Have you heard the expression "data is king" before? Allow us to complement it by saying that consent is the queen and advertising is the kingdom. Today, we'll introduce you to consent management and tell you all about its importance to the ad industry.
The right data delivers a competitive advantage for businesses. Take the example of Netflix. The company commissioned the major hit House of Cards solely based on consumers’ viewing habits — they didn’t even watch the pilot beforehand.
In the ad industry, websites’ ad revenue is higher when they can provide advertisers with user data. That’s why consent management is essential for websites that run ads — collecting user data requires gathering and managing user consent.
Let's start by defining the concept of consent management.
What Is Consent Management?
Consent management is a process that enables your users to define what personal data website owners can collect and how this data can be used.
Not many years ago, you could collect a wide range of personal data through cookies in web browsers. But things have changed since then. Currently, data privacy legislation imposes restrictions on gathering personal data — on both sides of the Atlantic.
As a result, websites are responsible for
- Collecting and managing user consent
- Informing users about which personal data they collect and store and what they'll use it for
Find out below how the whole content management operation works.
What a Consent Management Process Looks Like
A consent management process facilitates consent collection and logs consent in a way that enables advertisers to access user data. This is done via a consent management platform (CMP). A CMP asks users' permission to collect and store their personal data. Attached to that request is a notice that tells the user how their data will be used.
A consent management process should consider how user data is used. If a company uses personal data for different purposes — such as advertising or customer service — it should request consent for each purpose separately.
To obtain informed consent, companies should use plain language when telling users how their personal data will be used.
In addition, a user should be able to manage their data privacy preferences. This means the user should be able to:
- Ask for and receive a copy of their personal data stored by the company or website
- Ask for and get the company or website to delete their data
- Change how often they receive communications from a company or website
Next, we’ll look at how data privacy regulations differ from each other.
The Differences in Consent Management Rules According to Legislation
Depending on the data privacy legislation, the user doesn't always need to give explicit consent for using their personal data. For instance, GDPR follows an opt-in approach, whereas overall, CCPA follows an opt-out approach.
By complying with an opt-in approach, a company can only use personal data when the user explicitly and freely gives their consent. In May 2020, the EU updated GDPR's guidelines on user consent to clarify that it must be sufficiently informed and explicit. In advertising, this means that personalizing ads requires publishers to be perfectly transparent on the collection, storage, and usage of personal data.
On the other hand, an opt-out approach allows a company to use personal data unless the user withholds permission.
There's an exception to the opt-out approach of CCPA, and that's children's personal data. In this case, CCPA follows an opt-in approach.
Regardless of the data privacy legislation, a user should always be able to withdraw consent later without any penalty.
So far, you learned that consent management is a process that depends on legislation. Stick with us now to better understand the value and impact of consent management.
Why Is Consent Management Important?
Consent management should be top of mind for several reasons. Here they are:
1. Legal Fines
Reason number one for consent management is avoiding legal fines. An appropriate consent management process prevents companies from wasting a portion of their overall turnover on non-compliance fines and having to respond to user complaints.
This is what happened recently to a few companies that didn't comply with data privacy legislation:
- Amazon Europe got a €746 million fine for failing to use adequate consent management with its targeted advertising system
- Google and Facebook together received €210 million in fines for deliberately making it difficult for users to refuse cookies
- Grindr was issued a €6.5 million fine for disclosing personal data to advertising partners without consent that users could withdraw
2. Higher Bids From Advertisers
Advertisers are continuing to bid less when users do not provide explicit consent. In contrast, when consent is present, advertisers are bidding significantly more. As the industry continues to move in this direction, we advise website owners to become compliant and use a Consent management platform (CMP).
3. User Complaints
Whether the applicable legislation is GDPR or CCPA, users can file a complaint with a legal authority if they consider a website isn't processing their data in a compliant manner. For instance, users will most likely assume that you violated the legislation if you don't request consent via a CMP.
Some users might request the website owner to take corrective measures. Others will go straight to Google or the local legal authority.
The best way to keep legal penalties away is to have a consent management system in place. For that, you need a consent management process and a CMP to help you out. Snigel’s AdConsent CMP is purpose-built for publishers that rely on ad revenue. It’s IAB approved and TCF2.0 compatible. Get in touch with our team to find out how you can integrate it into your website.
