Don’t Sacrifice Customer Insights: Cookie Consent Implementation Done Right

Arno Schmittel

Unawareness, a blurry strategy, and flawed cookie consent management can easily lead to a gap in your analytics. The risk is an often-irretrievable loss of valuable: actionable insights. In this blog post, I’ll discuss ways of preventing this data loss.

If you’d like to find out more about the current status of privacy directives and cookie policies in regard to the GDPR and the ePrivacy directive, you can find my previous blog post “Are Cookies Really Dead?” here.

 

The Solution: Business Insights, Great Care, and Accuracy

I’d now like to introduce you to the best approach for implementing Cookie Consent Management. The principle of “data protection through technology” (Art. 25 of the General Data Protection Regulation – GDPR) stipulates for technical solutions to ensure full transparency. This means that the burden of implementation is, unfortunately, passed on to the web business owners and their visitors. However, we see ongoing discussions about a more general technical approach through Personal Information Management Systems to make web browsing more enjoyable.

Understanding the Existing Setup

2020 study revealed an alarming truth: Many companies completely underestimate the effort to understand which cookies and code elements are set for which purpose!

Different departments make use of different tools and services from third-party providers. One hand doesn’t know what the other is doing. Furthermore, it is quite common for websites and apps to be handled by service providers. They do not necessarily belong to the company responsible for obtaining user consent.

 The following steps require careful coordination of all stakeholders:
Categorization

Categorizing cookies is an important help – not only for legal evaluation with your data protection officer, but also when it comes to the implementation and the presentation of Cookie Consent Management on a website or mobile app.

In 2012, the International Chamber of Commerce of the United Kingdom (ICC UK) proposed to make use of four main cookie categories as guidance for website operators, now adopted as best practice:

Match and categorize your cookies

Have you already captured all your cookies, including purpose and functionality in one document? Great! Now you only need to assign them to the individual categories.

Note: Please involve your data protection officer in the classification process and explain each categorization. A common issue is a data protection officer misunderstanding technical details on the nature and purpose of the data collected!

What about anonymous or “cookieless” tracking?

Mapp Intelligence only tracks first-party data for customers without ownership and does not share any data with third-party providers. We offer specific solutions for anonymous and cookieless tracking, which help to improve your analytics and are able to collect up to 100% behavioral data.

Please note that this doesn’t qualify as tracking without consent. We’d also like to point out that not every type is equally suitable for each business context.

Data experts consider Mapp’s tracking approach not to require consent since:

Communication and Design

You need to ask all web visitors for consent to your Cookie Policy and allow them to edit their preference at any time. And it is precisely this “Human-Computer-Interaction” (HCI) that is one of the most important components when it comes to gaining or losing user consent and, consequently, traffic and data about user behavior. Transparent and easy-to-understand wording when addressing users is also key to success!

How to avoid common UX mistakes
The Technical Implementation

You will need specific software for your cookie consent management. Here are a few options:

The most common and successful method is injecting software as JavaScript into the page code to be executed and displayed as interaction layer. It will suppress the execution of any consent-relevant cookies until user consent is given. This can be done either directly in the HTML header of the application’s source code or via using a tag management system like Mapp Intelligence Tag Integration.

Note: Tag management systems let you adjust the injected code at any time. This is particularly useful for such a dynamic topic. Keep in mind that all cookies and processes related to this system are “Strictly necessary cookies”!

Internal solution vs. Cookie consent management platforms

To successfully implicate internal software solutions, you will need dedicated resources. This implicates a responsible and powerful Product Owner, at least one Frontend Developer or UX designer and at least one Backend Developer. Your team will also regularly interact with your Data Security Manager.

You will also need some Q/A resources for the first launch and continuous testing. They need time for planning, code execution time, and regular maintenance. Cookie consent is a very dynamic topic and well-trained resources are important for ongoing success.

Consent management platforms

Alternatives to in-house solutions are Consent Management Platforms. A CMP enables a website or app to comply with the GDPR, CCPA, and other privacy regulations. CMPs allow websites to inform visitors about the types of data they want to collect.

In addition, many providers also offer audits for existing cookies. They are able to provide you with “ready to go” user interfaces.

They help you with:

Our CMP partner Usercentrics will always make sure that you are on the safe side data-protection wise while keeping your marketing goals in focus. Usercentrics allows for A/B testing, is quickly adaptable to new policies and easy to implement with Mapp Cloud.

Common implementation mistakes and how to avoid them
Conclusion

The effects of the GDPR or the CCPA on cookie consent may have a large impact on your user data sources, as well as on the evaluation of your online advertising efforts.

But I hope that I was able to show you a new approach to this important issue and how, with due effort and detailed understanding, a worst-case scenario can be averted. Cookies are not dead technology. It is possible to comply with GDPR and data privacy without losing important insights on user interests and behavior!

 Author: Arno Schmittel, Digital Sr. Strategic Data Consultant at Mapp

 

If you’d like to learn more about how Mapp can help your business with cookie consent management, get in touch!








BACK TO THE BLOG