Comparison of 5 Leading Consent Management Platforms

Published: December 19, 2018 Updated: May 24, 2019 Author Karolina Matuszewska Category Comparisons, Consent Manager

The introduction of the GDPR has brought many changes to the digital ecosystem. Questions, doubts, and concerns about defining and handling personal data are among them. Websites and business owners are faced with new rules for defining, collecting, storing and using the personal data of European citizens and residents.

Center stage at this show is taken by user consent, which you need to obtain if you want to use cookies and collect data for marketing and advertising purposes. It represents quite a challenge. There are many obligations, both legal and technical, that can trip you up.

On one hand, consent itself needs to meet certain criteria.

It has to be:

• freely given
• specific
• informed
• unambiguous.

What’s more, you need a separate expression of consent for each purpose of processing, and you have to make it easy for visitors to change their mind and withdraw their consent. On top of that, there’s a requirement to be transparent about the whole process, which many companies ignore.

On the other hand, for sites that get high traffic volumes and have numerous AdTech partners. The obligations regarding consent are even more complicated. Considering the great number and granularity of consents that must be obtained and recorded, the whole process calls for careful and sound management. A tool to speed up and automate all activities would be a great solution.

Fortunately we’ve got a new player for the team to help you meet regulatory requirements and still get the marketing job done – a consent management platform (CMP).

Why use a consent management platform?

A consent management platform provides publishers with a tool to collect and handle users’ consents, manage data subjects’ requests and pass all consent-related data to the respective ad partners. The software gives websites the capacity to inform users what kinds of data they want to gather, and to ask for their consent for particular processing purposes.

That said, getting your visitors’ consent to the collection of their data is an effective and safe way to achieve GDPR compliance.

Increasing adoption rate of CMPs among publishers (Source: digiday.com)

What’s more, publishers can offer better transparency in data gathering and management. All in all, it helps organizations simplify the consent management process and affirm their privacy-first ethos.

The question is: when does your site need to implement a CMP? To find the answer, establish whether the website performs any of these actions:

• processing personal data: applying personal data for purposes like remarketing, content personalization, behavioral advertising, analytics, email marketing
• automation of decision making: for instance, profiling
• transfer of data overseas: mostly applicable to organizations processing EU citizens’ data outside of the EU
• uses special categories of data: such as on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data

If any of these points applies to your business, then you need EU/EEA citizens’ or residents’ consent. Getting a CMP would be an ideal solution.

What we’ve covered in the comparison

We’re aware that getting the right software for your business is no easy feat. To help you out, we’ve done in-depth research on platforms like TrustArc, OneTrust, Cookiebot, Consentmanager.net, and Piwik PRO. Our work involved examining their features and functionalities vital for a range of diverse industries.

We’ve gathered the results in one place to show you the essential differences you should understand before you select a particular platform.

Before you download our whitepaper, have a quick look at what can you expect inside.

Vendor and platforms overview

Though the ultimate aim is to learn everything possible about the tool itself, getting some background information on vendors is a good starting point. Each company offers a range of features and capabilities, so let’s introduce the key players:

Piwik PRO emphasizes adherence to the strictest privacy standards on both sides of the Atlantic, whether it’s the GDPR or HIPAA. Incorporated in 2013, Piwik PRO is a portfolio company of custom AdTech software house Clearcode. It supports data-sensitive customers from banks to public sector organizations.

TrustArc (formerly known as TRUSTe) is a data privacy management platform built by a San Francisco-based vendor with offices in the Americas, Europe, and Asia. The TrustArc Platform provides expert consulting and proven methodologies to help organizations handle all phases of privacy program management. It’s also the first organization to join the Safe Harbor framework back in 2000.

Founded in 2016, OneTrust supports organizations in showing accountability and compliance with a number of global regulations. With offices in Atlanta, Georgia and in London, England, the young company is quickly gaining recognition as a fast-growing and reliable privacy management technology platform.

Cookiebot is a cookie and online tracking consent solution created by Cybot. The company is based in Copenhagen, Denmark. It delivers automated ePrivacy services that allow website operators to respect and protect the privacy of their visitors.

Consentmanager.net is a Consent Management Provider, a project of Jaohawi AB, headquartered in Västerås, Sweden. Jaohawi AB has over 10 years of experience in the field of ad technology. ConsentManager.net has been used to help newspapers, advertising agencies and networks.

Features, specifications, requirements

Now that you’re a bit more familiar with the vendors, let us walk you through the issues, capabilities and specifications of the consent management platforms we’ve covered in the whitepaper.

First off, we’ve examined hosting options. It’s important for organizations to have choices in how they store data. We’ve taken a closer look to see whether you can have the platform installed in a private cloud or go for on-premises infrastructure, or if you can take advantage of secure hosting in the US or EU. We’ve also reviewed where you get 100% data ownership and fulfill applicable data security and privacy obligations.

Our research also reveals some issues about compliance in a broad sense. That’s why we’ve checked if vendors’ platforms comply with the GDPR, and are aligned with the IAB EU Consent Framework.

We’ve evaluated various features concerning cookies, creating banners, writing policy, and whitelisting and scan options. Most importantly, we’ve checked if a given vendor allows you to meet the zero-cookie load requirement, which means that no cookie will be dropped before a user consents.

We’ve also checked whether particular platforms enable you to provide options to withdraw consent, as well as language autodetection and dedicated support features.

One vital aspect of consent is the banner that conveys the message. It’s not only about meeting GDPR requirements, but also about being intuitive and user-friendly. That’s why we’ve taken a closer look at customization options. You’ll learn which vendors enable you to change text, add visuals, and finally export all the settings.

Last but not least, because you can’t afford to overlook data subject requests, we’ve covered those too. Our paper presents you with information on functionalities regarding requests management, history and widgets.

Compare over 30 variables of consent managers: Piwik PRO, TrustArc, OneTrust, Cookiebot and consentmanager.net
Download the FREE Comparison