Updated February 3, 2020.
A consent management platform (CMP) is a piece of software that websites across the world can use to protect the privacy of their users from unwanted data collection and invasive third-party trackers.
A consent management platform like Cookiebot is the security guarantee for users that your website is in compliance with data protection laws like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
A CMP lets users know that they are in control of their own data and privacy.
Consent management platforms or CMPs deal with – as their name implies – the control of user consent on websites regarding the collection and handling of personal information.
Most data privacy laws around the world regulate the way businesses, organizations, governments and the likes are allowed to collect and use the personal data of individuals. The two most prominent examples are the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
There are many different consent management platforms for websites to use in order to obtain compliance with the data privacy laws, each with a different technology for managing user consent.
A consent management platform like Cookiebot works by scanning your entire website to find all the cookies, trackers and similar technology present.
Then it pauses all and holds everything back (apart from those strictly necessary for the website’s basic functioning) and empowers the users and visitors to make their choice of consent via a consent banner as to which categories of cookies, they wish to set in operation.
In other words, Cookiebot’s consent management platform is a two-way protection: for the privacy of end-users and the legal compliance of your website.
Cookiebot enables both GDPR and CCPA compliance.
It is the data protection law that is binding in all twenty-seven member states of the European Union.
It came into effect in May 2018 and has since caused a fundamental change to the make-up of the commercial Internet, not just in the EU, but globally, since the GDPR applies to any company or website across the globe, if they have visitors from inside the EU (called “extraterritorial reach”).
The GDPR regulates how data controllers (websites, companies, organizations, anyone who handles other people’s data) are allowed to collect and process personal data on individuals within the EU.
A consent management platform like Cookiebot enables GDPR compliance for your website, regardless of where in the world you might be based.
Of the various legal bases for processing, the first and most widely applied is the condition of consent. This means that to collect and process personal data, your website must first obtain the informed and unambiguous consent of the data subject in the EU.
This is typically done through… a consent management platform!
California Consumer Privacy Act (CCPA) is a statewide law that took effect on January 1, 2020 and regulates how the personal information of California residents are allowed to be collected, handled and sold by businesses all over the world.
CCPA empowers California users with a right to know what personal information a business has collected from them, a right to have that data deleted, and a right to opt out of having their data sold to third parties.
A consent management platform like Cookiebot ensures CCPA compliance for businesses all over the world.
In order to be in compliance with the CCPA, a website has to inform its users of the categories of personal information it collects (at or before the point of collection), feature a Do Not Sell My Personal Information (DNSMPI) link on the website and provide information on how users can exercise their rights to deletion.
Cookiebot enables CCPA compliance for websites with a CCPA specific configuration, which detects when a user is from California and then presents them with a CCPA compliant cookie declaration featuring the legally required DNSMPI link.
Most websites in the world have third-party cookies imbedded, even if the website owner or controller is not aware of it.
Everything from social media plugins to embedded videos will typically bring dozens of invasive third-party trackers with them that harvest data from your visitors and sell these to other companies, unbeknownst and unconsented by the users themselves.
Unless you have a website with only strictly necessary cookies (which, frankly, is very unlikely), you are legally obligated to not only inform your users about what tracking technologies are present on your website, you must also obtain their explicit consent for the activation of these.
It requires substantial time, work and technical insight to not only become aware of the extent of cookies and trackers on your domain, but also to control them in compliance with the EU’s GDPR and California’s CCPA.
It’s a lot of work to keep up with the constantly changing landscape of data privacy compliance and the ever-evolving specs of online tracking, which is exactly why a consent management platform like Cookiebot exists.
It’s not just to make things easier for websites, it’s also to ensure real and thorough compliance for true data privacy protection.
This drives Cookiebot every day.
A consent management platform like Cookiebot gives you total control of all things cookies and trackers and consent and legal compliance.
At Cookiebot, we spend the better part of our days developing and fine-tuning the ground-breaking software that is unique and crafted specifically to protect the privacy of your end-users, making your website compliant with the GDPR’s consent requirements and the CCPA's information and opt out requirements.
A consent management platform like Cookiebot provides you and your domains with several functions that will transform the privacy framework around your website.
