Best CMP Tools: Why Businesses Trust Secure Privacy


By Blog

Consent Management Platforms are part of many outcomes resulting from adoption and enforcement of the GDPR in 2018.

Since the implementation of the EU’s trendsetting data protection law, websites and businesses have been forced to reevaluate how they collect, process, share, and store personal information. 

In the center of these changes is the issue of user consent. Websites are expected to seek valid consent from users before using cookies to collect personal data for marketing and advertising purposes.  

Defining a Consent Management Platform (CMPs)

This is a software tool that helps websites or applications to meet GDPR data protection requirements. 

CMPs facilitate compliance by asking users for consent, gathering and handling their information, and sharing this data with ad partners. 

Commonly, the term CMPs is connected to IAB Europe’s Transparency and Consent Framework (TCF) and the Consent Management Platforms registered under it. 

From a technical point of view, the term refers to a wider concept that goes beyond integration with the Interactive Advertising Bureau (IAB). 

Nonetheless, the IAB TCF brings together registered CMPs of adtech vendors such that first parties can obtain user consent to manage personal data through vendors and share it with third-parties. 

Through CMPs, IAB TCF guarantees transparency and responsibility in the advertising supply chain since publishers can rest assured that they are collaborating with an ad partner who is GDPR compliant and vice versa. 

The Difference Between a Consent Management Platform and a Cookie Consent Banner 

A CMP collects consent and then passes this information to other vendors. 

This ensures that there is transparent consent tracking between the publisher and downstream partners.

In contrast, a cookie notification banner is focused on making it possible for users to check or uncheck the installation of specific types of cookies.

Elements of GDPR-Compliant Cookie Consent

The EU’s General Data Protection Regulation defines consent as  “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Therefore, valid GDPR cookie consent according to the latest EDPB guidelines must be; 

  • Freely given
  • Specific
  • Informed
  • Unambiguous indication of the data subject`s wishes

Freely Given 

The GDPR makes it clear that you should not deny users real choice, coerce them, or punish them for failing to provide consent, then the consent given in these circumstances is invalid. 

Similarly, if you obtain cookie consent through bundling as one of the elements of non-negotiable terms and conditions, then it is not considered freely given.

Specific

This requirement means that you must collect consent for each specific purpose of data collection or processing. 

In this way, you can guarantee users a certain level of transparency and control over the use of their data. 

Informed

You need to make information available to data subjects before obtaining their consent to help them make informed choices, understand what they are agreeing to, and exercise their right to withdraw their consent.

If you fail to provide accessible information, as a data controller, you deny users control over their personal information.

Unambiguous Indication of Users’ Wishes

The General Data Protection Regulation explicitly states that valid cookie consent involves a statement from the user or clear affirmative action. 

Therefore, you must ensure that you obtain consent through active motion or declaration.

 Basically, it should be obvious beyond doubt that the consumer has agreed to that specific processing of their information. 

Who Needs to Implement a CMP

A CMP is a necessity for your GDPR compliance needs if you engage in any of these activities;

  • Process personal data for activities such as remarketing, personalizing content, behavioral advertising, analytics, and email marketing
  • Transfer and process data of EU citizens in jurisdictions outside the EU
  • Use special categories of personal information such as data about ethnic origin, political views, biometric information, and genetic composition. 
  • Automated decision making such as profiling 

How IAB TCF 1.0 and 2.0 Affect CMPs

IAB Europe’s Transparency Consent Framework is a GDPR-compliant set of technical specifications and policies that create a system that allows publishers to inform users about the type of data being collected from them and how they plan to use it together with their third-party partners. 

IAB TCF provides the publishing and advertising industry with a uniform platform on which to demonstrate valid user consent when executing and delivering digital promotions and content. 

Typically, IAB’s TCF 1.0:

  • Offers the technical guidelines that enable CMPs to capture, store and signal consent in an industry-standardized way
  •  Allows CMPs to get global consents gained by other publishers and CMPs
  •  Captures which vendors are operating in the TCF and the purposes that they wish to process personal data for so that the user interface can be updated and users informed as is appropriate
  •  Alerts CMPs when vendors use legitimate interest or consent as a legal basis for processing personal data for a given purpose so that users can be informed as necessary

In August 2019, IAB Europe together with IAB Tech Lab revealed that it was testing the second version of the Transparency Consent Framework

The transition from IAB’s TCF 1.0 to 2.0 is based on feedback from regulators and publishers in this industry focused on improving the ad serving ecosystem to better serve the community.

 IAB TCF 2.0;

  • Facilitates better transparency for the consumer through clearer explanations of the purposes of data processing
  • Allows publishers to impose more limitations on both the purpose and legal bases upon which a vendor can process data collected on their digital property. This allows for better customization of vendor activities.
  • Enables vendors to process under legitimate interest if they are not limited by the publisher, or objected to by the user
  • users can either give or withhold their consent, in addition to exercising their right to object to the processing of their information under a legitimate interest basis.

Therefore, the key differences between IAB 2.0 and IAB 1.0 include;

  • Increased control for publishers
  • Inclusion of legitimate interest as a basis for processing personal data
  • Better self-enforcement and regulation
  • Improved collaboration with data protection bodies, vendors, and publishers
  • Participation from the biggest player in the industry-Google

Comparing Tools that Help you Meet IAB TCF GDPR Compliance Requirements 

Cookie Consent Kit

Developed by the European Commission, this tool is available for free. It comes with multi-language support because it allows customization. Similarly, it gives you custom branding capability for your website. 

