Author Archives: krcmic.com

Consent Management Platform (CMP) – what is it?

Leave a reply

In a digital world where data protection and privacy are becoming increasingly important, the need for proper management of user consent is increasingly discussed. A Consent Management Platform (CMP), or consent management platform, is a tool that helps websites and online services manage and document users’ consents for the collection and processing of their data.

The importance of CMP is becoming increasingly relevant, primarily due to the strict requirements of the European GDPR and other local data protection laws.

What are CMPs?

CMPs are an essential tool for any organization that operates online and processes users’ personal data. They not only provide the necessary legal protection but also help build trust and transparency in the digital environment. As the digital environment continues to be dynamic and regulation is constantly evolving, it is important that organisations keep their consent management systems up-to-date and compliant with the latest legal requirements.

With the growing emphasis on data protection and increasing demands for transparency from users, the role of CMPs can be expected to continue to grow in the Czech Republic. Regulations will evolve and technology will improve, leading to a continuous evolution of consent management standards and practices.

A brief introduction to the legislative/legal framework of privacy protection

In every EU country, every company/individual who processes personal data must comply with the GDPR rules (GDRP – sets out the rules for the protection of personal data). CMPs are key to meeting these rules because they allow users to choose what cookies and other tracking technologies can be used during their visit to the site.

How do CMPs work?

A CMP typically integrates an interactive interface on a web page that is displayed to users on their first visit. This interface offers users the ability to choose which cookies and tracking technologies can be activated. All choices are recorded and stored as evidence that the website respects the user’s consent.

CMP is actually such an automated cookie consent that takes care of regular cookie scanning, often also serving as an automatic cookie policy generator in multiple languages to ensure consent management for compliance with international privacy laws such as GDPR, ePrivacy, LGPD, CCPA, and PDPA.

Legal requirements for CMP

  • Compliance with GDPR and local laws – CMP must be designed to meet the requirements of the General Data Protection Regulation (GDPR) and other relevant data protection laws in your country. This includes ensuring transparency and providing information to users about what data is being collected, for what purpose, and how long it will be retained.
  • Right to access and rectification (right to revoke users’ approval) – CMPs should allow users to easily access their personal data and request its rectification or deletion.
  • Documentation of consent – The CMP must effectively document all consents to demonstrate when and how consent was given or withdrawn. These records must be retained for as long as necessary to comply with legal requirements. Withdrawing consent must be as “complex” as giving it (i.e. you can’t hide it behind more and more layers; CookieBot does it nicely, for example, where you have to click on a floating icon even after consent has been given, and you can click on it at any time to change the consent). Next, you need to have elaborated terms and conditions – in a separate document, which you often find on other sites such as “Privacy Policy” or “Privacy Statement”. This document should detail how your organization collects, stores, processes, and protects users’ personal data. It should also inform users of their rights related to data protection, such as the right to access, rectify, erase, and restrict the processing of their personal data. The document should be easily accessible to users, usually located on the website in a visible section, often at the bottom of the website (in the ‘footer’) or on the contact page. It is important that this document is up-to-date and reflects all applicable legislation, including the GDPR if you do business with or process EU citizens’ data. Again, often this document (at least in relation to cookie processing) can be automatically generated for you by some CMPs and can be maintained automatically (for example, which services use cookie processing on your site).

Benefits of using a CMP

  • Ensuring legal compliance – CMP helps businesses comply with GDPR and other data protection regulations.
  • Improving transparency – users have a clear view of what data is collected and how it is used.
  • Increasing trust – transparent and fair treatment of user data increases user trust in the brand.
  • Customizing the user experience – CMP allows users to control which types of cookies are active, which can improve their online experience.