The scanning technology developed at Cookiebot is unlike any other on the market – we do really find every single cookie and similar tracking technology – even the cookies and trackers you had no idea was hiding in the deepest subpage on your domain.
This is not an insignificant advantage to other consent management platforms – it is a decisive difference and a key feature of real compliance that Cookiebot enables your website to ensure its visitors that you do indeed know and control all cookies and trackers.
Using the cookie declaration that the scanner creates from its exhaustive findings, our consent management platform then creates a consent banner that pops up on any page of your website, when the user arrives for the first time.
Cookiebot informs the users about the cookies and trackers, the make-up of first and third-party technology present, and empowers them with a choice between four categories (three are optional, one strictly necessary and mandatorily pre-checked).
A European privacy law compliant consent banner from Cookiebot.
According the highest legal body in the EU – the Court of Justice of the European Union (CJEU) – no website consent banners are allowed to have pre-checked checkboxes. Users have to affirmatively opt in and consent to the processing of their data by ticking the boxes of a consent banner themselves.
A consent management system like Cookiebot enables your website to be compliant with the GDPR and the ePrivacy Directive, as well as the CJEU ruling, since our consent banners are highly customizable and work to fit myriads of global privacy laws, from the GDPR to the California Consumer Privacy Act (CCPA) to the LGPD of Brazil.
To be compliant with the CCPA, websites must have an updated cookie declaration with a Do Not Sell My Personal Information link for users to opt out of third-party data sales.
A CCPA compliant cookie declaration by Cookiebot.
Using a CMP with automatic geotargeting like Cookiebot, you can rest assured that your website presents its users with the right data privacy solution, whether they are from inside the EU or California.
Cutting-edge technology in the business of consent management platforms allows Cookiebot to automatically control all the cookies and trackers on your website.
This is different from self-defense privacy tools like ad blockers and VPNs that can be employed by your end-users themselves (and often break the website).
A consent management provider doesn’t put the responsibility of protecting their privacy on the end-users’ shoulders – rather, as required by the GDPR, it helps websites make their own privacy framework compliant.
With a consent management platform like Cookiebot, you are in full control of which cookies are set on your website - instead of leaving it up to your users to opt in and out of hundreds of third-party cookie providers.
Cookiebot can be implemented in two different ways: automatically or manually.
For manual implementation, you will need to manually mark up the cookie-setting script tags on your website in order to be able to control its cookies and trackers. If you want more insight and agency into exactly how Cookiebot will run on your domain, you can opt in for the manual implementation.
The Internet has changed a lot since the early 2000s – behavioral advertisement based on profiling and data abuse proliferate the commercial Internet and a great privacy awakening has been rolling across the world since the scandalous revelations about Cambridge Analytica.
We are all becoming critical users, just like we have become critical consumers when it comes to organic foods and recycling.
Surveillance on the Internet is real and pervasive – using a consent management platform can make your website a safe private space.
Privacy is not a trend.
This much is confirmed by the global data protection laws emerging across the world (CCPA // LGPD // GDPR), and the readiness of great scholars, like Shoshana Zuboff, to put into words the very real dangers that we face as a democratic society if we don’t act on the threat of data abuse now.
By using a consent management platform like Cookiebot on your website, you choose not only to comply with global privacy laws, you also make your website – your tiny corner of the endless Internet – a safe space from malicious ad tech giants who otherwise collect and sell intimate details of personal information for profit.
You effectively opt-out of the surveillance markets that power massive data abuse, breaches, misinformation and algorithmically controlled echo chambers.
You cut the ties between your website and the black data markets.
Using a consent management provider like Cookiebot will not break your website, that’s the whole point of our product. We have developed a unique piece of technology that balances strong, genuine data protection with nuanced integration that takes care to not compromise the operation of your domain.
However, when it comes to the EU, the GDPR and the CJEU’s ruling on what constitutes valid consent in the EU are very clear: you must obtain the explicit consent of your users, if your process any data.
This will have implications on your analytics, but on the other hand, not using a consent management platform can have even worse implications, such as heavy fines, bans from processing data and the abuse of your visitors’ data.
There is no way around protecting the privacy of your user, and no way around dealing with the content – first or third party regardless – of your website.
Using a consent management platform like Cookiebot can make both as easy and effortless as locking your front door.