Consent Management Platform (CMP) – what is it?
In a digital world where data protection and privacy are becoming increasingly important, the need for proper management of user consent is increasingly discussed. A Consent Management Platform (CMP), or consent management platform, is a tool that helps websites and online services manage and document users’ consents for the collection and processing of their data.
The importance of CMP is becoming increasingly relevant, primarily due to the strict requirements of the European GDPR and other local data protection laws.
What are CMPs?
CMPs are an essential tool for any organization that operates online and processes users’ personal data. They not only provide the necessary legal protection but also help build trust and transparency in the digital environment. As the digital environment continues to be dynamic and regulation is constantly evolving, it is important that organisations keep their consent management systems up-to-date and compliant with the latest legal requirements.
With the growing emphasis on data protection and increasing demands for transparency from users, the role of CMPs can be expected to continue to grow in the Czech Republic. Regulations will evolve and technology will improve, leading to a continuous evolution of consent management standards and practices.
A brief introduction to the legislative/legal framework of privacy protection
In every EU country, every company/individual who processes personal data must comply with the GDPR rules (GDRP – sets out the rules for the protection of personal data). CMPs are key to meeting these rules because they allow users to choose what cookies and other tracking technologies can be used during their visit to the site.
How do CMPs work?
A CMP typically integrates an interactive interface on a web page that is displayed to users on their first visit. This interface offers users the ability to choose which cookies and tracking technologies can be activated. All choices are recorded and stored as evidence that the website respects the user’s consent.
CMP is actually such an automated cookie consent that takes care of regular cookie scanning, often also serving as an automatic cookie policy generator in multiple languages to ensure consent management for compliance with international privacy laws such as GDPR, ePrivacy, LGPD, CCPA, and PDPA.
Legal requirements for CMP
- Compliance with GDPR and local laws – CMP must be designed to meet the requirements of the General Data Protection Regulation (GDPR) and other relevant data protection laws in your country. This includes ensuring transparency and providing information to users about what data is being collected, for what purpose, and how long it will be retained.
- Right to access and rectification (right to revoke users’ approval) – CMPs should allow users to easily access their personal data and request its rectification or deletion.
- Documentation of consent – The CMP must effectively document all consents to demonstrate when and how consent was given or withdrawn. These records must be retained for as long as necessary to comply with legal requirements. Withdrawing consent must be as “complex” as giving it (i.e. you can’t hide it behind more and more layers; CookieBot does it nicely, for example, where you have to click on a floating icon even after consent has been given, and you can click on it at any time to change the consent). Next, you need to have elaborated terms and conditions – in a separate document, which you often find on other sites such as “Privacy Policy” or “Privacy Statement”. This document should detail how your organization collects, stores, processes, and protects users’ personal data. It should also inform users of their rights related to data protection, such as the right to access, rectify, erase, and restrict the processing of their personal data. The document should be easily accessible to users, usually located on the website in a visible section, often at the bottom of the website (in the ‘footer’) or on the contact page. It is important that this document is up-to-date and reflects all applicable legislation, including the GDPR if you do business with or process EU citizens’ data. Again, often this document (at least in relation to cookie processing) can be automatically generated for you by some CMPs and can be maintained automatically (for example, which services use cookie processing on your site).
Benefits of using a CMP
- Ensuring legal compliance – CMP helps businesses comply with GDPR and other data protection regulations.
- Improving transparency – users have a clear view of what data is collected and how it is used.
- Increasing trust – transparent and fair treatment of user data increases user trust in the brand.
- Customizing the user experience – CMP allows users to control which types of cookies are active, which can improve their online experience.
Important CMP features for website owners
- Consent Management UI – An intuitive and easy-to-use interface that allows users to easily manage their cookie and tracking preferences. This includes the ability to grant, deny or change consent for different categories of cookies according to the applicable legal framework (ability to revoke consent at the individual cookie level, ability to revoke consent at any time, failure to file a consent revocation). For more complex projects, you will also appreciate the ability to copy settings of individual domains between each other, manage access/roles and other advanced features – for example, you can choose for which legislation you need a given CMP for a given site and how it should behave – ideally you should be able to customize everything, as well as individual languages/translation options, document generation).
- Easy integration – the CMP should be designed to allow easy integration with existing systems and infrastructure on the site. This includes compatibility with different web platforms and technologies, minimizing the technical requirements and time required for deployment.
