• Marketing
  • Regulations

Consent – Beyond Compliance


Consent management is no longer optional. Law and regulation have made implementation mandatory with several state laws requiring consumers to opt-in/opt-out of targeted marketing. Consent and preference management is top of mind for brands, publishers, and the whole of the adtech and martech ecosystem. The concerns go well beyond compliance.

Two camps seem to be emerging. One camp views these requirements solely as a burden that impedes their go-to-market capabilities, but with which they are forced to comply. The second sees opportunity and is already positioning for what they view as competitive advantage.

To discuss Consent – Beyond Compliance, Ann Smith, WireWheel Director of Demand Generation moderated a discussion with Arnaud Gouachon, Contentsquare Chief Legal Officer, and Kara Larson, 6sense Principal Privacy & Compliance Counsel at the 2022 Summer Spokes Privacy Technology Conference (held June 22-23).

Consent and preference management is a top-of-mind challenge

The overall context in my view, goes beyond the legislation. Legislation may be the consequence or may be the cause, but it’s only one part of the trend that – whether brands like it or not – is coming. As an actor in this ecosystem, you can decide what you want to do with it, but it’s coming.

—Arnaud Gouachon, Contentsquare

“Consent and preference management is top of mind for a lot of our customers,” says Larson. “We get a lot of questions around ‘what do I need to do for a cookie banner, and how do I allow this to fire?’ We’re also starting to see a lot more questions about consent, especially with respect to the CPRA, and based on the just released draft U.S. federal privacy bill (ADPPA).”

The first question 6sense is asked today is about straight-up compliance. Clients want to understand how to use a product and remain compliant, says Larson. Secondly, they are asked questions concerning compliance across different jurisdictions. Interestingly however, is that– at least with respect to the B2B space – the definitions under the ADPPA exclude some B2B data.

Managing consent “goes beyond legislation and regulation,” opines Gouachon. “Obviously, we’ve seen a lot of new laws and regulations that are becoming progressively stricter. But beyond that there are, at least in the short term, some novel challenges.”

“Most striking to our team was the number of activists that are really passionate about privacy topics and that are getting increasingly active. “I think everyone has heard of nyob, the Max Schrems organization. They recently launched an AI-based automation tool to automatically file complaints with local data protection authorities.”

Add to this the increased scrutiny of marketing practices and fines are getting more significant – particularly concerning cookies, transparency, data controlled by users, and dark patterns – and “with all this”, notes Gouachon, “the tech players, the brands, the tools, and ad tech ecosystem has had some ambiguous responses.

“Some have been very clear about their intent. Others are trying to duck their heads and take a ‘wait and see’ approach.”

A cookieless future

State laws have been creating exemptions for B2B or business-context data. They recognize that there is perhaps a lesser interest in keeping that data private or closely held. It’s the difference between dropping your business card on the ground versus your driver’s license:

In one of those cases, you’re going to run back and try to find it.

—Kara Larson, 6sense

“With respect to the federal privacy legislation,” continues Larson, “currently there is preemptive language in the proposed draft of the bill…so we aren’t looking at a patchwork of different laws and standards.”

“But regardless of what the patchwork of U.S. Privacy law looks like – and whether or not there’s a federal privacy law – we are seeing technology players start to make their own independent moves. Particularly when we get to third-party cookies.”

“We’ve seen Firefox do away with them, Apple and Safari do away with them, and Google has announced plans to also get rid of them. So, when we’re talking about third-party cookies, there’s not even the opportunity to try to collect consent anymore once they go away.”

“I can only agree,” says Gouachon. “The trend is here to stay. It is targeting mostly third-party cookies right now (but first-party cookies may be next).

“Brands and the technology solution providers can wait, or they can try to get ahead of the game. Last year Contentsquare launched our first cookieless solution – it’s not relying on any cookie technology at all (third-party or first-party cookie). This is in response to concerns that we see from some customers and brands. They are in effect already asking for solutions like these ahead of the legislation.”