Important CMP features for website owners

  • Consent Management UI – An intuitive and easy-to-use interface that allows users to easily manage their cookie and tracking preferences. This includes the ability to grant, deny or change consent for different categories of cookies according to the applicable legal framework (ability to revoke consent at the individual cookie level, ability to revoke consent at any time, failure to file a consent revocation). For more complex projects, you will also appreciate the ability to copy settings of individual domains between each other, manage access/roles and other advanced features – for example, you can choose for which legislation you need a given CMP for a given site and how it should behave – ideally you should be able to customize everything, as well as individual languages/translation options, document generation).
  • Easy integration – the CMP should be designed to allow easy integration with existing systems and infrastructure on the site. This includes compatibility with different web platforms and technologies, minimizing the technical requirements and time required for deployment.
  • Integration with analytics and advertising tools – The CMP should be compatible with commonly used analytics and advertising tools to ensure that any data collection using these tools is consistent with user consent.
  • Adaptability and extensibility – Given the ever-changing legal standards and technological advances, the CMP should be designed to be easily upgradable and extensible, allowing for the addition of new features or integration with new services. This is generally provided by the CMP provider itself, who you pay for the solution (but the ultimate responsibility is yours and the most you can do is to seek legal redress from the CMP provider – on the other hand, it should be said that the largest CMP providers generally have the following
  • Automation and reporting – automated reports and alerts that inform site owners of the status of consents, missing consents or the need to renew them. These tools help maintain compliance with minimal effort.
  • Multi-language support – Given the global nature of the Internet and the diversity of user languages, a CMP should be able to support a multilingual environment, allowing proper communication with users in their preferred language.
  • Data security and protection – ensuring that all data collected is securely stored and protected from unauthorized access or data leakage. This includes the use of encryption and other security protocols.
  • Auditability and compliance reports – providing tools to generate auditable reports that can be used in inspections or audits to demonstrate compliance.
  • GDPR compliance and compliance testing – an important feature of CMP is the ability to perform compliance tests to verify that consent settings on a site comply with GDPR and other legal standards. These tests help identify and address potential issues before they become subject to scrutiny by regulators. Some tools have checklists or some semi-automatic guidelines/checklists for new users, who are not very aware of the current legislation.
  • Fully customizable cookie bar to your design – The CMP should offer customization options that allow it to be seamlessly integrated into the site design. This includes adapting colors, fonts, layout, and other visual elements to ensure that the consent management interface feels natural and does not discourage users. Last but not least, this is where maximum customizability of the bar plays a big role (as standard settings often don’t ensure that you get the most cookies/consents collected from users). Often you need to customize the look and feel (such as overflow across the entire site, where you can’t continue working with the site without clicking some form of consent, the ability to un-click all consents with one click and have this as a highly visible option).
  • Reporting and analysis of user behavior – the analytics tools integrated into CMP provide valuable insights into how users interact with the consent interface. This information can help optimize the design and content of notifications to achieve higher consent rates. Pretty much an essential feature if your CMP consent numbers have started to drop dramatically, as it will directly impact both analytics tools (how much you measure/see in Google Analytics) and ad campaigns (how many cookies you include in each audience based on activity from the site).
  • A/B testing for optimal cookie banners/CMP banners – using A/B testing allows you to experiment with different versions of the alert text to see which wording is most effective in gaining user consent. This contributes to a better understanding of user preferences and increases the effectiveness of consent management.
  • Versioning – once you change settings/design, it’s definitely nice to be able to restore previous settings with one click. Alternatively, have the ability to preview and test/preview changes before publishing them to the live site.
  • Integrated site cookie scanner/scan cookies – the cookie scanning feature allows CMP to automatically identify and categorize cookies used on the site. This facilitates consent management and ensures that users have accurate information about what cookies are being used and for what purposes.
  • Multi-language viewing – Support for multilingual content is also important – this is particularly important for global sites and brands. CMPs should be able to display consent information in multiple languages (so that users can understand it all), which helps achieve better understanding and compliance with international users.
  • Pricing/CMP price and billing schema – probably the main selection criteria, but certainly not the only one. Many CMPs are indeed cheaper and suitable for one domain (smaller project), but again for global sites, they are completely unsuitable – what I encounter most often – CMPs do not have legislation/interfaces sorted out for other countries – for example outside the EU, they cannot translate the CMP bar into the language, you need, they don’t have an intuitive interface for managing dozens of sites, or they are too expensive for larger sites (charging by subpages), or each of these functionalities means an extra charge that you didn’t count on when choosing a CMP.
  • CMP speed and size – both the speed of loading the CMP and its size – may not be as much of a concern for us today, but some CMPs have several hundred kb to load, while other solutions can do the same in units or tens of kb.
  • Certified CMP vendor for Google – when managing Google Consent, for example, again quite an important point for publishers – if you have a non-Google certified solution, your site will appear in all Google services as if it doesn’t have integration to Google Consent v2 – so somewhere you will get another window popping up from Google just for Google Consent v2/Google Consent 2.0.

