A consent management platform (CMP) is a tool for gaining visitors' consent as soon as they reach a website and modifying this consent at any stage in the customer journey. The main goal of the solution is to make the use of personal data conditional upon the visitor's consent.
On most websites, some personal data can be attached to cookies (media, analytics) placed in the browser by the website itself (first-party cookies) or by third parties (thirdparty cookies) acting as vendors. As such, a CMP's role is to obtain web users' consent in order to place cookies and trigger the tanks that process personal data. In this sense, it must be able to at least block the placement of cookies and the triggering of tags unless consent (in any form) has been obtained.
Following this rationale, the Transparency & Consent Framework of the IAB allows consent obtained by the CMP to be transmitted to the entire ad tech/MarTech ecosystem (DMP, SSP, DSP, Adserver, etc.).
In their most extensive framework, CMPs can also be used to obtain or manage visitor consent for processing other than that exclusively based on cookies: profiling, communication, data reselling, etc.
UNDERSTANDING THE CMP MARKET
The introduction of GDPR has prompted rampant growth in CMPs. At the end of October 2018, 151 CMPs1 were registered with IAB Europe, versus around 50 at the start of June. In the space of a few months, the market became polarised around three types of players that had developed CMP platforms or CMP-like features:
- Tag management/tag performance system-oriented players: traditionally specialised in tag integration, centralisation and protection to send information from websites/mobile apps to third-party solutions or platforms (media, analytics, etc.);
- AdTech/ MarTech players: advertising (ad servers, DSP) and digital marketing (integrated networks, mobile marketing) technologies used to build and cultivate affinity between brands and their consumers through different channels via targeting and increasingly refined segmentation. Their usual scope of application is huge -the creation of a consolidated customer view to conduct personalised campaigns, marketing process automation, behaviour prediction, realtime ad targeting, etc. ;
- Full privacy pure players whose GDPR/ePrivacy compliance and privacy by design are at the heart of their value proposition and purpose.
Note that ad tech/MarTech players, which rely on user consent to do business, have also created CMPs to support and rapidly reassure their customers regarding their compliance and highlight significant investments in data privacy.
Concerning the uptake of these tools, a study conducted by IAB France2 of 100 leading French press and media players (BFM, Le Monde, Le Figaro, 20 Minutes, etc.) found that just 56% had implemented a CMP compliant with the Transparency & Consent Framework as of 1 December 2018.
As CMPs have been adopted by these players, five solutions have stood out and share the vast majority of the French market: Didomi, CommandersAct, QuantCast, SourcePoint Technologie and OneTrust.
Note that many vendors have also developed their own private CMP for their requirements only, such as Orange, the Se Loger group and Deezer.
- Cookie consent configuration and personalisation: define consent collection methods (scroll, navigation, opt-in, global consent, by type of vendor), personalise the appearance and text of the consent collection module (pop-in, banner, etc.).
- Preference centre: guarantee and facilitate user preference management and ensure data confidentiality.
- Connectors and circulation of consent to 3rd parties..
- Dashboarding/data visualisation: track progress in consent collection (opt-in %, opt-out %).
- Alerting: define alerts in case of non-compliance.
- Export for proof: export obtained consent for audit purposes.
- Very attractive pricing in some cases.
- CMP as an additional module that can be activated, with special pricing.
- Tag mapping.
- Alerts to combat piggybacking.
- Check of the data sent in tags.
- Tag protection.
- Mapping/modelling of data and flows.
- Reference system: centralisation of user consent in a database.
- Broad management of consent beyond cookies (newsletter, personalisation, opinions and comments).
- Management of new rights.
This introduction is an extract from the chapter dedicated to GDPR Compliance Tools in the Yearbook 2019 ( Converteo ADLPerformance) ; click below to download the long version: