What Is a Consent Management Platform?
29 Nov 2021
Share this post
A Consent Management Platform (CMP) is a solution used by websites and mobile applications to manage and store the consent of their users for collection and use of their personal data. CMP's help organizations to comply with privacy regulations such as GDPR and CCPA by providing a centralized solution for managing and documenting user consent.
Create Better Customer Experiences With Simple, Cost-Effective Solutions That Satisfy Data Privacy Regulations
Consent management platforms are emerging as vital tools to help all sides of a company better engage with customers while also creating more pleasing website visitor experiences. These tools, also known as CMPs, are becoming more popular as both consumers and marketers address growing concerns over consumer privacy and a raft of new regulations around the world, and particularly in Europe.
Put simply, a consent management platform is a website scanner that detects and controls cookies, which are the tools that collect and handle personal information. For websites, cookies remember settings, can fill forms in one click, allow precise customer targeting, and more. The General Data Protection Regulation (GDPR), which went into effect in 2018, prompted companies around the world to take consumer consent far more seriously than they had been, especially when it comes to data collection, data storage, and data use.
For smaller sites with fewer assets and marketing campaigns, GDPR means they need to rethink some old habits to comply with the rules, but for larger sites and larger businesses, and those with higher volumes of traffic, a more methodical approach to remain GDPR compliant is needed. For many website managers, that more methodical approach is a consent management platform.
What Is a Consent Management Platform?
Consent management is a process that can be employed to help a website meet GDPR regulations. It helps obtain user consent to collect their data during website and webpage visits. Properly used, a consent management platform automates the consent management process and makes it easier to be GDPR compliant.
Consent management platform tools are becoming standard for many websites, and it is likely you have seen them pop up when you visit a new website or return to a site you have not visited in a long time. This is especially true if you are visiting a website based in Europe or have an IP address linked to a state like California.
Consent management platforms are typically popups or privacy notices that satisfy proof of consent and notification that customers agree to share their personal information. In addition to storing proof of consent and preference choices, they handle visitors who request to alter the data that websites collect and can provide additional transparency into how a site collects and uses personal data.
Privacy notices vary somewhat between sites. Some ask for a visitor to accept or decline various cookies for the purposes of data collection, while others require more permission from visitors when they want to use data that some people like to keep private, such as location data. Others simply let visitors know that their data are being collected.
When Is User Consent Required?
According to GDPR, there are six legal reasons why a business may gather data from its customers, including:
- Consent: The visitor gives permission for an organization to process their personal data for one or more activities. The consent must be clear, freely given, and easy to revoke.
- Performance of a contract: Data that must be processed in order to perform a contract.
- Legitimate interest: Data processing that a user would normally expect from an organization that the user gives personal data to.
- Vital interest: Data that must be processed in order to save a person’s life — this is most commonly seen in medical care situations and is a rare designation.
- Legal requirement: Data that must be collected out of a legal obligation, such as data for information security, employment, or a consumer transaction law.
- Public interest: Data collection and processing initiated by a government entity or organization acting on the behalf of a government entity.
European Data Privacy Rules vs. California Data Privacy Law: What You Need to Know
While GDPR is perhaps the best-known data privacy protection law, the California Consumer Privacy Act of 2018 (CCPA), which went into effect in 2020, is the first comprehensive consumer privacy law in the U.S. CCPA is similar to, though not the same as, GDPR.
CCPA regulators any for-profit entity doing business in California that:
- Has gross revenue greater than $25 million
- Annually buys, receives, sells, or shares the personal information of more than 50,000 consumers, households, or devices for commercial purposes
- Gets 50 percent or more of its revenue from selling consumer personal data
In comparison, GDPR has a much broader scope and territorial reach than GDPR, and substantially different parties are regulated. The protections they offer are similar, and both have potential extraterritorial effects on businesses located outside their borders. Pseudonymization definitions in both laws are similar and require technical controls to prevent reidentification. Both security and privacy notices are substantially similar, but the opt-in rules and how children are handled are quite different.
For the California law, businesses must include a “Do Not Sell My Personal Information” link in a clear and conspicuous location on the website’s homepage. GDPR does not include a specific right to opt out of personal data sales but does contain other rights, and does permit visitors at any time to opt-out of processing data for marketing purposes and withdraw consent for processing activities.
For children in California, the law prohibits the selling of personal information of a consumer under 16 without consent, but children aged 13 to 16 can provide consent. Those under 13 require parental consent. The GDPR’s default age of consent is 16, although individual European member states may lower that to no lower than 13. The person with parental authority must provide consent for children under the consent age, and children must receive an age-appropriate privacy notice.
Consumers Overwhelmingly Support Data Privacy Protections
The differences between the Californian and European laws shows how fragmented data privacy laws can become and illustrates why businesses need to take a broad approach to managing customer information. Waiting until after laws have been passed means being one step behind legislation — and your competitors. These laws also serve to illustrate that governments cannot keep up with the pace of technological advancement and that the people responsible for implementing the laws rarely understand how technology works and where it is headed.
Consumers globally are increasingly coming to support the idea that data privacy should be protected by law, and the vast majority want the ability to opt out of site tracking and sharing their personal information. While most consumers are not yet aware of data privacy protection laws, that is slowly changing. Many companies, such as Mozilla and Microsoft, are moving to make new privacy protections available to all users no matter where they are.
Reasons Why You Might Need a Consent Management Platform
While consent may be required by law, it can also help you expand and extend your monetization strategies and grow your business. There are dozens of CMPs operating today, with leading companies offering a wide variety of tools and services, including:
- Data governance
- Third-party risk management
- The ability to easily control, customize, and manage consumer consent preference
- Intuitive user interfaces
- Easy consent document management
- Compliance with other privacy rules such as the California Consent Privacy Act (CCPA) and the Brazilian General Personal Data Protect Law (LGPD)
The best CMPs provide proof of compliance and supply an easy-to-access audit trail that sites can use to demonstrate comp[liance and protect themselves from fines. The best CMPs will also allow users to customize the look and feel of their consent forms, including banner placement location.
Even if companies operate in a location not governed by data privacy protection laws, they should be aware of these laws and new developments — oversight is likely to come sooner rather than later. But compliance can also help to serve as a long-term strategy for building customer trust. This is illustrated by research results into why consumers choose to accept cookies requests:
- They are familiar with the brand or with the business
- They want to view the content
- It will make logging in easier
- They get to see personalized content
See What CookieHub Can Do for Your Consent Management
CookieHub marks cookie consent management simple. It is a full-featured CMP that uses a widget added to your website to automatically categorize and generate a cookie declaration listing, with end users given the ability to allow or deny cookies. CookieHub remembers that decision, smoothing the sign-on process and enabling the delivery of customized content to visitors.
CookieHub boasts a long list of standard and premium features, and full compliance with GDPR, LGPD, and CCPA. Pricing is surprisingly affordable, with 1,000/month sessions and a 500-page scan package for less than €30 a month.
Contact the pros at CookieHub today to learn more.