DMA (Digital Marketers Act)

Leave a reply

The Digital Markets Act (DMA) is a key European Union regulation aimed at curbing monopolistic behavior and ensuring fair competition between digital platforms. The Act represents a major breakthrough in the regulation of large technology companies and affects many aspects of digital marketing, user privacy, and competition.

For marketers, the DMA has major implications as it affects the ways in which companies can use digital tools and platforms for their activities (or the data from them). In what follows, we look at the key aspects of DMA and their implications for marketing strategies.

The purpose of DMA

The DMA was created to counter several specific problems that have arisen as a result of the dominance of large technology giants, known as gatekeepers. These companies control essential digital platforms, which allows them to influence markets, restrict innovation, and prevent fair competition (and thus cannot restrict innovation and prevent new competitors from entering the market because it is threatening to them).

The DMA seeks to regulate these potential negative impacts and practices and establish clear rules of the game.

When was the Digital Markets Act (DMA) created?

The Digital Markets Act (DMA) was formally adopted by the European Parliament and the Council of the EU and came into force on 1 November 2022. The rules came into force on 2 May 2023. This act is a key step in the regulation of large digital platforms and ensures a fairer competitive environment in the EU digital market.

What are gatekeepers?

The DMA defines gatekeepers as large online platforms that have a significant impact on the internal market, act as a key interface for users, and have the ability to lock in businesses and consumers. To be classified as a gateway, a platform must meet specific criteria such as exceeding €6.5 billion in revenue over the last three years or being a dominant platform with more than 45 million monthly active users in the EU and 10,000 annual active business users (all three conditions must be met simultaneously, meeting only one or two conditions is not sufficient for a platform to be classified as a gateway).

Further changes have subsequently come into force, increasing the potential fine from the original €6.5 billion to €8 billion – this change came into force on 2 November 2023 following the adoption of the final DMA by the European Parliament and the Council of the EU.

The Digital Market Act (DMA) applies to all companies that supply digital services in the EU, whether they are based in the EU or not. This includes:

  • Online platforms – these are platforms that connect users with third-party products and services such as e-commerce platforms, social networks, and search engines. Examples of online platforms include Amazon, Facebook, and Google.
  • Large online intermediaries – are online platforms with a turnover of at least €8 billion per year and at least 45 million monthly active users in the EU. Examples of large online intermediaries include Amazon, Apple, Facebook, Google and Microsoft.
  • Product/price comparison sites – are websites that allow users to compare prices and features of products and services. Examples of comparison sites include Google Shopping, but also services such as Skyscanner.
  • Large online advertising providers – these are companies that sell advertising on online platforms. Examples of large online advertising providers include Google (with its Google Ads) Meta (Meta/Facebook Ads), X, Bing, etc.
    Obligations for gatekeepers

The DMA imposes a number of obligations on gatekeepers to ensure that their platforms remain open and fair. These obligations include:

Ensuring interoperability – gateways must enable interoperability of their services with other services, allowing users to move more easily between different platforms.

