Data Ethics

What is a Consent Management Platform (CMP) and Do You Need One?

March 20, 2020  |   Geri Kirovska

Growing concerns over consumer privacy have led to regulations that now govern how businesses are handling customer data. In Europe, the General Data Protection Regulation (GDPR) requires businesses operating in the European Union (EU) to give consumers control and choice over the personal data that is collected and used, and in most cases, must ask for their explicit consent before data collection happens. Stateside, the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, and is the most comprehensive law on consumer privacy regulations to date in the U.S. As consumers want more control over their data, more states are following suit with California, as CCPA paved the way for future laws to blanket the nation. 

GDPR has made consent management platforms (CMPs) a necessity for businesses, including ones based in the U.S., operating in the EU, providing consent, choice, and control into the value exchange with their customers online, while satisfying compliance needs. In the U.S., if a preference and consent management solution is adopted, it is to facilitate the value exchange by providing transparency into data collection and usage practices, while allowing consumers to exercise their right to opt out. But before you take the plunge into a preference and consent management platform, make sure you know the basics of what preference and consent management platforms are and why they’re essential for businesses that collect and use customer data.

What is a consent management platform?

You’ve probably seen pop-ups as you visit websites, especially if you are a California resident, asking for consent to use your data or informing you that data is being collected before continuing to use the website. This pop-up, or privacy notice, is typically part of a preference and consent management platform. These platforms, like LiveRamp Privacy Manager, are a gateway to a business’s website or native app—essentially, one of the first experiences visitors will have with your business. CMPs store proof-of-consent and preference choices, handle visitors who request to alter data the website collects, and can provide additional transparency into a site’s data collection and usage practices.

Some privacy notices will ask for a visitor to accept or decline various purposes for data collection, others request more permissions from visitors to use sensitive information like location data, and still others simply serve to inform visitors that data is being collected.

When is User Consent Required?

User consent is required any time you collect any information from EU customers, from cookies to email addresses and everything between. There are six legal reasons your business may gather data from customers, according to GDPR regulations:

  1. A user consents to their data being collected.
  2. Processing is necessary to satisfy a contract to which the data subject is a party.
  3. You need to process the data to comply with a legal obligation.
  4. You need to process the data to save somebody’s life.
  5. Processing is necessary to perform a task in the public interest or to carry out some official function.
  6. You have a legitimate interest to process someone’s personal data. This is the most flexible lawful basis, though the “fundamental rights and freedoms of the data subject” always override your interests, especially if it’s a child’s data.

Conversely, whereas GDPR focuses on user consent to have individuals opt in, CCPA gives consumers the right to opt out of the sale of personal information. While CCPA is compared to GDPR, there are many notable differences between the two privacy laws, namely what is considered personal information under the two laws. RampUp’s CCPA content hub gives a detailed outline of the differences between GDPR and CCPA.

One thing’s for sure: whether it’s GDPR or CCPA, businesses must work to establish trust with their consumers to inform them on the benefits of the value exchange when it comes to customer experience and data.

Why Does a Publisher Need a Consent Management Platform?

Consent is required by law, in some cases, but in today’s world, it is essential in driving a successful monetization strategy for your business. The best CMPs provide proof of compliance via accessible audit trails to demonstrate compliance and protect you from fines, they’re also highly customizable with regard to look and feel, while providing flexible implementation options, including banner placement, interstitials, and more. 

Why Should Brands Invest in a Consent Management Platform?

In addition to the monetary fines that could result from not adhering to GDPR requirements or not being able to demonstrate compliance, CMPs can create a better customer experience. Brands implementing a preference and consent management platform can deepen relationships with consumers when they make transparency and consent a pillar of their customer relationships.

When customers have visible assurance that the business is taking their data collection seriously, it leads to more trust in the brand. With more local—and likely federal—regulations on the horizon, establishing trust through preference and consent will enable consumers to feel in control of their data. 

Learn more on how LiveRamp’s preference and consent management platform, LiveRamp Privacy Manager, can help businesses comply with the ePrivacy Directive, GDPR, and CCPA. To see how LiveRamp Privacy Manager can work for you, reach out to privacy-manager@liveramp.com