Takeaways:
- Be aware of the data laws that relate to your country and business regions of operation (consult with legal counsel)
- Offer your users the correct consent options, protections, and awareness.
- Make sure your privacy page is up-to-date
Meaningful Consent “silence or inactivity does not constitute consent”-Recital 32 GDPR
What is meaningful consent and why is it important?
Since the launch of GDPR notification and enforcement in 2018, the industry has been busy working to understand the many properties that encompass not just consent but meaningful consent.
What meaningful consent offers is a framework for greater protections of European data subjects’ rights and clarifies the role and responsibilities of companies that process personal data and what efforts are ongoing for safeguarding these rights. But before you go into the rights that all companies and organisations that deal with data relating to EU citizens must ensure, first a publisher must have meaningful consent.
Best practices for meaningful consent
With this need in the industry to clearly communicate with users, Cookie Management Platforms (CMPs) offer a bridge. The responsibility of that “bridge” is on the domain/company; the CMP is only offering a tool. When examining the role of CMPs it is important to remember that they are there to answer the question for advertisers and publishers of how to target, engage, discover, and grow.
They are also present for the user to inform, empower, and bind the publisher to the user’s choices, and provide protection. The CMP is there to help do all of that, safely, and merge publisher interest to ensure that the user’s choices allow them to optimize monetization possibilities. With a closer look, we are able to see the little choices that CMPs and publishers are making to gain consent.
The user arrives at this page and the cookie toast is welcoming and not over branded. The notice is there to serve the user with a clear awareness of how their data will be collected and used. There is no pressure to select either option provided, the user is free to choose.
The user arrives at this domain and is greeted with a direction rather than a notification. The user sees the highlighted box and has been conditioned to click before reading. This type of consent presentation is very common. However, it is not what the GDPR would refer to when requiring meaningful consent. The user can not be directed or have choices made for them.
On this domain, the user arrives and the cookie toast is already filled in with the accept button highlighted and ready to go. This type of “setting the table” for a user is against GDPR regulations. The cookie toast can not come with choices already made for the user. The user must be allowed to freely engage and select what choices they want for their data.
In this last and final example, we can see that the cookie toast guides the user using the same technique that would guide a user to accepting but instead the user here is directed to manage their cookie settings. This type of transparency is welcoming to users and allows for clear value exchange between the user and the publisher.
Data awareness and data responsibility is ultimately on both the user and the publisher. The task seems insurmountable, with new laws and technology being introduced rapidly. How can anyone keep up? The current state of CMP- GDPR notifications are an array of options in need of standardization to help limit the abuse of personal data.
With too many examples of cookie toasts that pressure users to accept or offer no option to refuse, the move towards standardization can build back transparency and trust where we need it. The GDPR has been clear from its initial release that the foundation goal was to establish between domains and users – clear meaningful user consent for all data collection.
As new data laws across the US are adding their voice to shape the future for the potential of a Federal Data bill. The US states have chosen to add to where GDPR potentially leaves off, by adding clear Enforcement and Duty of Care, both shaping Data Rights with clear accountability and responsibility.
Meaningful consent is eventually a common denominator for both users and publishers to fulfill their need for trust and transparency. In this age of data awareness, a domain’s cookie toast is the front door to a publisher’s site and a user’s first experience with a domain.
This moment is not for reminding your user where they landed or finding another way for them to sign up for service. Filling the cookie toast with company logos or long lists of options is a sure way to overload your user. The notice should be simple and clean. The notice should give no pressure but rather offer an accessible way to clearly manage what data the publisher is asking the user permission for.
Click here to read part 2.
About the author: Ryan Rakover is the head of our Trust and Safety efforts at Total Media Solutions. One of the things Ryan enjoys the most in his role as a publisher’s strategic partner is the challenge of bringing policy from a place of rules and standards to delivering solutions to clients to improve their client’s bottom line. Find Ryan on LinkedIn or reach him by email.
References:
IAB Europe suspends consent management firms as global privacy authorities signal tougher action, Digiday.com
Ad trackers continue to collect Europeans’ data without consent under the GDPR, say ad data detectives, Digiday.com
IAB Europe suspends consent management firms as global privacy authorities signal tougher action, Digiday.com
EDPB Establishes Cookie Banner Taskforce, Which Will Also Look Into Dark Patterns and Deceptive Designs, the National Law Review
Massachusetts has a chance to clean up our national privacy disaster, bostonglobe.com