Less data, more relevance for a better UX

The advent of cookies was a seismic shift for marketers

The amount of data and tracking you could do was enormous and no one at any point stopped to ask ‘do we need all of this data? If someone is shopping for shoes, do I really need to know that they drive a Kia and have a dog?’

There hasn’t been a lot of internal reflection about how useful it is.

—Kara Larson, 6sense

There is going to be a shift, offers Larson. Not necessarily one-to-one replacement but rather a holistic approach. “Maybe you’re concerned about display ad reach, specifically with targeting,” absent cookies. To compensate you can start to look at “relationships with these so-called ‘walled gardens’ like LinkedIn and Facebook because they are not relying on third-party cookies to do that identity resolution. You’re also looking at alternative identifiers.”

Several solution providers like LiveRamp are trying to solve this, notes Larson. In another approach, 6sense is making contextual marketing available to its customers – ads relevant based on what a consumer is currently viewing on a particular webpage. (If someone is shopping for shoes, you can forget about the dog.)

“What resonates most with me is the types of data brands are collecting about users,” responds Gouachon. At Contentsquare, “we think there is a way to personalize your approach and experience without compromising privacy.”

“How much demographic information do you really need about your users?” In a [brick and mortar] store a shopper isn’t asked dozens of questions about their personal information before a salesperson helps them, notes Gouachon. “So, we are really trying to replicate that experience and come as close to that experience as possible.”

There’s a misconception that online visitors are invisible. Not true. They give you real time feedback through all of their digital interactions without having to know anything else.

Understanding what they are trying to achieve online and how they want to go about it is really the key to delivering a superior customer experience.

—Arnaud Gouachon, Contentsquare

This is what our product team calls an intent-based approach, explains Gouachon. “We’re really interested in fixing what’s not working for them in their online journey and addressing those aspects that are frustrating the users and moving them away from their goal.

“While complying with legislation is table stakes – a no brainer – it’s probably much more valuable to innovate solutions that anticipate people’s desire for privacy. That trend is here to stay and it’s not just a legal or regulatory trend…. It’s a desire that most users have.”

Positioning for the future of privacy compliance

As discussed here, marketing and privacy have been on a collision course for some time now. But the deprecation of cookies does not have to be a win-lose scenario. It can be win-win. (Apple and others clearly see it that way.)

Indeed, there are benefits to gain with a cookieless approach. The benefit is really “an opportunity to build a trusted relationship with customers, partners, end users, employees, regulators, and NGO’s,” says Gouachon. “What we sometimes call ‘digital trust’”

While there are many initiatives brands and stakeholders can implement, it begins with transparency insists Gouachon. “Moving from checkboxes and cookie consent banners to a more centralized and user-friendly ‘privacy center’ approach.”

“It’s not compliance for compliance’s sake,” avers Larson. It’s about how you want to position yourself and your brand. Do you want to be at the forefront in thinking about these issues before they occur? Before they become a problem? Or do you want to spend all of your time trying to play catch up?”

Anything you do to increase the transparency of what’s happening with data – how it’s going to be treated, how it is going to be protected – raises that overall trust level.

And that’s how you start to flip privacy from roadblock to asset that builds your brand.

—Kara Larson, 6sense

This requires technology that “can respect and respond to a global privacy setting or ‘do not track’ signal, cautions Larson. “And we have seen with these proposed draft regulations for the CPRA that they are doubling down on the requirement to respect those signals.” The ability to do that effectively is, for Larson, “a key differentiator for a consent and preference management platform.”

She warns that trying to do this manually is a nonstarter. Automation is prerequisite not just to compliance but going beyond compliance and thriving in the fast-approaching world of consumer-focused transparency and trust.

Consent is about more than cookies and brands are looking at ways to get ahead of compliance in order to turn these challenges into opportunities. Looking to have more conversation around consent and the future of privacy? Let’s talk.

Listen to the session audio