Prohibiting data misuse – gateways must not misuse data collected from different sources to create unfair advantages. The DMA prohibits certain conduct that could harm competitors or consumers, such as processing data collected from competitors or preventing users from switching platforms or services. It prohibits them from favoring their own services or products. These obligations are designed to ensure that other businesses can compete fairly and innovate in an already very complex competitive environment. In short, Google and other big players must be able to demonstrate that they can actually use the data sent from your websites.

Algorithm transparency – companies must disclose how their algorithms rank and recommend content to ensure the process is fair and transparent. These policies also define how these companies can collect and use data, which also affects how marketing campaigns can be targeted and measured.

Data protection, user privacy, and implications for the entire digital ecosystem

The DMA places great emphasis on data protection and user privacy, an area that is particularly sensitive for marketers. The legal framework that the DMA creates requires marketers to be much more careful about how they collect and use user data. This has major implications for personalization and ad targeting, which has hitherto been seen as key to effective digital marketing.

This will require marketers to experiment more with new forms of digital marketing that respect privacy and comply with regulations, while still remaining effective.

The changes required by the DMA may require marketers to redesign existing practices, tools, and technologies. The new tools should be able to effectively manage user consent, and properly process data according to the new rules while enabling effective marketing campaigns and results. As a result, marketers (or the owners of the companies they work for) will need to consider further investment in technologies that are able to dynamically adapt to changes in this legislation. Adapting to these changes requires an understanding of the new rules, flexibility in approaches, and a willingness to innovate – and to do so quite quickly.

While the DMA only directly affects the European Union, its impact can be global. Large platforms that operate globally can embrace change at a global level to avoid the need to implement different systems for different markets. This means that marketers outside the EU should also be aware of the DMA and prepare for possible changes.

And what will be likely the real impact?

Leaving aside the fact that the environment will be more transparent and the user can have more say and influence over what data is collected about them there will be a whiplash on the big companies that benefit most from this (Google, Facebook, etc.), ultimately it will probably have an impact on the price of the services themselves that small or medium-sized businesses provide. Because all of these adjustments (within the website, in internal/external documents, in campaigns, and ultimately because of the negative impact on campaign results, the need to use consultants/legal advice/consulting firms or if a smaller business manages these activities themselves = still costing them time and therefore money) will need to be reflected in the end prices. So, in short, the consumer/end user will pay for it again.

Because the rules themselves, even though they are being modified and amended over time, are already becoming completely opaque to the average business person and in some cases, from my point of view, are just creating more and more obstacles and making marketing/overhead more expensive for companies. Over time, this will all become so opaque due to the various currencies, amendments, and additions that the average business person will get lost in them and not be able to keep track of them. In addition, the individual rules are already sometimes so contradictory that even the various legislative branches often do not have set uniform procedures, and so everything is dealt with in a wait-and-see style in another exemplary case.

Google Consent Mode 2.0 – what you have to do?

Leave a reply

If you use cookies on your websites and collect data through Google Analytics, Google Ads, or Search Ads 360, you will be affected by the upcoming change. In response to European regulations regarding user privacy and personal data protection, Google is introducing a new Consent Mode 2.0. If you have no idea what this is about and more importantly, what it entails, don’t despair. Today you’ll (hopefully) find out. So let’s get to it.

But first, let’s start with some general chit-chat that the more experienced among you may possibly skip – namely – why there is actually a need to manage user consent via cookies, and when and where this need arose.

Managing consent in digital marketing: The importance of the Digital Marketplace Act in Europe for brands and organizations

Consent management has become a key aspect of digital marketing for brands and organizations, particularly with the advent of the Digital Market Act (DMA) in Europe.

Under the European Union’s General Data Protection Regulation (GDPR), website owners or business/company operators are responsible for how they collect, process, and store (secure) the personal data collected from users. However, a new EU regulation, the Digital Marketers Act (DMA), shifts these responsibilities to large technology companies, which have been tasked by the European Commission with promoting fair competition and protecting user privacy. These organizations are thus subject to the Digital Market Act and must obtain explicit consent to collect and use European citizens’ personal data for operations such as advertising or research.

