There’s a really interesting website where you can see the fines being dished out to companies that haven’t complied with GDPR regulations. The first thing you notice when you look at the fines is that they don’t follow the narrative we’ve been fed.
The majority of the fines aren’t multi-million-pound fines to huge corporations. They’re actually smaller (though still significant) fines to smaller companies.
There’s a €10,000 fine for a pharmacy owner in Spain. An €18,000 fine for an events organiser in Italy. And a €25,000 fine for a Swedish electronics store – to name a few.
For agencies and their clients, fines like these have the potential to cause some serious damage. It may be the cost of the fine, or it may be the reputational damage and impact on customer trust in the aftermath.
This Data Protection Day, we’re digging a little deeper and asking what it means to Take Control of Your Data when it comes to one particular aspect of data protection regulations: The consent banner.
Where Did the Consent Banner Come From?
The cookie consent banner appeared after the General Data Protection Regulation (GDPR) was set up by the EU. It sets the guidelines for how personal data should be collected, processed and stored by companies selling inside or to the EU, with the UK retaining it in domestic law after Brexit.
Under GDPR, individuals have the right to be informed about the personal information that’s being collected about them and, importantly, the right to consent to it or not.
For businesses, agencies and any website collecting personal data, this means they have to make it clear why they’re collecting the data while also getting the customer’s consent to do so. The consent banner lets customers tell a company whether they want this data collected or not.
Challenges Agencies Face with Consent Banners
Agencies encounter various challenges when implementing consent banners on websites, impacting both user experience and brand perception. Consent banners, designed to inform users about data collection and seek permission, often result in frustration due to their intrusive nature. Users may find them disruptive and overwhelming, leading to a negative perception of the brand.
This frustration can further breakdown trust between users and the brand, as individuals may feel their online experience is being compromised. To address these challenges, it’s crucial for consent banners to be clear and easily understandable, ensuring that users can make informed decisions about their data.
On top of this, agencies have to navigate complex legal requirements to ensure the banners being used are compliant, striking a delicate balance between transparency and user-friendly design.
Successfully addressing these issues is essential for fostering positive user relationships and maintaining brand credibility in the digital landscape.
CMPs and Consent Banner Design
After the introduction of GDPR, the design of the consent banner should have been straightforward. Many of us were expecting a simple accept or reject option, but were left with a never ending barrage of banners and messages that led to more confusion.
This confusion led to a majority of people accepting cookies and tracking as well as sharing their personal information just to get the banner out of the way. That, it turns out, was done on purpose. In other words, it was bad design – by design.
Most of the consent banners that we see are built with Consent Management Platforms, known as CMPs. They allow websites to create customisable cookie banners that comply (or loosely comply) with the legal requirements. The CMP scans the website for cookies and then lets the website owner create a customisable cookie banner to display on their website and collect consent.
But most CMPs have a conflict of interest. While they set out to collect consent, their own customers are website owners who often want to collect and then sell data to the online ad industry. That in turn leads to cookie consent banners being designed by these CMPs using dark patterns, which nudge users into accepting cookies.
And this is why we’ve ended up where we are, with consent banners that are difficult to navigate, confusing to understand and often feel like they’re tricking us into accepting their cookies.
Consent Banner Best Practices
For this reason, implementing consent banner best practices is crucial for fostering a positive user experience and maintaining compliance.
Transparency
Transparency is key, and consent banners should clearly communicate the purpose and scope of data collection, ensuring users understand how their information will be utilised.
Simplicity
Simplicity in design and language is equally important, as overly complex banners can lead to user confusion and frustration.
Customisability
Additionally, customizability allows agencies to tailor banners to their brand aesthetics and messaging, creating a more seamless integration into the overall user interface.
These best practices allow agencies to strike a balance between legal requirements and user happiness, ultimately building trust and positive sentiment with the audience they’re trying to reach.
Is There an Alternative Consent Banner Design?
The confusion around CMPs and consent banners is amplified for many agencies and business owners, a confusion that has led many to leave important legal requirements in the hands of CMPs who don’t always have their interests at heart.
In fact, a recent study of 112 retail websites found that 33% of consent banners on these websites had flaws that made them non-compliant with regulations, while 20% didn’t have a consent banner installed at all.
Consent banners play a pivotal role in shaping the success and trust of online interactions. The design of these banners significantly influences opt-in and acceptance rates, as a well-crafted and user-friendly banner is more likely to garner positive responses.
The impact on opt-in rates directly affects the success of agencies and marketing campaigns, determining the scope of data collection and audience engagement. Additionally, transparent and well-designed consent banners have the potential to enhance trust with a brand, as users feel more in control of their privacy.
On the flip side, poorly designed banners can result in legal repercussions, fines, and compliance issues, as they may fail to meet regulatory standards. The effectiveness of consent banners not only shapes user interactions but also holds implications for the legal standing and trustworthiness of agencies and their marketing endeavours.
What CMP Should Agencies Choose?
Choosing the right Consent Management Platform (CMP) is key for agencies navigating the intricacies of data privacy. Agencies need to prioritise a CMP that ensures compliance with data protection regulations, while also providing features that allow them to manage user consent effectively.
Ease of use is crucial, as a user-friendly interface enhances overall efficiency in obtaining and managing consent. A positive user experience and the ability to customise the CMP to align with the brand’s aesthetics and messaging are key. Agencies should also look to avoid platforms that lack compliance features, compromise user experience, or offer limited customization options.
Some notable CMP options in the market include OneTrust, TrustArc, and Cookiebot. There’s also the CMP designed by VisiblePrivacy in collaboration with Motive.co, which allows small and medium sized business owners to display a consent banner that’s designed for transparency, clarity and simplicity on the customer side, and ease of use with key visual customisations on the business side.
Whatever platform they choose, agencies should carefully evaluate each option to find the one that best aligns with their specific needs and goals.
Taking Control of Our Data This Data Protection Day
CMPs have a huge impact on how a business complies with data protection regulations. The fines imposed aren’t just targeting corporate giants, but significantly affect smaller businesses too, emphasising the need for a clear route towards compliance that’s more straightforward and easier to understand.
This Data Protection Day, we need to look at how businesses embrace ways of working that respect customer privacy and give customers the opportunity to take control of their data.