Consumer data privacy is a hot topic these days with European rulings making the news near weekly. The laws themselves tend to be straightforward, but what matters more is the interpretation of those laws: privacy laws in Europe and in the US have been muddied by case law — until recently.
Recent rulings in Europe have put data privacy back in the forefront of many people’s minds in a very public way. Our takeaway is that there is a massive auditing gap, which presents an opportunity to organizations looking to shore up their data privacy management program.
What is the Consent Gap and What Can We Do?
No doubt you are familiar with the ubiquitous cookie consent banner that pops up on the screen every time you visit a new site. Each visitor is prompted to choose the categories of tracking they provide their consent to the website for data collection. There is a painstaking initial challenge when setting up consent management to ensure that those consent categories map to the right marketing technologies. Initially this task is relatively easy… relatively.
The problem is: with all of the changes and updates to dynamic features, the addition and deletion of marketing pixels, and the simple fact that this is a new task for tag implementers to add to development and post-production test plans, organizations can quickly find themselves violating the consent promise expected by visitors. Mistakes happen, tags are improperly mapped (or not mapped at all) to the proper consent category, and the effect is that not all consent preferences are honored in reality.
The ask from regulators is relatively simple: provide clear communication to each person who interacts with your brand describing the data that are opting in to (if they opt-in at all), ensure that you ONLY collect and track what they have consented to, and maintain a record of consent management for auditing purposes.
Right now the only portion of first-party consent that is being monitored is that the consumer provided some level of consent. The worrisome part of the puzzle is that most organizations do not have the peace of mind and cannot provide evidence that the marketing data captured actually matches the consent preferences set by the consumer.
This requires a platform that captures 100% of user traffic (no sampling) across every marketing technology to ensure that the promise delivered in the consent management platform is carried through to the first party marketing data your organization collects as consumers navigate your website, apps, and first party experiences.