Failure to comply with the obligations under the Digital Market Act can lead to substantial fines, which can reach up to 10% of a company’s worldwide annual revenue. In the case of repeated infringements, this amount can rise to 20%. This is where Google Consent Mode v2/Consent Mode 2.0 becomes particularly useful to avoid such situations.

At present, this legislation only applies to regions of the European Economic Area (EEA). However, it is essential to keep a close eye on further guidance from other countries on this topic, as they too may eventually adopt similar restrictions.

What is Google’s consent regime?

Google’s consent mode is a mechanism used in Google’s tools – in particular, we are talking about Google Analytics 4 (GA4)/Google Tag Manager/Google Ads, which allows businesses to transmit consent signals from the CMP cookie consent banner to ensure user choice is respected. Essentially, this consent mode allows you to determine whether visitors to your website have consented or opted out of sharing their personal information for advertising, measurement, and personalization purposes.

If a user consents, Google may use this mechanism to obtain detailed analytics and other information about the user from cookies. Conversely, if the user does not consent, Google will restrict the use of cookies and identifiers to suit the user’s preferences.

Note: Google Consent Mode is NOT a stand-alone solution for managing user consent or cookie compliance. It does NOT replace the need for a Consent Management Platform (CMP) or cookie consent banner/widget, which is responsible for obtaining and managing user consent on the website. Instead, Consent Mode acts as an additional feature that works with the CMP to ensure that Google tags and scripts work in accordance with users’ consent preferences.

Google Consent Mode V1 or Google Consent Mode V2: What’s the difference between them?

Google Consent V1

In its beta version (v1), Google Consent Mode collected consent data based on two parameters:

  • ad_storage – this signal relates specifically to marketing targeting cookies and whether or not to store them on the server.
  • analytics_storage – this signal activates or deactivates the storage of cookies related to analytics, statistics, and performance (duration of visits, number of visitors, number of page views, etc.).

These parameters affect the behavior of Google Analytics scripts when loaded on a website. For example, if the ad_storage parameter is set to denied, Google will not store any data about the user’s ad.

The first version of Google Consent was introduced in 2020 to enable data collection for Google Analytics and Google Ads while complying with European data protection laws (GDPR). Google Consent Mode V2 is an updated version to accommodate the new Digital Markets Act, which takes effect in March 2024.

Google Consent V2

Version 2 goes further and controls the use of this data in Google’s advertising products through two new consent signals dedicated to audience building and remarketing:

  • ad_user_data – this signal relates to permission to send and share user data with Google for advertising and remarketing purposes using site-to-site identifiers (impacting campaign effectiveness and Smart Bidding).
  • ad_personalization – this signal relates to permission to personalize ads based on user data (an essential feature for building audience lists!). In layman’s terms, this enables personalized advertising.

If the user does not grant these two new parameters, Google will not be able to create specific audiences and serve personalized ads in the European Economic Area (EEA) region.

If the user refuses consent, Google Ads and GA4 tags will run in an anonymized form (without personal data). It is important to ensure that no personal data of the user is sent to the system. For this purpose, it is necessary to have two very similar tags ready, which are activated depending on the consent given. If consent is refused, a tag is triggered that does not include user data, transaction ID, and other sensitive information.

Google Consent Mode V2 thus offers two basic settings:

  • Basic Consent Mode – all features are activated only after consent has been granted for cookies.
  • Advanced Consent Mode – services work even if consent is denied, allowing for background data collection.

Overview: Consent mode parameters

Consent Type Description
ad_storage Enables storage (such as cookies) related to advertising.
ad_user_data Sets consent for sending user data related to advertising to Google.
ad_personalization Sets consent for personalized advertising.
analytics_storage Enables storage (such as cookies) related to analytics e.g. visit duration.