4. Reputation and Trust
When a company gets a non-compliance fine, it'll have to fix the issue that caused the infraction. This translates to defining and implementing a consent management process.
In addition, a non-compliance fine damages a brand's reputation, which decreases users' trust in the brand. And the most challenging thing a fined company has to do is build back its reputation and earn back the trust of its users.
It's time to focus on the advertising industry and unfold how consent management is so important for improving website ad revenue.
The Role of Consent Management in Advertising
If you want to comply with data privacy legislation, you must ask your users for permission to use their data for advertising via a CMP. In addition, you must offer them the means to change or withhold consent.
Web Cookies
Behavioral marketing targets leads, prospects, or customers according to their browsing behavior on a brand’s website. Web cookies are a behavioral marketing mechanism. They enable websites to track users as they browse around the internet. Web cookies are small pieces of data that a website adds to a user’s browser.
Whereas first-party data cookies remain a privacy-compliant way to target users, third-party cookies are now being phased out due to privacy concerns. Check out our alternatives to third-party cookies guide here for more information on that.
Let us give you an example. When a user visits SportsShoes.com, the website can ask for permission to drop a web cookie into the user's browser. This enables SportsShoes.com to identify the user on other websites as they browse around the web. As a result, SportsShoes.com can target the user on another website — like tennisgames.com — with a display ad.
User Profiling
Advertisers gather data on users such as their IP address, geolocation, and device type. This data is used to build user profiles, which can be segmented and targeted by advertisers. Then, advertisers can target users with ads that match their interests or needs.
At this point, there's one question to clarify, and that's what technology can do for you to ease the burden of managing user consent.
Do I Need a Consent Management Platform?
Yes, CMPs help enable websites to comply with data privacy legislation and save time collecting user data as they automate this process. From a user's perspective, a CMP enables them to understand and exercise their data privacy rights. Changing data privacy preferences or revoking consent should also be easy through a CMP.
Here are a few technical considerations about CMPs that you should know about:
TCF and TC Strings
In 2018, the Interactive Advertising Bureau (IAB) Europe launched the first version of the Transparency and Consent Framework (TCF) to support compliance with the GDPR in the digital advertising industry. When abiding by the framework, publishers offer more reliable user data and advertisers get more meaningful data to customize relevant advertising experiences.
TCF specifies how CMPs, publishers, and advertisers should process personal data. It also determines how they can store and access information on users' devices for tracking purposes, such as Web cookies, advertising identifiers, or device identifiers.
The framework defines how to create, send, receive, and use Transparency and Consent Strings (TC Strings). A TC String is an encoded character string that CMPs create and transfer to publishers via HTTP. Each string contains details about a user's consent — all the information in the consent request and the user's data privacy preferences. Then, publishers decode the string and discover what they were authorized to do with the user's personal data. Additionally, the TC String allows CMPs to store and access user preferences.
Major IAB-Approved CMPs
These are the major CMPs that use the TCF:
- AdConsent
- OneTrust
- Quantcast
- TrustArc
- Cookiebot
Snigel’s AdConsent is compatible with TCF 2.0, the latest version of the framework.
Customer Data Platforms
Besides a CMP, website owners might have a customer data platform (CDP) in place. A CDP unifies customer data from multiple sources — such as marketing, sales, or customer service departments — into a single repository. The advantages are the following:
- Optimize the activities of various departments that heavily rely on customer data
- Define accurate customer profiles and keep them up to date at all times
- Send customer profiles to advertisers and third parties
It's highly efficient to have a CDP to automatically handle customers' requests to access or erase their personal data. Plus, combining a CDP with a CMP ensures that all departments in a company honor data privacy legislation when processing user data and managing preferences.
Do I Need to Update My Consent Management Platform?
Designing and implementing a CMP is not a one-time job. The legislations keep changing, and you have to keep up with these changes to remain compliant.
If you’re looking for a CMP that is automatically updated to comply with the latest legislation, check out Snigel's AdConsent. AdConsent is a high-performing CMP, which provides GDPR and CCPA compliance. The platform is optimized for Core Web Vitals and was built with website’s in mind that rely on advertising revenue. If you'd like to find out more, make sure to get in touch with our team of experts.