All Blog Posts

Consent Management Platform – CMP

The EU’s GDPR and California’s CCPA both affect how your website is allowed to handle the personal data of users.


Updated January 21, 2020.

A consent management platform (CMP) is a solution for websites to protect the data privacy of their users and be compliant with world’s major data privacy laws – the EU’s GDPR, UK-GDPR, California’s CCPA/CPRA and more.

Cookiebot consent management platform (CMP) is a world-leading solution built around a powerful website scanner that detects and controls all cookies, trackers and trojan horses, so your users can give true and meaningful consent.

In this blogpost, we break down what a consent management platform (CMP) is, how it works and why Cookiebot CMP is your website’s all-in-one solution.

Consent management platforms (CMPs) deal with – as their name implies – the control of user consent on websites regarding the collection and handling of personal information, often through cookies and third-party trackers.

Most data privacy laws around the world regulate the way websites, businesses, organizations, governments and the likes are allowed to collect and use the personal data of individuals.

The two most prominent examples are the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

There are many different consent management platforms for websites to use in order to obtain compliance with the data privacy laws, each with a different technology for managing user consent.

Cookies and trackers on your websites can be close to impossible to find and control without a consent management platform –

72% of cookies are hidden inside other trackers – so-called trojan horses.

18% of cookies hide even deeper within other tracker, sometimes loaded by eight other cookies.

50% of trojan horses will change upon repeated visits by users on your website.

Source: Beyond the Front Page, a 2020 study of more than ten thousand websites and their cookies.

What does Cookiebot CMP do?

A consent management platform gives you total control of all things that have to do with cookies, trackers, user consent and legal compliance – all in a plug-and-play and fully automated solution that fits any website, from the smallest food blog to the biggest enterprise domains.

Our solution is a unique and powerful technology that is able to simulate real users on your website and offer you an in-depth x-ray of all personal data processing and third-party data tracking that goes on.

After detecting everything, Cookiebot CMP then controls it all based on each user’s individual consent choice – made through a simple, yet customizable consent banner – enabling full compliance with the world’s major data privacy laws like the EU’s GDPR, UK’s GDPR, California’s CCPA/CPRA, Brazil’s LGPD, South Africa’s POPIA, Singapore PDPA and many more.

Cutting-edge technology in the business of consent management allows Cookiebot CMP to automatically control all the cookies and trackers on your website.

This is different from self-defense privacy tools like ad blockers and VPNs that can be employed by your end-users themselves (and often break the website).

A consent management provider doesn’t put the responsibility of protecting their privacy on the shoulders of end-users – rather, as required by the EU’s GDPR, UK’s GDPR and more data privacy laws, a solution like ours helps websites make their own privacy framework compliant.

With Cookiebot as your consent management platform, you are in full control of which cookies are set on your website – instead of leaving it up to your users to opt in and out of hundreds of third-party cookie providers.

Learn more about GDPR compliance

Using the cookie declaration that the website scanner creates from its exhaustive findings, Cookiebot CMP then creates a consent banner that pops up on any page of your website, when the user arrives for the first time.

Cookieboot Pop Up Banner - Cookiebot
A GDPR compliant cookie consent banner by Cookiebot CMP.

Cookiebot CMP informs the users about the cookies and trackers, the make-up of first and third-party technology present, and empowers them with a choice between four categories (three are optional, one strictly necessary and mandatorily pre-checked).

Granular consent and detailed information on each cookie, its purpose, provider, duration and type, secures full GDPR compliance for your website, and true privacy protection for your users.

To be compliant with California’s CCPA, websites must have an updated cookie declaration with a Do Not Sell My Personal Information link for users to opt out of third-party data sales.

Cookiebot CCPA compliant cookie declaration screenshot - Cookiebot
A CCPA compliant cookie declaration by Cookiebot CMP.

Using a CMP with automatic geotargeting, you can rest assured that your website presents its users with the right data privacy solution, whether they are from inside the EU or California.

Learn more about compliance with California’s CCPA

Google Consent Mode helps you find a balance for your website between data privacy compliance and analytics insights and advertisement optimization.

