Cookie consent management is critical for companies; unfortunately, it has often been dealt with partially. Cookie Consent Management lays the foundation to determine which marketing tools and data companies may use to improve the user experience. Best practices, recommendations, do’s and don’ts are highlighted in our two-part blog series.
What are cookies
We encounter cookies on every website and in countless mobile applications. Cookies are often imperceptible for users, but for martech and adtech operators, they are an essential element in their daily work. Cookies are used to store information on a user’s terminal device and make it retrievable; this ranges from storing settings on the Website to IDs for recognizing users. This capability makes standard applications such as web analysis, targeting, media buying, attribution, and user-centered communication possible in the first place. If I can’t recognize a user, I can’t communicate with them.
The use of IDs is a real concern for data protectionists and browser makers since this (and the user’s IP address) must be considered personal information. The motivation is not necessarily the same. While legislators and data protection officers want to cease data sharing practices that have gotten out of hand in the past – primarily through data economy, transparency, and required consent; browser developers see themselves in a race to be perceived as the “browser with the strongest data protection.” This race may create competitive advantages for their own “walled garden” advertising ecosystems and also cause a negative public perception. Either way, as website operators, we face the challenge of establishing a legally compliant user consent process while continuing to set up our ecosystem to ensure maximum impact from our digital presence.
We face the challenge of establishing a legally compliant user consent process while continuing
to set up our ecosystem to ensure maximum impact from our digital presence.
What are the different categories of cookies?
On the technical level: Cookies can be divided into categories based on several characteristics. This categorization is essential for further assessment and the design of cookie consent management.
The first level of classification is the domain for which cookies are set. Here, a distinction is made between first party-cookies (which are set on the site’s domain) and third-party cookies (which are written on the domain of a third-party).
The next relevant level of classification – driven by the legal framework – is the cookies’ purpose of use. These include, for example:
- Necessary cookies for the operation of the website
- Cookies for analysis purposes
- Cookies for advertising purposes
- Cookies for the integration of social media platforms
- Cookies for personalization purposes
- Cookies for website performance and operability
What is Cookie Consent Management?
The design of cookie consent management is therefore inevitably related to the relevant local legislation. Nevertheless, there are numerous design options – for both the user experience and the organizational structuring of the backend processes, that could influence how effectively the website’s use of technology can ultimately be designed.
What are the different types of Cookie Consent?
Overall, three or four types of “cookie consent” have established themselves on the market, which can be found all over the Internet in various forms and sometimes in creative version:
- The Waiver of any reference
This can be justified by the local legal framework, the renunciation of corresponding technologies, or the operator’s ignorance.
- The standard cookie banner
- The Cookie OptOut
- The Cookie OptIn
Within the framework of the OptOut and OptIn solutions established on the market, it is becoming more common to specify the consent or rejection, e.g., by cookie category or at the individual services/providers’ level.
Why is Cookie Consent Management needed?
Requirements GDPR for Cookie Consent Management
Moreover, in many cases, what should be standard after May 2018 with the introduction of the GDPR is still neglected: not only the request for a user’s consent is part of cookie management, but also the implementation of internal approval processes as well as the establishment of contractual agreements on data processing with the respective providers; this is because, from a purely legal perspective, personal data is passed on to a third party in the form of IP addresses, cookie IDs, etc.
Requirements CCPA for Cookie Consent Management
Like the GDPR, the CCPA (California Consumer Privacy Act) has extraterritorial validity, which means that companies outside of California must also comply with the resulting data protection requirements if they operate within California. This ruling makes it all the more difficult to apply the sometimes vague requirements of the CCPA to one’s own website presence.
What are the business potentials of Cookie Consent Management?
In addition to the universally discussed legal consequences of what can happen if Consent Management is not implemented or not implemented correctly, numerous opportunities and risks are less well known (see graphic).
Abb.: Business Impacts of Managing Cookie Consent correctly, Smart Digital 2020
In part 2 of this blog, we will explain what companies can do to implement Cookie Consent Management correctly and thus comply with the requirements outlined and at the same time leverage business potential.
Photo: Castorly Stock| Pexels