Consent Management - Have your cookie and eat it
Build trust with your site visitors - Make transparency and consent a pillar of the relationship with your customer.
How you handle your customer's data is the subject of regulation by the European Data Protection Board.
And an update in May 2020 is having a direct effect on how you operate your website. This is not going to be another dry, boring essay on consumer protection blah blah blah - It is important you take note and at the end, if you've stuck with me, there is a small gift from Island Web Design!
So, strap in and get comfortable - I need 7 minutes of your time
In Europe, the General Data Protection Regulation (GDPR) requires businesses operating in the EU to give consumers control and choice over the personal data that is collected and used and, in most cases, explicit consent is required before any data collection or tracking of any kind happens.
What does that mean? Well, it means that your cookie banner, informing people that you use cookies on your site, is no longer cutting it... (see what I did there? Cookie... cutter... never mind!)
It means that we need a definitive YES, or I ACCEPT, before a visitor makes use of your website.
In May 2020, the European Data Protection Board (EDPB) updated their guidelines on consent under Regulation 2016/679. This update is important as it aims to remove any ambiguity on the official position regarding several aspects of cookie usage. Perhaps most significantly, these latest guidelines clearly state that Cookie Walls are prohibited and that the EDPB does not consider consent via scrolling or continued browsing to be valid.
Update April 2021. Since Brexit we are no longer subject to the EDPB unless your website is selling products and services to users in the EU. However, the UK Information Commissioners Office (ICO) states: "If your use of a cookie wall is intended to require, or influence, users to agree to their personal data being used by you or any third parties as a condition of accessing your service, then it is unlikely that user consent is considered valid".
UK GDPR is a little more ambiguous about the use of cookie walls but in the majority of cases, they are not deemed to be valid consent. See their web page here.
Does my website use cookies?
Well, yes... that's the short answer. But it isn't just about the cookies. It is about all forms of personal data that is collected while a visitor is browsing your site. It is the information collected by the site to build the statistics and to run a number of 3rd party services such as Social Plugins and You Tube Videos for example.
If your site is connected to Google Analytics you are most definitely collecting personal data and your visitors have to be able to opt-in and/or opt-out of this, quickly and easily.
What is personal data and why do I need it?
According to the UK's Information Commissioner's Office, Personal data is information that relates to an identified or identifiable individual, and what identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors.
Do I need to collect personal data?
Well, no. You don't in most cases. Some of my customers are perfectly happy for their website to just be a source of information and they are not interested in how many visitors they had last month, and where these visitors came from.
They have no interest in linking their website with their Facebook page, and have posts on Facebook link back to their website, to drive more traffic and win more customers.
They don't want videos on their site, are not bothered about running promotions with pop-ups and couldn't care less about a gallery on their site linking with their Instagram account.
For those of you that fit that description, there is a facility on your website that switches off all tracking and site cookies and we can delete all 3rd party services accordingly.
But, if you ARE interested in growing your business, run your analytics to improve your website traffic and the user experience, and if you like to dabble with social media, we will need to collect explicit consent.
And for that, we need a Consent Management Platform.
What is a Consent Management Platform?
You’ve probably seen pop-ups as you visit websites, asking for consent to use your data, or informing you that data is being collected before you can actually continue to use the site. This pop-up is the Consent Management Platform or CMP.
CMPs store proof-of-consent and preference choices, handle visitors who request to alter data that the website collects, and can provide additional transparency into a site’s data collection and usage practices.
User consent is required any time you collect any information from your customers, from cookies to email addresses and everything between. There are six legal reasons your business may gather data from customers, according to GDPR regulations:
- A user consents to their data being collected.
- Processing is necessary to satisfy a contract to which the data subject is a party.
- You need to process the data to comply with a legal obligation.
- You need to process the data to save somebody’s life.
- Processing is necessary to perform a task in the public interest or to carry out some official function.
- You have a legitimate interest to process someone’s personal data. This is the most flexible lawful basis, though the “fundamental rights and freedoms of the data subject” always override your interests, especially if it’s a child’s data.
So, do I need a Consent Management Platform on my site?
Absolutely! And not just for the obvious reasons which are that consent is required by law and it avoids potentially heavy fines
Yes, it can be argued that the authorities are not doing much in the way of enforcing these privacy laws, and some will tell you (mostly this comes from bar-room legal experts) that very little of GDPR law has ever been tested in court so you don't really need to worry about it.
But apart from the risk of monetary fines that could result from not adhering to GDPR requirements or not being able to demonstrate compliance, CMPs can create a better customer experience. Businesses and organisations that implement a preference and consent management platform can deepen relationships with their customers when they make transparency and consent a pillar of their customer relationships. When your customers see that you are taking their data collection seriously, it leads to more trust in your business and, in turn, establishing trust through preference and consent will enable consumers to feel in control of their data.
What is Island Web Design doing about this?
I take the protection and safety of my customers' data very seriously, and we have a number of tools in place that allow our website clients to manage their customer's data in line with GDPR requirements as well.
So, I went out looking for a CMP that I could offer to my website clients and was instantly overwhelmed by the sheer number and scope of the different solutions out there. And the costs involved are not inconsiderable. Nearly all are trying to sell you a package that claims their CMP will enhance your advertising revenue and yes, if your website is about monetising traffic through marketing and generat6ing advertising revenue, than by all means, go and spend several hundred pounds a month on a CMP.
However, most of my clients are just trying to run their business and stay on the right side of the law. I think a basic CMP should be very cheap indeed.
So, we have settled on a CMP by Usercentrics. Usercentrics is a market leader in the area of enterprise consent management platforms (CMP) and empowers site owners to obtain, manage and document the consent of their users across platforms. What is more, Usercentrics’ solution is easy-to-implement, fully customisable and legally compliant.
They operate 2 plans: Standard and Business. If you would like to dive deeper into the differences between these 2 packages and learn more about consent management, please visit our dedicated web page here.
Save to say that their standard package is good enough for 95% of my clients. It covers you for up to 20,000 sessions per month and can deal with up to 2 languages, although customisation of the look and feel of the app is limited.
For more languages and more customisation you will need to look at the Business package.
Have a look at the Usercentrics pricing page and you will see the price of their Basic package is a very reasonable at €8 + VAT per month (approx. £8.57 in today's money), with the Business package coming in at €39 + VAT per month (approx. £41.75).
And here is my gift to you: IWD offers the Standard Package for FREE!!!
Yes, you read that right. Island Web Design is the gift that just keeps on giving!
Our website clients can have the Usercentrics Consent Management Platform installed on their site free of charge using the Standard Package.
To get the CMP on your site, just contact us and make the request. Once installed, visitors will be presented with a consent pop up and a somewhat ugly blue icon will appear on your site in the bottom left or right corner, which visitors can tap on to go back into the CMP and change their settings if they wish.
Yes, the button is ugly and obtrusive but you could also view it as 'transparent and caring' because it gives your visitors that warm fuzzy feeling that you care about their data!
The Business package allows for more customisation, including changing the blue icon for something less 'in your face', and while that will have an additional cost attached to it, I am pleased to say that we can offer you a good deal on that too.
Island Web Design clients can have the Usercentrics Business package for £25 per month. and enjoy more customisation, and support for up to 35 languages.
Make sure you contact Island Web Design if you do not already have an IWD website and if you do, make sure you contact us as well so that we can discuss your CMP requirements and get you on the right side of the UK and European privacy laws!
More articles
by