, and it arrives without the surveillance infrastructure that made regulation necessary in the first place.

This changes where consent has to live. You don’t need a banner to ask “can we use what you just told us to pick a relevant ad?” — the user gave you that context voluntarily, to this specific product, for this specific purpose. The question becomes narrower: what are you allowed to do with that signal beyond the response the user asked for?

The useful answer, for most products, is: nothing. The intent signal stays on the server, gets matched against an ad auction, and is discarded. No cross-session profile. No identity graph. No third-party syndication. The ad decision happens, and then the context evaporates.

Server-side enforcement is the default, not the compromise

On the open web, “server-side” ad decisioning is a privacy feature you opt into. On an AI surface, it’s the only option. The client — a chat bubble, a voice interface, an agent action — doesn’t have the hooks to run a traditional ad tech stack even if you wanted it to. There’s no iframe, no cookie jar, no pixel fires.

That turns out to be an advantage. The ad decision happens inside the publisher’s own trust boundary, visible to their logging and auditing, with no third-party scripts executing in the user’s session. If a DSP wants to bid on a moment, it sees only the fields the publisher chose to expose — not the full user prompt, not the model’s response, not any identifier the publisher didn’t volunteer.

The RTB ecosystem has a model for this already: the Magnite-style unified auction, where the SSP enforces privacy rules before any bid request ever reaches a DSP. Bring that discipline to conversational surfaces and most of the compliance machinery web ads have been duct-taping together for a decade becomes unnecessary.

What changes for advertisers

Advertisers used to building audiences out of third-party cookies lose access to a tool they were already losing. In exchange, they get access to intent signals that are cleaner and more immediate than anything a DMP ever produced.

The buying motion changes shape:

  • Less reliance on audience (“people who’ve visited sites about running”)
  • More reliance on context (“people currently asking about running shoes”)
  • Measurement shifts from view-through/click-through attribution toward model-level lift studies, because there’s no persistent identifier to attribute against

For a lot of the buy side, this is closer to CTV buying than to display buying. The identity model is coarser, the contextual model is stronger, and the measurement is probabilistic rather than deterministic.

At the product layer, it means being explicit about a small number of things:

  1. When an ad is present, the user can see that it is an ad
  2. The ad decision only uses the current conversation, not a cross-session profile, unless the user has separately opted into something more
  3. The publisher, not a third-party tag, controls what leaves their server
  4. The user can turn advertising off, and the product still works — ads can fund the free tier, but they shouldn’t lock out functionality

Those four commitments don’t require a banner. They require the product to mean what it says.

The irony of the last decade is that the web’s consent banners got progressively louder as the underlying privacy story got progressively worse. On AI surfaces, we have a chance to do the opposite: a privacy story that’s strong enough to barely need explaining.