Updated January 21, 2020.
A consent management platform (CMP) is a solution for websites to protect the data privacy of their users and be compliant with world’s major data privacy laws – the EU’s GDPR, UK-GDPR, California’s CCPA/CPRA and more.
Cookiebot consent management platform (CMP) is a world-leading solution built around a powerful website scanner that detects and controls all cookies, trackers and trojan horses, so your users can give true and meaningful consent.
In this blogpost, we break down what a consent management platform (CMP) is, how it works and why Cookiebot CMP is your website’s all-in-one solution.
What is a consent management platform (CMP)?
Consent management platforms (CMPs) deal with – as their name implies – the control of user consent on websites regarding the collection and handling of personal information, often through cookies and third-party trackers.
Most data privacy laws around the world regulate the way websites, businesses, organizations, governments and the likes are allowed to collect and use the personal data of individuals.
There are many different consent management platforms for websites to use in order to obtain compliance with the data privacy laws, each with a different technology for managing user consent.
Why do you need a consent management platform (CMP)?
Cookies and trackers on your websites can be close to impossible to find and control without a consent management platform –
72% of cookies are hidden inside other trackers – so-called trojan horses.
18% of cookies hide even deeper within other tracker, sometimes loaded by eight other cookies.
50% of trojan horses will change upon repeated visits by users on your website.
Source: Beyond the Front Page, a 2020 study of more than ten thousand websites and their cookies.
What does Cookiebot CMP do?
A consent management platform gives you total control of all things that have to do with cookies, trackers, user consent and legal compliance – all in a plug-and-play and fully automated solution that fits any website, from the smallest food blog to the biggest enterprise domains.
Our solution is a unique and powerful technology that is able to simulate real users on your website and offer you an in-depth x-ray of all personal data processing and third-party data tracking that goes on.
After detecting everything, Cookiebot CMP then controls it all based on each user’s individual consent choice – made through a simple, yet customizable consent banner – enabling full compliance with the world’s major data privacy laws like the EU’s GDPR, UK’s GDPR, California’s CCPA/CPRA, Brazil’s LGPD, South Africa’s POPIA, Singapore PDPA and many more.
Automatic cookie control
Cutting-edge technology in the business of consent management allows Cookiebot CMP to automatically control all the cookies and trackers on your website.
This is different from self-defense privacy tools like ad blockers and VPNs that can be employed by your end-users themselves (and often break the website).
A consent management provider doesn’t put the responsibility of protecting their privacy on the shoulders of end-users – rather, as required by the EU’s GDPR, UK’s GDPR and more data privacy laws, a solution like ours helps websites make their own privacy framework compliant.
With Cookiebot as your consent management platform, you are in full control of which cookies are set on your website – instead of leaving it up to your users to opt in and out of hundreds of third-party cookie providers.
Cookie consent banner for GDPR compliance
Using the cookie declaration that the website scanner creates from its exhaustive findings, Cookiebot CMP then creates a consent banner that pops up on any page of your website, when the user arrives for the first time.
Cookiebot CMP informs the users about the cookies and trackers, the make-up of first and third-party technology present, and empowers them with a choice between four categories (three are optional, one strictly necessary and mandatorily pre-checked).
Granular consent and detailed information on each cookie, its purpose, provider, duration and type, secures full GDPR compliance for your website, and true privacy protection for your users.
Cookie declaration and opt-out for CCPA compliance
To be compliant with California’s CCPA, websites must have an updated cookie declaration with a Do Not Sell My Personal Information link for users to opt out of third-party data sales.
Using a CMP with automatic geotargeting, you can rest assured that your website presents its users with the right data privacy solution, whether they are from inside the EU or California.
Google Consent Mode and Cookiebot CMP
Google Consent Mode helps you find a balance for your website between data privacy compliance and analytics insights and advertisement optimization.
Google Consent Mode lets you run all your website’s Google-services (like Google Analytics and Google Ads) based on the consent state of your end-users.
If an end-user opts out of statistics and marketing cookies, Google Consent Mode ensures aggregate and non-identifying data for website optimization and conversion measurement, as well as being enabling you to display contextual ads to the user instead than targeted, personalized ads – respecting the user’s consent in GDPR compliance and securing important ads revenue for your domain.
Using our soution to ask for and obtain the prior consent for processing personal data from users, your website can use this consent state to let the Google Consent Mode run all your website’s preferred Google-services in a simple, streamlined way.
What is the GDPR?
The GDPR is the data protection law that is binding in all twenty-seven member states of the European Union.
GDPR came into effect in May 2018 and has since caused a fundamental change to the make-up of the commercial Internet – not just in the EU, but globally, since the GDPR applies to any company or website across the globe, if they have visitors from inside the EU (called “extraterritorial reach”).
GDPR regulates how data controllers (websites, companies, organizations, anyone who handles other people’s data) are allowed to collect and process personal data on individuals within the EU.
Of the various legal bases for processing, the first and most widely applied is the condition of consent. This means that to collect and process personal data, your website must first obtain the informed and unambiguous consent of the data subject in the EU.
