What is a Cookie Consent Manager?
Cookie consent management refers to a process that allows a website to obtain user consent from visitors for collecting their data through cookies; this facilitates compliance with various data privacy regulations. A consent management platform (CMP) enables brands to automate their consent management process, making it easier to be compliant in a world of ever-evolving data privacy regulation. A compliant CMP can inform visitors about the types of data they’ll collect and what they will use it for, store visitor consent data and deal with visitor’s requests to make alterations about the data the website has collected about them, including requests to access and erase this data.
Why do I need a cookie consent tool on my website?
Your website, whether you built it yourself on Wordpress or had it professionally designed, can be accessed by users from all over the globe. If your customer base includes European citizens, you’ll need to comply with GDPR and collect consents before you collect data from those visitors. If your customer base includes California citizens, you’ll need to comply with CCPA and provide an “opt-out” mechanism for those customers. Don’t think you’re collecting data? Your website almost certainly does. Note that a CMP helps you to comply with regulations but doesn’t cover all of your responsibilities to be compliant.
As more privacy laws are being introduced right across the world, companies should look to incorporate the best cookie consent tool into their tech stack. With the rapid institution of privacy laws around the world, there are very few companies, websites or circumstances that will remain exempt from the need to obtain consent. Any company that collects data from users, or participates in the sharing, buying or selling of consumer data, should have a dedicated solution to obtaining and managing consents.
Is cookie consent required?
This isn’t a simple yes or no answer because of the varied regulations around the world, but in general, yes. And not just yes, but the consent has to be proper, meaning that it must be:
1. Informed: the user must have a clear understanding of the data being collected and have the ability to opt-in (meaning consent is given prior to data collection) or opt-out (meaning that a data subject can withdraw their consent) of its collection;
2. Given by means of an affirmative, positive action that cannot be misinterpreted: this means a clear yes or no with no ambiguation, preferably on a cookie-by-cookie basis;
3. Given prior to the initial processing of the personal data: GDPR requires an opt-in prior to data/cookie collection, while CCPA assumes an opt-in and requires an opt-out mechanism for the consumer;
4. Dynamic: it must be easy for the user to change their mind and withdraw the consent;
5. The user has the right to be forgotten: at the user’s request, all of his or her personal data must be properly deleted;
6. All given consents must be recorded as documentation: this is important! An audit-ready trail of information should be created to show when, where, why, what and how consent was obtained.
What is required for GDPR cookie consent?
Follow our in-depth guide on GDPR cookie consent.
What is required for CCPA cookie consent?
CCPA follows GDPR in many ways, however one primary difference is that consent is not required prior to collection of consumer data, as it is in GDPR. However, CCPA provides consumers with an “opt-out” mechanism so that consumers can elect to prohibit companies from collecting information about them after the opt-out is chosen. Additionally, CCPA requires:
2. Cookies on the site: a website is accountable to all the data collected. The company is accountable for the safety, management, and storage of collected data. Websites that use third party cookies must be able to manage the data collected;
3. Third party vendors: cookies on websites are often from third party vendors. It is critical to ensure that your vendor agreement clearly have data protection and CCPA compliance clauses;
4. Opt-out of sale of personal information: a visitor must be provided a clear choice to opt-out of sale of personal information. The opt-out choice should be clear and easy to find. This opt out of sale refer to all data; and
5. Manage opt-out and opt-in of sale of personal information: a visitor must have the ability to change (reject or accept) their consent. Websites must have a “Do Not Sell My Information” link on the homepage of their website, in addition to any page which collects data, and allow consumers to easily prohibit companies from selling collected data for a period of 12 months, at which time the company may ask the consumer for permission to resume selling their data.
Most importantly, each such consent must be recorded for reference.
How can Clym help with GDPR & CCPA Regulation?
Clym stays on top of data privacy regulations so you don’t have to. We help you collect and manage consent for content collected on your website, and empower you to manage the collected consents in the event of an audit by a data privacy regulator. Our platform takes cookie consent management out of Excel spreadsheets and into a scalable platform that ensures your compliance with the regulations. Contact us today to see how you can get your website compliant immediately.