Consent in daily life appears to be simple: it’s a Yes or No question. Consent in legal terms and in particular, the consent introduced by GDPR, is rather complex. Strict requirements are tied to a valid consent imposing practical challenges on what appear to be simple daily life situations.
One such simple daily life situation that becomes complex under GDPR, is visiting a website. If a website has integrated tags, they need the consent of the website visitor, if their purpose is e.g. tracking, retargeting and profiling, as the data collected by tags are considered personal data under GDPR.
Obtaining and documenting an informed, freely, concrete, explicit, prior and easy-to-opt-out consent of website visitors requires a technical solution. This can either be done in-house, but as it is a whole product of its own requiring a lot of maintenance, monitoring of jurisdictions and entails high liability risks, it does make sense to outsource Consent Management to a specialised provider.
As CMPs for website technologies are a recent development, we have put together objective criteria resulting from legal and technical implications that should be considered when selecting a CMP.