Why data compliance is more than consent management
Protecting customer data goes beyond basic consent management.
The introduction of personal data privacy laws like the GDPR and CCPA has led to the widespread adoption of consent management platforms (CMPs). Yet many of these systems neglect key aspects of consumer data protection. In fact, brands could be failing to meet compliance regulations altogether.
“As personal privacy data laws have emerged, it’s important to differentiate between consent and compliance,” said Mat Hauck, COO of Ensighten, at our recent MarTech conference. “Just because a solution captures your consent doesn’t mean it’s compliant.”
What’s wrong with basic CMPs?
“We’re just users — we’re here to consume content or perform a task,” said Hauck. “So we take what we’re given. We click whatever button is presented to us to get on with what we came here to do.”
He added, “Basic CMPs are not designed to address personal data privacy regulations and in most cases miss the mark on compliance with the law.”
Too many website CMPs consist of simple banners briefing mentioning their data collection policy, with buttons users are prompted to click. These programs, while popular, ultimately neglect the user’s privacy and the regulations themselves.
Basic CMPs fail to protect consumers’ data in three specific ways, says Hauck, leaving users just as vulnerable to data breaches:
- Failing to enforce privacy laws;
- Failing to prevent data exfiltration; and
- Allowing third-party access to sensitive data.
Web security, CMPs, and privacy laws
In the same MarTech session, Cory Kujawski of Ensighten said that there are three factors to consider when evaluating platforms and applicable privacy laws:
- Third-party vulnerabilities posing risks to customer PII theft;
- Customer data loss and breaches are now written into data privacy laws; and
- Basic platforms that don’t protect consumers against these attack vectors.
“Third-party javascript poses some significant risks including loss of control and manipulation of client applications, execution of arbitrary and malicious code on client systems, and disclosure of sensitive information,” said Kujawski.
Choosing a compliance platform
“A compliant consent solution controls and governs the flow of information based on rigid and autonomous enforcement of the user’s privacy preferences,” said Hauck. “A sophisticated CMP does not rely on integrations, APIs, or logic built into your existing content or deployment systems.”
He added, “In fact, a CMP plus can augment systems you already have to bring you a greater level of compliance and perform a higher-quality service that will help build trust with your end users and increase the equity of your brand.”
Customer trust isn’t built with shortcuts. Adopting data compliant platforms that go beyond consent management should be one of marketers’ top priorities.
Watch the full presentation from our MarTech conference here (free registration required).
Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.
Related stories