However, this tool is yet to be registered as a CMP in IAB. Furthermore, it does not provide a cookie banner and policy or capability to complete a cookie scan on your website. 

Lastly, the European Commission’s Cookie Consent lacks functionality for both reporting and dashboards. 

CivicUK 

This solution has a simple user interface that allows you to give users clear information about how you track their behavior and offers you straightforward, interactive controls that make it possible for users to give or revoke consent explicitly.

The updated version of this tool offers you support for IAB Europe’s TCF 2.0. 

Quantcast

Quantcast Choice CMP enables you to provide consumer notices for collecting and processing personal information.

It also comes with simple ‘Deny All’ and ‘Accept All’ options, which eases the process of granting or denying for your users. 

Apart from the Deny All and Accept All option, Quantcast provides a link to an interface where your users can toggle consent based on each data collection purpose and by individual vendor. 

Tealium

If you use Tealium’s tag management tool, now you can also use it to gather and manage user consent as well. 

The solution comes with a non-intrusive banner, in addition to a variety of customization choices. 

Furthermore, users can toggle their consent choices by individual use cases. 

However, the key downside of Tealium’s tool is the absence of vendor level data and consent toggling. 

Why Secure Privacy is a Preferred CMP Solution For IAB TCF 2.0 

IAB’s consent model is fundamentally different from the plugin/cookie blocking consent model used in Secure Privacy and other consent management solutions. 

In general, IAB’s model puts the control in the hands of advertisers and vendors by signaling the user’s consent to advertising vendors. 

However, Secure Privacy can block non-consented vendors and thereby give control to the publisher, who is liable to ensure data protection for all tracking performed by third parties on the publisher’s website.

With this fundamental difference in the design, Secure Privacy introduces a new setting to enable Interactive Advertising Bureau (IAB) Europe which updates your existing cookie banner and privacy center. 

We give you a choice to select IAB banners over Secure Privacy banners.

The cookie banners and privacy banners are fully IAB compliant meaning as a registered CMP, Secure Privacy has passed all the UI/UX and technical requirements of the IAB framework.

Furthermore, our solution meets the following ePrivacy Directive and GDPR compliance requirements that are consistent with IAB 2.0’s obligations;

  • User Notification

As your CMP, Secure Privacy ensures that consumers are aware of what data is processed and for what purpose, such that they know what they are giving their consent to.

  • Express Action

Our solution ensures that consumers give consent to the use of cookies based on true choice as opposed to being coerced into accepting their deployment.

  • Affirmative Consent

Using Secure Privacy as your CMP for IAB Europe Transparency Consent Framework 2.0 also ensures that cookie consent is provided through affirmative and unambiguous action in accordance with GDPR ePrivacy Directive compliance requirements.

  • Notice

Our solution also ensures that an alert is communicated to users before the initial data processing occurs.

  • Ability to Withdraw Consent

According to the GDPR, consumers should be allowed to withdraw consent easily. Secure Privacy ensures that users can withdraw consent as easily as they gave it.

Enabling Secure Privacy as your IAB TCF 2.0 CMP

To enable the IAB Consent Framework you need to navigate to Banners and then Settings. Go to the IAB Tab and click on the checkbox to enable the IAB. The IAB tab should look like this.

Once you enable IAB, the default cookie banners will be replaced and the IAB cookie consent banner will appear for users. The new cookie consent banner will look similar to the image displayed below when expanded.

Similarly, your privacy center is also updated and will look similar to the image displayed below.

Some of the key points you need to take into account in this case include;

a). Please note that Secure Privacy as a registered IAB CMP is under the obligation to work only with publishers that are fully IAB compliant. 

By enabling the IAB framework in Secure Privacy, you confirm to comply with these policies.

b). Enabling IAB TCF will replace your cookie consent banner text, and remove the plugins and trackers found, Instead it will start showing Vendors, Purposes, and Features.

c). Similar to the cookie consent banner, the privacy center will also be replaced with Vendors, Purposes, and Features.

d). Currently, the Interactive Advertising Bureau’s (IAB Europe) banners are supported in the English language only.

e). Consent management is also modified to track advertisers and purposes.

How to read the consent details as a vendor (for developers)

To read the individual user’s current consent state on a website, ping the following command every 500ms until result.cmpLoaded equals true (when consent has been loaded or submitted) in the callback:

window.__cmp(‘ping’, null, function(result) { console.log(result) });

To retrieve the BASE64-encoded consent string after that, execute the following command and read the value of result.consentData in the callback:

window.__cmp(‘getConsentData’, null, function(result) { console.log(result) });

Get your additional concerns or queries regarding IAB TCF and how to integrate Secure Privacy as your preferred CMP answered by booking a call with us today and get personalized support from a data privacy expert.

Additional Resources:

Read our blog to understand how to comply with IAB TCF 2.0 here

Read our blog to learn the key differences between IAB TCF 1.1 and IAB TCF 2.0 here 

Learn more about GDPR Cookie Consent Requirements with our simplified guide of the latest EDPB Guidelines.