- Integration with analytics and advertising tools – The CMP should be compatible with commonly used analytics and advertising tools to ensure that any data collection using these tools is consistent with user consent.
- Adaptability and extensibility – Given the ever-changing legal standards and technological advances, the CMP should be designed to be easily upgradable and extensible, allowing for the addition of new features or integration with new services. This is generally provided by the CMP provider itself, who you pay for the solution (but the ultimate responsibility is yours and the most you can do is to seek legal redress from the CMP provider – on the other hand, it should be said that the largest CMP providers generally have the following
- Automation and reporting – automated reports and alerts that inform site owners of the status of consents, missing consents or the need to renew them. These tools help maintain compliance with minimal effort.
- Multi-language support – Given the global nature of the Internet and the diversity of user languages, a CMP should be able to support a multilingual environment, allowing proper communication with users in their preferred language.
- Data security and protection – ensuring that all data collected is securely stored and protected from unauthorized access or data leakage. This includes the use of encryption and other security protocols.
- Auditability and compliance reports – providing tools to generate auditable reports that can be used in inspections or audits to demonstrate compliance.
- GDPR compliance and compliance testing – an important feature of CMP is the ability to perform compliance tests to verify that consent settings on a site comply with GDPR and other legal standards. These tests help identify and address potential issues before they become subject to scrutiny by regulators. Some tools have checklists or some semi-automatic guidelines/checklists for new users, who are not very aware of the current legislation.
- Fully customizable cookie bar to your design – The CMP should offer customization options that allow it to be seamlessly integrated into the site design. This includes adapting colors, fonts, layout, and other visual elements to ensure that the consent management interface feels natural and does not discourage users. Last but not least, this is where maximum customizability of the bar plays a big role (as standard settings often don’t ensure that you get the most cookies/consents collected from users). Often you need to customize the look and feel (such as overflow across the entire site, where you can’t continue working with the site without clicking some form of consent, the ability to un-click all consents with one click and have this as a highly visible option).
- Reporting and analysis of user behavior – the analytics tools integrated into CMP provide valuable insights into how users interact with the consent interface. This information can help optimize the design and content of notifications to achieve higher consent rates. Pretty much an essential feature if your CMP consent numbers have started to drop dramatically, as it will directly impact both analytics tools (how much you measure/see in Google Analytics) and ad campaigns (how many cookies you include in each audience based on activity from the site).
- A/B testing for optimal cookie banners/CMP banners – using A/B testing allows you to experiment with different versions of the alert text to see which wording is most effective in gaining user consent. This contributes to a better understanding of user preferences and increases the effectiveness of consent management.
- Versioning – once you change settings/design, it’s definitely nice to be able to restore previous settings with one click. Alternatively, have the ability to preview and test/preview changes before publishing them to the live site.
- Integrated site cookie scanner/scan cookies – the cookie scanning feature allows CMP to automatically identify and categorize cookies used on the site. This facilitates consent management and ensures that users have accurate information about what cookies are being used and for what purposes.
- Multi-language viewing – Support for multilingual content is also important – this is particularly important for global sites and brands. CMPs should be able to display consent information in multiple languages (so that users can understand it all), which helps achieve better understanding and compliance with international users.
- Pricing/CMP price and billing schema – probably the main selection criteria, but certainly not the only one. Many CMPs are indeed cheaper and suitable for one domain (smaller project), but again for global sites, they are completely unsuitable – what I encounter most often – CMPs do not have legislation/interfaces sorted out for other countries – for example outside the EU, they cannot translate the CMP bar into the language, you need, they don’t have an intuitive interface for managing dozens of sites, or they are too expensive for larger sites (charging by subpages), or each of these functionalities means an extra charge that you didn’t count on when choosing a CMP.
- CMP speed and size – both the speed of loading the CMP and its size – may not be as much of a concern for us today, but some CMPs have several hundred kb to load, while other solutions can do the same in units or tens of kb.
- Certified CMP vendor for Google – when managing Google Consent, for example, again quite an important point for publishers – if you have a non-Google certified solution, your site will appear in all Google services as if it doesn’t have integration to Google Consent v2 – so somewhere you will get another window popping up from Google just for Google Consent v2/Google Consent 2.0.
Was this article helpful?
Support us to keep up the good work and to provide you even better content. Your donations will be used to help students get access to quality content for free and pay our contributors’ salaries, who work hard to create this website content! Thank you for all your support!
Reaction to comment: Cancel reply