Managing User Consent On Your Website

As you know by now, managing user privacy today can be intimidating. Much of the conversation in the digital realm revolves around how to get and manage user consent for tracking and use of cookies on your website. Broadly speaking, your privacy policy should include all the ways audience data is handled by your organization, from your website to your box office, surveys, email, and more. So you might ask: what kind of banner should I have on my website to allow customers to make a choice and view my privacy policy?

Because digital privacy laws are varied and inconsistent, there is not one universally agreed-upon or required solution, particularly for US-based organizations. On the one hand, a GDPR-compliant consent banner will mean you could be blocking tracking—even when you are not legally required to do so—potentially hamstringing your digital measurement, website analytics, and campaign performance. On the other hand, no consent banner—failing to comply with regional regulations—opens your organization up to additional liability.

The correct solution for your organization requires an assessment of your legal requirements and an understanding of your organization’s risk tolerance, which will require input from your legal team. But the data collection and tracking that start on your website is where CI can help. Read on for your consent management next steps!

The State of Privacy Regulation

All laws—national and international—are based on where audiences are located, not the business. That means customers visiting your website from the EU/UK are protected by GDPR, users from California are protected by CCPA/CPRA, etc.

Explicit Consent

Countries with explicit consent require users to explicitly opt into the use of cookies before any tracking can occur. This includes the EU, UK, Brazil, Canada, Chile, Colombia, India, Morocco, Malaysia, South Africa, South Korea, Japan, and Taiwan.

Implicit Consent

Implicit or implied consent means users should be allowed to opt out of tracking, but explicit consent is not required before tracking occurs. The United States, Australia, Hong Kong, and Switzerland are implied consent regions.

This distinction is less about what the banner looks like and the options provided and more about how it functions: whether it blocks cookies and tracking before a user consents or not.

Privacy Laws in the US

There is no federal legislation in the US, but rather, digital privacy is determined at the state level. The US States with digital privacy laws effective 2024: CA, CT, CO, MO, OR, TX, UT, VA.

Many regions have minimums for the number of residents or revenue generated from residents before businesses are subject to the law. Learn more about privacy regulation by digging into the US state laws or exploring global regulation.

Consent Management Platforms

A Consent Management Platform (CMP) is a software solution that helps you manage personal information and consent on your website. Some Content Management Systems (CMS) have native consent banners; others (like WordPress) have plugins available. A CMP offers additional control and flexibility to design and deploy a consent banner, without developer support.

CMPs offer the following benefits:

✓ Site Evaluation

Most CMPs will automatically crawl your site and provide a list of cookies, categorize them by type, and provide descriptions.

✓ Compliance

Many CMPs incorporate tools to understand how certain design and configuration choices relate to various laws and regulations.

✓ Customize Banner by Region

Want the ability to show a GDPR-compliant banner for EU/UK traffic or no banner for your Ohio traffic? Most CMPs allow you to create multiple banner experiences and deploy them based on the user’s region.

✓ Analytics

Most CMPs provide analytics on what percent of users opt in or opt out so you can better understand your dataset.

✓ Flexibility

Update the look and feel of your banner, cookie description, geo-settings, and more all from within a relatively user-friendly platform without additional input from developers.

Which CMP should I use?

The CMP you choose is up to you and the needs of your organization, but Cookiebot, OneTrust, iubenda, Sourcepoint, and Osano are all well-regarded providers.

Your Consent Management Next Steps

So you’re ready to take the next steps with consent management? That’s great! You’re well on your way to a solid user privacy strategy, which will build trust and deepen relationships with your audience (after all, that’s what they expect in 2024).

1. Review the relevant regulations, but note that these laws aren’t static and will likely continue to evolve.
2. Outline your consent policy. What kind of consent experience would you like to provide for your audiences? Will you provide one experience for everyone or will it vary by region?
3. Use a Consent Management Platform to design your consent banner and deploy it on your website. (If you work with CI, as with any changes on your website, be sure to keep your CI team in the loop!)
4. Monitor performance. Some CMPs offer the ability to review acceptance rates. This can help understand what percentage of your data is lost or impacted. Similarly, look out for changes in your Google Analytics data. Things like dramatic increases in the volume of users or an increase in traffic attributed to “Direct” could indicate consent settings are impacting your ability to measure.

Looking for a Privacy Partner?

If you’d like assistance navigating this process, CI can help! Remember, CI will never be able to offer legal advice, but we can help you deploy consent management solutions that respect customer privacy and regulations while maximizing your data. That’s a must for marketing smarter in 2024—and beyond! Let’s get started.