Google Consent Mode lets you run all your website’s Google-services (like Google Analytics and Google Ads) based on the consent state of your end-users.

If an end-user opts out of statistics and marketing cookies, Google Consent Mode ensures aggregate and non-identifying data for website optimization and conversion measurement, as well as being enabling you to display contextual ads to the user instead than targeted, personalized ads – respecting the user’s consent in GDPR compliance and securing important ads revenue for your domain.

Cookiebot CMP integrates seamlessly with the Google Consent Mode!

Using our soution to ask for and obtain the prior consent for processing personal data from users, your website can use this consent state to let the Google Consent Mode run all your website’s preferred Google-services in a simple, streamlined way.

Get started with Google Consent Mode

What is the GDPR?

The GDPR is the data protection law that is binding in all twenty-seven member states of the European Union.

GDPR came into effect in May 2018 and has since caused a fundamental change to the make-up of the commercial Internet – not just in the EU, but globally, since the GDPR applies to any company or website across the globe, if they have visitors from inside the EU (called “extraterritorial reach”).

GDPR regulates how data controllers (websites, companies, organizations, anyone who handles other people’s data) are allowed to collect and process personal data on individuals within the EU.

Flag of European Union - Cookiebot
Our consent management platform enables GDPR compliance for your website, regardless of where in the world you might be based.

Of the various legal bases for processing, the first and most widely applied is the condition of consent. This means that to collect and process personal data, your website must first obtain the informed and unambiguous consent of the data subject in the EU.

EDPB guidelines on valid consent state that –

  • Scrolling or continued browsing is not valid consent
  • Pre-ticked checkboxes on consent banners is not valid consent
  • Cookie walls (making consent conditioned for website access) are not valid consent

The European Data Protection Board (EDPB) is the leading supervisory authority in the EU on GDPR enforcement.

Our CMP makes your website fully compliant with the GDPR and EDPB guidelines, as well as the CCPA and many other major data protection laws around the world.

Learn more about EDPB guidelines on valid consent

Learn more about GDPR compliance

What is the CCPA?

California Consumer Privacy Act (CCPA) is a statewide law that took effect on January 1, 2020 and regulates how the personal information of California residents are allowed to be collected, handled and sold by businesses all over the world.

CCPA empowers California users with a right to know what personal information a business has collected from them, a right to have that data deleted, and a right to opt out of having their data sold to third parties.

California flag red star and grizzly bear - Cookiebot
Our consent management platform ensures CCPA compliance for businesses all over the world.

In order to be in compliance with the CCPA, a website has to inform its users of the categories of personal information it collects (at or before the point of collection), feature a Do Not Sell My Personal Information (DNSMPI) link on the website and provide information on how users can exercise their rights to deletion.

We enable CCPA compliance for websites with a CCPA specific configuration, which detects when a user is from California and then presents them with a CCPA compliant cookie declaration featuring the legally required DNSMPI link.

Learn more about the CCPA compliance

Most websites in the world have third-party cookies imbedded, even if the website owner or controller is not aware of it.

Everything from social media plugins to embedded videos will typically bring dozens of invasive third-party trackers with them that harvest data from your visitors and sell these to other companies, unbeknownst and unconsented by the users themselves.

Unless you have a website with only strictly necessary cookies (which, frankly, is very unlikely), you are legally obligated to not only inform your users about what tracking technologies are present on your website, you must also obtain their explicit consent for the activation of these.

It requires substantial time, work and technical insight to not only become aware of the extent of cookies and trackers on your domain, but also to control them in compliance with the EU’s GDPR and California’s CCPA.

It’s a lot of work to keep up with the constantly changing landscape of data privacy compliance and the ever-evolving specs of online tracking, which is exactly why a consent management platform exists.

It’s not just to make things easier for websites, it’s also to ensure real and thorough compliance for true data privacy protection.

This what Cookiebot CMP is built on.

Besides ensuring compliance with the EU’S GDPR and California’s CCPA, a consent management platform provides you with a real difference when it comes to privacy and security.

The Internet has changed a lot since the early 2000s – behavioral advertisement based on profiling and data abuse proliferate the commercial Internet and a great privacy awakening has been rolling across the world since the scandalous revelations about Cambridge Analytica.

