CONTACT US twitter facebook

What’s the point in habitual Cookie consent?

  • Date: 01st Aug 2023

Last week I read an online post about schoolchildren who are taught in their IT lessons to just accept cookie consent pop-ups when they see them on the screen! Is this the definition of habitual consent? If we think about the intent of consent, it should be informed, unambiguous, and meaningful to the end user. In the example of the schoolchildren who were taught to consent by default: What are they consenting to?

Getting to the heart of the question: What is the point of consent? When in the customer journey or digital touchpoints is the right time to collect consent? Is it just a blanket collection that does not offer any value to the consumer or brand? How do we make it informed? How do we make it unambiguous? How do we make it meaningful? And, more important, how do we offer consent collection opportunities from consumers at a point of meaning? Surely the only way to make consent truly meaningful is to always collect consent in context. For example, on a mobile application for a restaurant booking service: If the app asks if it can use my location to personalise my experience, that feels pretty meaningful, and if I have a relationship with the booking service, it can persist that my consent feels pretty informed, and if that persistence goes across that device to my browser experience, that feels pretty appropriate. Not only am I getting a better service by having an account with this company, but I’m being targeted appropriately, which builds my trust with this brand.

Without context, do you have to divine why brands or publishers required you to check that box? They only really need it when they need to process your data, send you targeted personalised messages or advertising, or to track you. Think back to every site you have visited anonymously where you habitually checked that box. What had you been consenting to? If there is no first-party data, then it can’t have been for data processing — it could have only been for tracking, right? 

The skew of consent and privacy is getting real pushback. In Europe, we started to see legal action against the third-party data service providers (DMPs) that are tracking with third-party cookies. As these vendors pull away from these types of services and browsers start to block third-party cookies, what’s the value of all these anonymous, habitual consents that brands have collected? 

Ultimately, at some point, cookies will become meaningless, and all these collected cookie-based consents will be worthless. Brands will need to go through the journey of re-collecting consents from consumers, which they will love! That’s why, as an industry, we need to be forward-thinking and drive the importance of first-party consent.. We should also be careful not to confuse consent with the preference centre. 

There was an excellent report recently from KuppingerCole Analysts, that explored trends in the Privacy and Consent arena, remeet was broader than cookie consent and also covered data residency requirements driven by international legislation (EU GDPR, US CCPA, Canadian PIPEDA, Singaporean PDPA, China Cybersecurity Law/PI Specification, Brazilian LGPD, Japanese APPI, and Russian 152-FZ). The report analyses vendors in the Privacy and Consent Management segment that provide tools to manage cookie consent, preference management, privacy statements, data usage, and compliance for global data protection and privacy regulations.

Earlier this month, a report from Belgium DPAs showed that in following up with complaints around the IAB Transparency and Consent Framework, there had been a number of challenges around the use of cookies for tracking purposes, which is the Achilles’ heel of targeted advertising today: How are adverts targeted without the processing of personal data and knowledge of the audience? This, of course, is the intent of the GDPR and cookie regulations (ePrivacy directive). In the case of cookies, this legal basis is always prior consent on the basis of the legitimate interest, and the report challenges targeted advertising as such.  

In the near future, could we get to the point where consent without identity becomes just consent for analytics? If we have a consent approach that isn’t tied to a known addressable consumer, what is the benefit to the consumer, and why would they consent? 

We can’t drive customers’ behaviour just by tag tracking and analytics.