Cookie consent is a hot topic with the recent data privacy legislation. However, there seems to be a lot of confusion around cookie consent and consent preferences. But before we dive into the difference, let’s talk about the Cookie Law.
Cookie Law, or the ePrivacy directive, is a separate piece of legislation that works together with GDPR but generally takes precedent regarding cookies. The Cookie Law was enacted in 2002 and covers electronic privacy regarding cookies and cookie banners.
What Is cookie consent?
- Cookie consent must be based on a definitive affirmative action that could include clicking, scrolling, or another manual action by the user.
- You must disclose how and why you’re using cookies.
- You must gain consent before storing cookies on a user’s device.
- You must make it easy for visitors to refuse or withdraw consent.
Preferences are not consent
A common misconception is that it’s enough just to gain cookie consent. That’s not the case. Because it’s more than just gaining consent, it’s about what type of consent you’re gaining and what you can use it for.
The following five questions, centered on the what, why, who,’ ‘when’ and ‘whereof data privacy, will be essential to you ensuring your business doesn’t fail to comply with the many privacy regulations.
1. What data are you collecting?
The questions around personal data are more than just “what kind of info can we send?” or “can we call them” Both businesses and visitors need to know precisely what data has been collected at every touchpoint. And this info needs to be easily accessible.
2. Why are you collecting it?
Next, businesses need to show why the data was collected in the first place. Organizations need to be clear about why they’re collecting personal data and have justifiable lawful reasons for collecting and processing this data. This is an integral part of the new regulations because it pertains to the security of personal data.
3. Who is using the data?
The next component is being clear on exactly who is using the data. From the moment you’ve collected a visitor’s personal information, you need to know exactly who will access the data internally and externally with third parties. It’s good to remember that third parties will also be liable for penalties under the GDPR.
4. When does the consent expire?
Businesses will also need to record exactly when permissions were granted to use personal data. With GDPR, companies need to know how long they need to keep data for and prove this duration has been documented.
5. Where does the data come from?
Finally, in context to where the data is processed, we should know where this permission is granted down to the source. This is a bit different than the blanketed permission-based sources and channels. It’s about knowing where the data came from and having proof you can use it.
An opportunity to deepen engagement with Consent preference management
This is an excellent opportunity to build and deepen your customers’ trust. A chance to improve how you capture consent, audit the quality of your data, and update any outdated policies.
Additionally, you can use this opportunity to connect with your visitors at a deeper level and create a value exchange where both you and the customer can benefit. Preferences versus consent: let’s get data privacy from the beginning.
With Adzapier’s Consent Management Platform, you have access to three powerful tools you can:
- Increase opt-in rates while increasing transparency and respecting consumers’ privacy choices with Cookie Consent Management
- Collect and manage your online consumers’ consent and preferences with Consent Management Platform
- Quickly discover, disclose, and respond to DSAR requests with DSAR Management