We are all becoming critical users, just like we have become critical consumers when it comes to organic foods and recycling.

Rows of surveillance cameras on a brick wall - Cookiebot
Surveillance on the Internet is real and pervasive – using a consent management platform can make your website a safe private space.

Data privacy is not a trend.

This much is confirmed by the global data protection laws emerging across the world and the readiness of great scholars, like Shoshana Zuboff, to put into words the very real dangers that we face as a democratic society if we don’t act on the threat of data abuse now.

By using Cookiebot CMP as your website’s consent management platform on your website, you choose not only to comply with global privacy laws, you also make your website – your tiny corner of the endless Internet – a safe space from malicious ad tech giants who otherwise collect and sell intimate details of personal information for profit.

You effectively opt-out of the surveillance markets that power massive data abuse, breaches, misinformation and algorithmically controlled echo chambers.

You cut the ties between your website and the black data markets.

Using a consent management provider will not break your website, that’s the whole point of our product. We have developed a unique piece of technology that balances strong, genuine data protection with nuanced integration that takes care to not compromise the operation of your domain.

However, when it comes to the EU, the GDPR and EDPB guidelines on valid consent in the EU are very clear: you must obtain the explicit consent of your users, if your process any data.

This will have some implications on your analytics, but on the other hand, not using a consent management platform can have even worse implications, such as heavy fines, bans from processing data and the abuse of your visitors’ data.

There is no way around protecting the privacy of your user, and no way around dealing with the content – first or third party regardless – of your website.

However – Cookiebot CMP integrates seamlessly with Google Consent Mode, which allows you to still get valuable analytics data and marketing metrics even if your users choose to opt out of cookies on your website.

Get started with Google Consent Mode and Cookiebot CMP for free now


What is a CMP?

A consent management platform – or “CMP” – is a technology that websites use to obtain the legal consents from users to process their personal data, typically through cookies and trackers in operation on the domain. Consent management platforms help websites be in compliance with data protection laws like the EU’s GDPR, which requires user consent prior to any activation of cookies that process personal data.

Scan your website to see if it’s compliant with the EU’s GDPR

What is personal data?

Personal data or personal information is information that can be used to identify a living individual. Different data protection laws, like the GDPR and the CCPA, define personal data differently, but broadly they all agree on the fact that if data can be used to identify – directly or by indirectly by inference – a human being, that data is personal data.

Learn more about GDPR software

What are cookies?

Cookies are small text files that websites use to identify and remember users, serve targeted advertisement, generate analytics and statistics on performance and more. Cookies come in many different types, some are necessary for the basic functions of a website, others are marketing cookies that are often placed on websites by third parties like social media platforms or big tech companies.

Learn more about GDPR and cookies

How do cookies collect personal data?

Cookies are stored on a user’s browser when they visit a website. Cookies will often contain personal data like IP addresses or Unique IDs that make it possible for websites to identify and recall users upon repeated visits. Once on the browser, cookies are able to monitor the user’s activity on the website or across websites. Some cookies, like third-party marketing cookies, will share personal data with other commercial entities that utilize it to serve behavioral advertisement back at the user, when they land on websites.

Learn more about website tracking and cookies.


Get started with Google Consent Mode and Cookiebot CMP

Try Cookiebot CMP free for 14 days… or forever if you have a small website

Learn more about GDPR compliance with Cookiebot CMP

Learn more about CCPA compliance with Cookiebot CMP

Learn more about LGPD compliance with Cookiebot CMP

EDPB guidelines on valid consent in the EU

What is behavioral advertisement?

Cambridge Analytica and the Great Privacy Awakening

    Stay informed

    Join our growing community of data privacy enthusiasts now. Subscribe to the Cookiebot™ newsletter and get all the latest updates right in your inbox.

    By clicking on “Subscribe” I confirm that I want to subscribe to the Cookiebot™ newsletter. I can easily cancel my Cookiebot™ newsletter subscription and revoke consent to use my data by clicking the unsubscribe link or I can write to [email protected] to make the request. Privacy policy.