In normal life giving consent is a fairly simple concept. It would just be answering a question by saying yes or no. Consent in terms as described by the GDPR is more complicated. Obtaining valid consent could impose certain challenges on what in daily life would be normal situations. A normal situation which becomes complicated in relation to the GDPR, is just using a website. Most websites have all kinds of third party tracking, profiling or retargeting scripts installed. If that is the case, GDPR requires consent of the user.
In order to obtain and document explicit consent of website users which could be easily revoked or adjusted, a technical solution is needed. Such a system can be developed in-house, however the system would need a lot of maintenance and technical and legal updates. Therefor It could be a lot more convenient to use a specialized consent management platform (CMP) like CookieFirst.
Characteristics of CookieFirst as a CMP Consent Management Platform
Consent management platforms for website technology have not been around for so long. In this article we discuss some characteristics from a legal and technical point of view which should be considered when choosing a consent management platform or CMP for Cookies.
CookieFirst is a Usercentrics alternative for consent management.
Server location and documented consent
The current legislation requires to document consent and the ability to offer proof of consent. Therefore it is important to store consent not on client-side but on server-side. And also the data in which consents are stored should be on servers that are physically on EU soil. The CMP for cookies should also offer the ability to store consent data on premise. CookieFirst and Usercentrics store consent in European datacenters.
Giving and revoking consent | Usercentrics alternative
The online user should have the ability to give consent clearly and freely. Both options accepting and rejecting should be clearly offered. Also cookiewalls that prevent the user from interacting with the website before consent could be given, are not compliant. CookieFirst and Usercentrics are aiming to make this process as smooth and transparent as possible. Both products of CookieFirst and Usercentrics are very flexible and give the technical foundation to be compliant. But in the end it is always up to the customer what the CMP’s frontend will look like to the user.
Loading scripts and cookies | Usercentrics alternative
Only after a valid opt-in, scripts that require consent should be loaded. These scripts should not be loaded anymore after opt-out. It would not be really convenient to send the user to a third party website to withdraw consent. Withdrawal should be an easy and smooth process in order to keep user experience at the highest level possible. The products of CookieFirst and Usercentrics both offer this core functionality.
UX/UI design | Usercentrics alternative
A good CMP offers extensive ways to customize styling of the frontend. If the design of the frontend fits the website or the platform it’s used on, the user would probably be less annoyed by the preferences panels and banners. At least you can make it look nice and blend in with the platform it is used on. Just as the Usercentrics platform, the CookieFirst CMP offers great ways of styling your consent banner frontend. It is up to you as our client how you configure and style your cookie banner.
Not just cookies
Apart from for instance tags, also for embedded content and plug-ins consent should be required. (Like YouTube embeds) Whether these integrations would need consent depends on factors like transfer of data to non-EU countries, to the US for example. In that case you are obligated to get consent for use of them. Both the Usercentrics and the CookieFirst consent management platform offer ways to block all kinds of elements and content on your website.
Privacy by design – Usercentrics Alternative
During the processing, the consent data must be stored separately in order to prevent the consent management platform from becoming another data hungry third party itself. A CMP should not be able to match consents of a single user with consent on other websites. Profiling activities like that require consent themselves. That is why both Usercentrics and the CookieFirst CMP offer ways to either choose to enable cross-domain consent or not.
Just as Usercentrics, the Cookiefirst CMP is developed to be compatible with any web technology, E-commmerce platform or CMS. Cookiefirst can for example be used on every website that has the possibility to place a code snippet preferably at the top of the <head> section.
Agile and flexible
The landscape of the privacy laws is still changing. So whenever there is a verdict of privacy authority that has impact on the rules for loading tags and scripts, the CMP should be able to quickly reshape the functionalities of the platform. Just as Usercentrics, the CookieFirst CMP has proven to be very agile and flexible in terms of adjusting to new regulations and verdicts of authorities. We quickly respond to any required changes and keep ourselves up to date on renewed regulations. However, we have to say that the way how you make your frontend of the CMP appear to your visitors, is up to you.
Only to obtain consent
The CMP provider should have only 1 business purpose; to obtain consent. If a CMP provider is persuing other purposes it could be the case that consent data will be used to persue these purposes. Just as Usercentrics, the CookieFirst CMP’s sole business purpose is to obtain consent. Another thing we have in common.
The current regulations require consent to use third party scripts to be granular. In order to meet the principles of minimalism, consent should only be obtained for third party technologies that are used on the website in question. With minimalism in mind, how can you ask consent for an entire list of over 300 vendors, like the IAB solution implies? That is why it is also possible with both CookieFirst and Usercentrics to choose granular consent at both category and service level.
Current state of affairs
In short, all organisations that use tracking technologies and cookies on websites that serve European users need to comply with the European GDPR, ePrivacy, the Californian CCPA and other extraterritorial privacy laws. In reality it would mean that almost all organisations in the world that use profiling or tracking would need a consent management platform in order to be compliant.
CookieFirst can be your Usercentrics alternative. Both can offer the appropriate ways to be compliant. CookieFirst can make consent management easy and affordable. With the ePrivacy Regulation coming up CookieFirst is constantly looking for ways to make consent management acceptable for marketeers and staying compliant with current and new regulations.