In a recent webinar, Updating Your Consent Experience for a Modern Privacy Landscape, cohosted with Ensighten, Enza Iannopollo, Principal Analyst on Forrester Research’s security and risk team, highlighted several issues facing organizations tackling consent management and cookie compliance, and several facing the consent management industry, and digital privacy, writ large.
Read on to learn where Iannopollo sees organizations failing, and what she says can be done to not only built a compliant consent program, but also win back consumer trust, and prepare for the future of digital privacy.
Want to know more? You can watch the full webinar on-demand here.
Consent Violations Make Up a Large Portion of Regulatory Actions
Since the introduction of the EU's GDPR, and California's CCPA, there has been a proliferation of consent management tools aimed at handling the headache that is consent management and cookie compliance. Today, most organizations have a consent management solutions in place, and consider the challenge of cookie compliance largely solved.
But despite this, a large portion of fines handed out by regulators focus on consent management, says Iannopollo.
“Forty percent of the fines that have been issued so far for GDPR compliance have to do with consent-related requirements."
To Iannopollo, this signals deep-issues with consent management tools, which often take a lax approach to regulatory compliance, allowing users to configure consent banners in a non-compliant manner, or even failing to meet compliance requirements on handling opt-out or cookie-load.
"This tells you how much high up in the priority list is the consent piece for regulators," says Iannopollo. "A large number of companies that are still struggling to get the requirements around consent right.”
Building Consumer Trust with Consent
So why is consent management so difficult? It seems straightforward. You need to ask the user permission to use their data, and do only what they permit. So why has this become such a complex issue?
To start, Iannopollo says that consent contains two categories. "
"On one side, there is, of course, the need to comply with the requirements for consent because it's regulation. But at the same time, consent is also about the relationship that you establish and then maintain with your customers. It's really a handshake that you have with your customers when they are coming to your website, or when they are returning to your website.”
To that end, you must be upfront with your customers about the consent process, and allow them to opt in or out of tracking as they please.
“Information has to be very clear. Users need to understand what you are trying to tell them if you wanna track them, what are the purposes for that, and that communication must be very clear.”
And if something is off, consumers will know, says Iannopollo.
“Consumers have become extremely aware of how consent banners work, of the rights they have, and what they expect to see in those banners.”
So while a sketchy consent banner won't necessarily draw the ire of regulators on its own, it will strain your relationship with consumers, who could be likely to file a compliant.
“The French regulator said that when they would see three or four complaints for a practice in an organization coming up, they would definitely open an investigation,” says Iannopollo.
Privacy and Consent Affect Purchasing Decisions
It's not just a few privacy-aware consumers making noise. According to Iannopollo, Forrester's data shows there that consumers are paying attention to the way companies are managing privacy, and privacy is actually informing the purchasing decisions of many.
"Consumers are looking at privacy when they decide to buy products or services from organizations," says Iannopollo.
"In our data from European consumers, you see across the countries that above 50% of customers say that the way a company treats my personal data actually affects my willingness to do business with a specific company.”
Want to hear more from Forrester and Enza Iannopollo? Check out the full webinar, now available on-demand.
Jeff Edwards is a tech writer and analyst with six years of experience covering compliance, information security, and IT. Jeff previously worked as a reporter covering Boston City Hall.