3 requirements for effective consent management

Consent is the beating heart of data privacy. All modern privacy regulations require organizations to obtain people’s consent before collecting and using their data. 

When I ask privacy program stakeholders to define consent management, they often think of the first step: collecting it. But it’s just as important, to consumers AND regulators, to satisfy the second step: enforcing and respecting people’s consent choices across your data ecosystem, wherever that personal and sensitive data lives. 

The problems with first-generation consent management tools 

Unfortunately, most businesses are using an outdated consent management tool. Their infrastructure isn’t ready for the demands of the modern data economy:

• The outdated approach: Businesses use cookies to capture consent in a single specific context—a single browser, on a single device, accessing a single website.
• The modern world: Customers interact with brands in countless new channels and mediums—in-store, online, and mobile interactions, customer loyalty programs, CRM tools and email lists, and more—and businesses need to orchestrate and connect those consent signals as data flows through their business. 

With California’s data laws now taking effect, and third-party cookie deprecation on the horizon, organizations urgently need to implement better consent solutions that comply with regulator and consumer expectations. Here are the three key capabilities required for effective consent management in the modern data economy.

Three requirements for modern consent management

1. Use a purpose-based consent collection framework 

Creating an effective consent management process starts with asking the right questions at the point of consent collection. The right questions will help you understand what data a consumer is ok with you using, for what purposes. 

Imagine this scenario: you’re at a restaurant, and you want to communicate your dietary restrictions to your waiter quickly and simply. A vegetarian should be able to say “no meat, please” once and then feel confident they won’t be offered any dishes or sauces containing animal products by any waiter in the restaurant.

A narrow, cookie-based approach is like a restaurant where the consumer has to specify each and every time they order a dish that they don’t want chicken, beef, fish, or pork on their plate—and then explain their expectations all over again if they are later served by a different waiter. Perhaps they were even served dishes that weren’t vegetarian but they simply didn’t know. There’s no effort to recognize the customer’s underlying intent, or to apply their preferences beyond the immediate scope of the initial interaction.

This repetitive, very literal experience is similar to what a user experiences when a business or brand is using a first-generation, cookie-based consent manager. The consumer is providing a general “yes” or “no” to cookie collection, but business has no underlying understanding of what specific data collection is or is not acceptable to any given consumer. And even worse: cookie banners cover too narrow a scope to comply with most modern data regulations.

A modern consent management platform should capture rich insights into what your customers really want done with their data. Instead of capturing a single narrow consent signal—“Sure, you can put a cookie on my computer”—the best consent management platforms are capturing consent preferences according to data purposes. Asking people for preferences aligned to the purpose for which the company will use their data:

• Analytics
• Advertising
• And so on 

Instead of capturing a single narrow consent signal—“Sure, you can put a cookie on my computer”—the best consent management platforms are capturing consent preferences according to data purposes. 

At Ketch, we also build out purpose-specific data controls, joining the dots between consumer preferences and whole-ecosystem data practices. For example: if a consumer says they’re okay with you collecting and analyzing their data, but that they don’t want their data sold to third parties, we empower you to seamlessly ensure none of their data is ever sold, regardless of how it was collected or where it flows.‍

2. Respect your consumer's privacy choices across every browser, device, and interaction

To enforce consumer preferences at scale, organizations need to remember returning customer preferences. It isn’t enough to put a cookie on a person’s browser—you need to apply their preferences across all their browsers, devices, and other interactions with your brand, every time they visit you. This requires a sophisticated understanding of identity. 

Cookies only offer a single window onto your relationship with an individual consumer. You need the ability to build an identity graph that unifies all your interactions with a consumer—a many-to-many solution that collates all incoming consent signals and preferences, then projects them back outward to ensure that a consent signal from a single touchpoint is instantly reflected across all your interactions with a specific customer.

Creating an effective consumer identity graph is a game-changer when it comes to respecting people’s privacy choices. Modern consent and preference management platforms enable you to anchor every customer interaction in a unified understanding of the consumer’s individual identity. 

3. When your customer makes a privacy choice, enforce it everywhere across your data ecosystem

In the modern data environment, it isn’t enough to enforce people’s consent choices across your own internal data systems. You also need to ensure that consent choices are enforced across your entire network of third-party service providers and applications—anywhere the data resides. 

The average enterprise organization connects to 175+ third-party cloud services, with data flowing in both directions to deliver the personalized and powerful experiences that consumers expect. This creates enormous challenges for organizations that rely on manual processes for managing data requests and dealing with third-party providers.

Ketch solves this problem by using deep APIs to connect directly with service providers’ data systems, enabling consent signals to flow in both directions in real time. There’s no need to send manual signals or try to police your partners’ data practices: the entire process is automated. Each amended preference or deletion request ripples instantly through not just your own business, but your entire network of data partners. 

The result is seamless consent orchestration across your entire data ecosystem, with a level of integration into third-party providers’ data systems that would be impossible for individual enterprises to execute and maintain at scale. 

The future of consent management

Today’s enterprises face big challenges when it comes to earning consumer trust and staying ahead of evolving regulatory requirements. Using OneTrust to “check the box” on GDPR compliance may have been perfectly fine in 2018; today’s complex landscape and expectations require next-generation technology solutions. 

At Ketch, we’re delivering modern consent management with a coordinated set of applications, APIs, and infrastructure:

• Purpose-based consent collection, ensuring you know exactly what data purposes consumers are consenting to
• Robust identity resolution, recognizing consumers as themselves across every interaction 
• Custom-built API connections to your third-party systems and apps, ensuring you can enforce consent everywhere 

Using Ketch’s programmatic, purpose-based data privacy solution, our customers can quickly integrate into existing datasets and infrastructure. They can also quickly adapt to evolving privacy regulations, applying new policies at the touch of a button to ensure continuous compliance and full alignment with consumer expectations.

Want to learn more about our approach to modern consent management? Get in touch today, and let’s change the way your business thinks about consent.