In addition to the consent mode parameters, there are the following privacy parameters:

Storage Type Description
functionality_storage Enables storage that supports the functionality of the website or app e.g. language settings.
personalization_storage Enables storage related to personalization e.g. video recommendations
security_storage Enables storage related to security such as authentication functionality, fraud prevention, and other user protection.

See more

The functioning of both modes is shown in the image below (or see Google’s official help on the behavior of the new tags under Google Consent V2):

In practice, the basic implementation means that unless you get consent from the visitor to use cookies, analytics, and advertising scripts are completely blocked.

On the other hand – the advanced implementation allows running these scripts in “anonymous” mode, even without cookie consent. This allows Google Analytics, for example, to use indirect data to fill in missing information due to lack of cookie consents, while Google Ads relies on anonymous data using machine learning to better tune conversion models and set up automated bidding strategies more effectively.

Regardless of the method chosen, two new parameters – ad_user_data and ad_personalization – need to be sent via the Consent Mode API to ensure these processes work properly.

As of March 6, 2024, you will need to have Consent Mode V2 implemented in either the “basic” or “advanced” version. There are several important aspects you should consider when doing this:

If you do not implement V2, there will be limitations in data collection for remarketing purposes and conversion attribution in Google Ads.

  • The Basic version – will not collect data in the background without user consent and there will be no data modeling.
  • The Advanced version – will continue to model missing data as before.

Relationship between consent rates and modelled conversions

Users who refuse to consent to cookies are likely to have significantly lower conversion rates compared to those who consent to their use (according to official additional help from Google on Google Ads, their extensive analysis has shown that conversion rates vary depending on consent to use cookies). Users who provide consent are two to five times more likely to convert than those who don’t. This difference is influenced by a number of factors such as the overall consent rate, industry specifics, or the type of conversion goal.

The example above shows how increases/decreases in consent rates do not correspond to increases/decreases in conversion rates because users who do not consent convert less frequently. In this case, the advertiser has a 50% consent rate but only a 19% decrease in conversions (12 out of 62) and an 18% increase in conversion rate from conversion modeling.

 

Consent mode 2.0 – what needs to be done?

As of March 1, 2024, every site will be required to implement an updated version of Consent Mode V2 in their cookie bar.

What does this mean?

This is part of a new EU regulation called the Digital Marketers Act, which places new requirements on large analytics platforms. This regulation introduces new technical specifications for cookie bars, primarily adjustments to the technical parameters for tracking data.

This change will mainly affect platforms from Google, such as Google Ads, DV360, and SA360. Within the consent panel, users will be able to manage their preferences directly in their Google account. Although the changes are described as “minor,” they have a significant impact on the way personalized ads and remarketing are executed.

What about the cookie bar? Do you need to change it?

The cookie bar doesn’t change in appearance. If the cookie banner is discreet, most users will probably ignore it anyway and won’t want to interact with it in any way. You can increase the likelihood of user consent by using clear and friendly text, using psychological elements, and grabbing attention. But there’s nothing more to change from a design perspective (unless you’re using some CMP and not a custom solution that perhaps no longer reflects recent changes to the background of cookie management itself).

When applying the legal changes it is advisable to do the following (this is a very brief summary, the whole issue is much more complex and I cover more below):

  1. Incorporate Google’s new cookies (ad_user_data, ad_personalization) into your cookie inventory.
  2. Add to your cookie documentation, which will now include information about Google and the tools you use.
  3. Mentioning the use of emails and phone numbers for tracking and advertising should be part of your data processing documentation.
  4. Pay attention to updating your consent bar to match the new requirements (this is essentially handled for you by your CMP if you don’t have a custom solution).

What is the difference between the cookie bar and Consent Mode?

A cookie bar is a visual tool on a web page that appears to inform users about the use of cookies and request their consent. It allows users to approve or reject the use of different types of cookies, including those for marketing or analytical purposes. This tool is a direct interface between the website and the user, aimed at ensuring transparency and compliance with legal requirements such as GDPR.