EDPB guidelines on valid consent state that –
- Scrolling or continued browsing is not valid consent
- Pre-ticked checkboxes on consent banners is not valid consent
- Cookie walls (making consent conditioned for website access) are not valid consent
The European Data Protection Board (EDPB) is the leading supervisory authority in the EU on GDPR enforcement.
Our CMP makes your website fully compliant with the GDPR and EDPB guidelines, as well as the CCPA and many other major data protection laws around the world.
What is the CCPA?
California Consumer Privacy Act (CCPA) is a statewide law that took effect on January 1, 2020 and regulates how the personal information of California residents are allowed to be collected, handled and sold by businesses all over the world.
CCPA empowers California users with a right to know what personal information a business has collected from them, a right to have that data deleted, and a right to opt out of having their data sold to third parties.
In order to be in compliance with the CCPA, a website has to inform its users of the categories of personal information it collects (at or before the point of collection), feature a Do Not Sell My Personal Information (DNSMPI) link on the website and provide information on how users can exercise their rights to deletion.
We enable CCPA compliance for websites with a CCPA specific configuration, which detects when a user is from California and then presents them with a CCPA compliant cookie declaration featuring the legally required DNSMPI link.
Why should I use a consent management platform (CMP)?
Most websites in the world have third-party cookies imbedded, even if the website owner or controller is not aware of it.
Everything from social media plugins to embedded videos will typically bring dozens of invasive third-party trackers with them that harvest data from your visitors and sell these to other companies, unbeknownst and unconsented by the users themselves.
Unless you have a website with only strictly necessary cookies (which, frankly, is very unlikely), you are legally obligated to not only inform your users about what tracking technologies are present on your website, you must also obtain their explicit consent for the activation of these.
It requires substantial time, work and technical insight to not only become aware of the extent of cookies and trackers on your domain, but also to control them in compliance with the EU’s GDPR and California’s CCPA.
It’s a lot of work to keep up with the constantly changing landscape of data privacy compliance and the ever-evolving specs of online tracking, which is exactly why a consent management platform exists.
It’s not just to make things easier for websites, it’s also to ensure real and thorough compliance for true data privacy protection.
This what Cookiebot CMP is built on.
What are the benefits of using a consent management platform?
The Internet has changed a lot since the early 2000s – behavioral advertisement based on profiling and data abuse proliferate the commercial Internet and a great privacy awakening has been rolling across the world since the scandalous revelations about Cambridge Analytica.
We are all becoming critical users, just like we have become critical consumers when it comes to organic foods and recycling.
Data privacy is not a trend.
This much is confirmed by the global data protection laws emerging across the world and the readiness of great scholars, like Shoshana Zuboff, to put into words the very real dangers that we face as a democratic society if we don’t act on the threat of data abuse now.
By using Cookiebot CMP as your website’s consent management platform on your website, you choose not only to comply with global privacy laws, you also make your website – your tiny corner of the endless Internet – a safe space from malicious ad tech giants who otherwise collect and sell intimate details of personal information for profit.
You effectively opt-out of the surveillance markets that power massive data abuse, breaches, misinformation and algorithmically controlled echo chambers.
You cut the ties between your website and the black data markets.
Yeah, but don’t I also lose all of my Google Analytics by using a consent management platform?
Using a consent management provider will not break your website, that’s the whole point of our product. We have developed a unique piece of technology that balances strong, genuine data protection with nuanced integration that takes care to not compromise the operation of your domain.
This will have some implications on your analytics, but on the other hand, not using a consent management platform can have even worse implications, such as heavy fines, bans from processing data and the abuse of your visitors’ data.
There is no way around protecting the privacy of your user, and no way around dealing with the content – first or third party regardless – of your website.
However – Cookiebot CMP integrates seamlessly with Google Consent Mode, which allows you to still get valuable analytics data and marketing metrics even if your users choose to opt out of cookies on your website.
What is a consent management platform?
A consent management platform – or “CMP” – is a technology that websites use to obtain the legal consents from users to process their personal data, typically through cookies and trackers in operation on the domain. Consent management platforms help websites be in compliance with data protection laws like the EU’s GDPR, which requires user consent prior to any activation of cookies that process personal data.
What is personal data?
Personal data or personal information is information that can be used to identify a living individual. Different data protection laws, like the GDPR and the CCPA, define personal data differently, but broadly they all agree on the fact that if data can be used to identify – directly or by indirectly by inference – a human being, that data is personal data.
What are cookies?
Cookies are small text files that websites use to identify and remember users, serve targeted advertisement, generate analytics and statistics on performance and more. Cookies come in many different types, some are necessary for the basic functions of a website, others are marketing cookies that are often placed on websites by third parties like social media platforms or big tech companies.
How do cookies collect personal data?
Cookies are stored on a user’s browser when they visit a website. Cookies will often contain personal data like IP addresses or Unique IDs that make it possible for websites to identify and recall users upon repeated visits. Once on the browser, cookies are able to monitor the user’s activity on the website or across websites. Some cookies, like third-party marketing cookies, will share personal data with other commercial entities that utilize it to serve behavioral advertisement back at the user, when they land on websites.