In normal life giving consent is a fairly simple concept. It would just be answering a question by saying yes or no. Consent in terms as described by the GDPR is more complicated. Obtaining valid consent could impose certain challenges on what in daily life would be normal situations. A normal situation which becomes complicated in relation to the GDPR, is just using a website. Most websites have all kinds of third party tracking, profiling or retargeting scripts installed. If that is the case, GDPR requires consent of the user.
In order to obtain and document explicit consent of website users which could be easily revoked or adjusted, a technical solution is needed. Such a system can be developed in-house, however the system would need a lot of maintenance and technical and legal updates. Therefor It could be a lot more convenient to use a specialized consent management platform (CMP) like CookieFirst.
Characteristics of CookieFirst as a CMP Consent Management Platform
Consent management platforms for website technology have not been around for so long. In this article we discuss some characteristics from a legal and technical point of view which should be considered when choosing a consent management platform or CMP for Cookies.
CookieFirst is a Usercentrics alternative for consent management.
Server location and documented consent
The current legislation requires to document consent and the ability to offer proof of consent. Therefore it is important to store consent not on client-side but on server-side. And also the data in which consents are stored should be on servers that are physically on EU soil. The CMP for cookies should also offer the ability to store consent data on premise. CookieFirst, as a Usercentrics alternative, stores consent in European datacenters.
Giving and revoking consent | Usercentrics alternative
The online user should have the ability to give consent clearly and freely. Both options accepting and rejecting should be clearly offered. Also cookiewalls that prevent the user from interacting with the website before consent could be given, are not compliant. CookieFirst, as a Usercentrics alternative is aiming to make this process as smooth and transparent as possible.
Loading scripts and cookies | Usercentrics alternative
Only after a valid opt-in, scripts that require consent should be loaded. These scripts should not be loaded anymore after opt-out. It would not be really convenient to send the user to a third party website to withdraw consent. Withdrawal should be an easy and smooth process in order to keep user experience at the highest level possible.
UX/UI design | Usercentrics alternative
A good cmp offers ways to customize styling of the frontend. If the design of the frontend fits the website or the platform it’s used on, the user would probably be less annoyed by the preferences panels and banners. At least you can make it look nice and blend in with the platform it is used on.
Not just cookies
Apart from for instance tags, also for embedded content and plug-ins consent should be required. (Like YouTube embeds) Whether these integrations would need consent depends on factors like transfer of data to non-EU countries, to the US for example. In that case you are obligated to get consent for use of them.
Privacy by design – Usercentrics Alternative
During the processing, the consent data must be stored separately in order to prevent the consent management platform from becoming another data hungry third party itself. A CMP should not be able to match consents of a single user with consent on other websites. Profiling activities like that require consent themselves.
As a Usercentrics alternative, Cookiefirst is developed to be compatible with any website platform or cms. Cookiefirst can be used on every website that has the possibility to place a code snippet right after the body-tag.
Agile and flexible
The landscape of the privacy laws is still changing. So whenever there is a verdict of privacy authority that has impact on the rules for loading tags and scripts, the CMP should be able to quickly reshape the functionalities of the platform. Usercentrics alternative CookieFirst has proven to be very agile and flexible in terms of adjusting to new regulations and verdicts of authorities.
Only to obtain consent
The CMP provider should have only 1 business purpose; to obtain consent. If a CMP provider is persuing other purposes it could be the case that consent data will be used to persue these purposes. As a Usercentrics alternative, CookieFirsts sole business purpose is to obtain consent.
The current regulations require consent to use third party scripts to be granular. In order to meet the principles of minimalism, consent should only be obtained for third party technologies that are used on the website in question. With minimalism in mind, how can you ask consent for a entire list of over 300 vendors, like the IAB solution implies?
Current state of affairs
In short, all organisations that use tracking technologies and cookies on websites that serve European users need to comply with the European GDPR, ePrivacy, the Californian CCPA and other extraterritorial privacy laws. In reality it would mean that almost all organisations in the world that use profiling or tracking would need a consent management platform in order to be compliant.
CookieFirst as a Usercentrics alternative offers the appropriate ways to be compliant and making consent management easy and affordable. With the ePrivacy Regulation coming up CookieFirst is constantly looking for ways to make consent management acceptable for marketeers and staying compliant with current regulations.