Securiti announces a $75M Series C Funding Round
ViewIt’s been common practice for businesses to sell their consumers’ personal information like age, gender, likes, hobbies, where they study, etc. without their consent to marketers. In turn, marketers use this information to show consumers targeted ads. While this sounds harmless, the fact that an individual’s personal information is being passed around like a commodity is the reason why privacy laws such as the CCPA and GDPR have come into effect.
The GDPR has made it mandatory for organizations to ask consumers for consent before selling any part of their personal information. On the other hand, the CCPA requires organizations to provide its consumers the option to object to the sale of their personal data by displaying a button stating “Do Not Sell my Personal Information”.
These laws need to be followed strictly and failure to do so can result in drastic repercussions, as happened with the Cambridge Analytica incident where 50 million Facebook accounts were used for psychological profiling to assist Donald Trump in the 2016 elections. This was done without the consumers being aware and was a massive breach of consent by Facebook. Facebook was said to pay a fine of $633,000 for this breach.
Therefore, setting up a robust consent management system is empirical for any organization intending to process its consumers’ data. However, it’s not as easy as it sounds. This article will talk about why a consent management platform is important and how the adoption of an efficient CMP can prepare any business for compliance with existing and upcoming data privacy regulations.
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Looks like this email is already registered with an existing account.
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
Before we move on, let’s first look at how leading privacy laws like GDPR and CCPA define consent management.
Under the GDPR, consent is one of the lawful basis of data processing. Article 7 states that “Consent must be freely given, specific, informed and unambiguous”. This requires that an individual’s consent must be given voluntarily without any pressure or influence that could affect his or her choice. Moreover, an individual must have the ability to withdraw his/her consent at any time, without any detriment. Such withdrawal of consent must be as easy as giving consent.
The law under the CCPA is more commonly known as the right to opt-out which states that “Consumers have the right—at any time—to direct businesses that sell personal information about the consumer to third parties to stop this sale”. However, organizations must provide the option to opt-out of the sale of personal data to its customers by displaying a button stating “Do Not Sell my Personal Information”. This falls under section 1798.120 of the CCPA. The CCPA also requires businesses to record an opt-in consent from minor consumers and consumers who allow the collection, processing and sale of their data in return for a financial incentive.
Websites use a consent management platform – or “CMP” – to obtain users' consent to process their personal data, which is obtained through cookies and trackers on the domain. Managing director of It Works Media, Steve Pritchard, explained how a consent management platform works in the case of a corporate website. “A CMP is used to inform visitors about the types of data they’ll collect and what they will use it for. They store visitor consent data and deal with visitors’ requests to make alterations about the data the website has collected about them, including requests to access and erase this data. It is a necessary platform for websites to meet EU regulations for data collection”.
The reason why a CMP is so useful is that it makes consent management processes smoother, easier, and more efficient. An effective and privacy-compliant CMP must have the following features:
In principle, all privacy regulations agree that consent must be freely given, specific, informed and unambiguous. This implies that the data subject must at least be aware of the controller’s identity, what kind of data will be collected and processed, how it will be used, and the purpose of the processing operations. While businesses are building new capabilities into their forms, mobile apps, and websites to enable consent capture, having a solution for notification and consent capture immensely simplifies this requirement.
Websites and businesses collect and store identifiers such as IP addresses, device IDs, location data, and cookies, which are now considered personal data. This information is shared or leaked to various advertising and marketing platforms to provide value-added services. Therefore, it is essential that platforms involved in this process notify and obtain consent from their users before collecting and processing their data. Consent propagation must be supported and managed.
This is easier said than done, since most businesses have personal data scattered around multiple systems or silos, with different identities for the same user in different processes and environments. An enterprise-wide view of data and identity is essential for effective consent management.
Most businesses undertook a flurry of consent capture and re-consent efforts to meet GDPR deadlines but ended up with solutions that act as static databases for consent frameworks and preferences. Without the ability to link consent to identities, consent is once again scattered around silos with multiple instances of consent for a single user. This makes opt-out and consent withdrawal decisions very difficult to implement across the organization. Therefore, operationalizing consent management is a critical requirement for consent management solutions.
Learn how to market while complying with global privacy laws and user consent requirements.
Although most consent management platforms get the job done, there are certain things that you need to look for in a CMP to make sure it is exactly what you are looking for.
The process of effective consent management always begins with the right notifications. First off, users must be informed that their personal data is being processed. Detailed information about the scope of data processing must be included in the Privacy Policy, in a pop-up notice, or both. Users must be empowered to decide if they agree to the specific purpose of processing. Consent must be captured and consolidated. Key consent management capabilities include:
1. Privacy Center
2. Website Scanning and Cookie/Form-based Consent Management
The CMP should simplify the notification, collection, and propagation of consent to approved 3rd party solutions to meet business objectives. Key capabilities should include:
1. Adherence to the Interactive Advertising Bureau (IAB) framework
2. Improve accessibility to consent data
1. Collect, normalize and aggregate consent from multiple sources.
2. Correlate multiple consent actions by the same data subject
3. Evaluate policies from a central location
A CMP should enable and comply with a consumer’s request to opt-out or withdraw consent to the processing or sale of personal data.
1. Consent management portal
2. Integrate consent management into data maps and business process flow diagrams
3. Single Identity Dashboard
If you want to know whether your CMP is up to the mark and has all the capabilities necessary to operate efficiently, we have drafted a checklist to help you figure out if your CMP is the one.
1. Duty to Provide Information
2. Consent
3. Setting cookies
4. Legally compliant documentation
5. Opt-out and Opt-In
Consent is one of the most, if not the most, important data privacy requirements worldwide. Fulfilling this regulation using manual methods is tedious, costly and risky. Adopting the PrivacyOps framework can help the organization in the following ways:
Given the increased frequency and severity of enforcement around consent violations, it is wise to invest in automation at an early stage of the compliance process and prepare your organization for data privacy regulations around the world - not just the existing ones but also those that are upcoming.
Get all the latest information, law updates and more delivered to your inbox
February 22, 2023
Suppose you own a luxury car. You wouldn’t just give its keys to anyone who asks, right? In fact, you would give your car...
February 20, 2023
No matter where you are, data is all around you and powers everything you do. Estimates suggest that a whopping 25,000 petabytes of data...
February 6, 2023
As your business grows, you'll undoubtedly need to outsource some tasks. Every expanding company needs third and even fourth-party suppliers, whether for purchasing supplies...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
3031 Tisch Way Suite 110 Plaza West, San Jose,
CA 95128