Google Consent Mode is specifically designed to work with Google services and how they process data, while cookie bars are more general tools that can affect a wide range of technologies and third parties used on websites. Google Consent Mode is a tool designed to optimize the way data is collected and used, based on the consent you have already given. Consent Mode therefore relies on the fact that consent has already been obtained (for example, via a cookie bar).

Google Consent Mode is therefore repeatedly not a stand-alone solution for managing user consent or cookie compliance. It does not replace the need for a Consent Management Platform (CMP) or a cookie consent banner/widget, which is responsible for obtaining and managing user consent on a website. Instead, Consent Mode acts as an additional feature that works with the CMP to ensure that Google tags and scripts work in accordance with users’ consent preferences.

On the other hand, Google Consent Mode is a tool that allows websites to customize how Google tools will use cookies and collect data based on user consent preferences. Thus, this mode sends user consent information directly to the Google services that are used on the site, based on the user’s decision made through the cookie bar.

Impact of Consent Mode 2.0 on the European Union and the rest of the world

It is clear that within the EU countries covered by the digital marketing rules, the implementation of Consent Mode V2 will be mandatory. Google should control this obligation based on the IP address of users. Outside the EU, there will be no obligation to implement the cookie bar or Consent Mode V2 at this time, but as I wrote above – that doesn’t mean that some companies won’t implement the same strict rules on cookie management, even if the law doesn’t explicitly forbid them to do so.

Google partner CMP is becoming a necessity

There are already certified consent management platforms (CMPs) from Google, such as the popular CookieBot/CookieFirst/Usercentrics/OneTrust and others. However, there is speculation that in the future, a certified CMP solution will be a necessity to meet regulatory requirements. The current list of CMP-supported partners can be found here.

End of third-party cookie support at the end of 2024

The changes in digital marketing don’t end in March, however. There will be other important and quite fundamental changes over the coming summer and fall:

The use of third-party cookies will be discontinued (ending in the autumn). Autumn 2024 will bring the end of support for third-party cookies, which means that user’s personal data, which is not directly linked to their identity, will now be crucial for conversion measurement and audience tracking. This measure is expected to lead to less effective marketing campaigns and a general reduction in the accuracy of remarketing targeting.

Users’ personal data will become the only identifiers for conversion measurement and audience tracking.

A reduction in the performance of marketing campaigns and generally less accurate remarketing targeting is expected. So, this is probably where those companies that have spent years building their brand and don’t have their entire business built on paid campaigns alone will win. It is recommended to consider strategies for obtaining user consent to register on the site, as ownership of email addresses with permission to use in marketing campaigns will become increasingly important.

Other alternatives to cookies in the future

Google has been experimenting with alternatives to cookies such as FloC, FloX, TurtleDove, and Fenced Frames for about a year. These technologies are based on aggregating user data, monitoring the pages visited, and then grouping the data into specific categories.

It is simplistic to say that unless there is some dramatic change, campaign targeting is likely to get worse as a result of increasingly complex data collection and a more complex legislative framework, ads/campaigns will get more expensive and the constant continuous integration of changing rules will also cost something.

However, there are other methods to strengthen data quality for analytics and marketing purposes in the context of the limited use of cookies and the coming end of third-party cookie support.

How to optimize data quality for digital marketing because of Google Consent Mode 2.0?

The key to successful behavioral modeling is an effective consent mode and sufficient data for AI. Google recognizes users who have not consented to the use of cookies and uses AI to estimate missing information for GA4.

The quality of the modeling increases with the amount of data collected from users who have given their consent. That is, the more data you have (the more consented traffic you get), the better the quality of this modeling.

However, there are alternative approaches that can help improve the quality of data for analytics and marketing platforms, especially in the context of the phasing out of cookies and the upcoming end of support for third-party cookies.

  • Adjusting the cookie bar – optimizing the cookie bar is key to increasing the level of user consent to cookie collection, which has a direct impact on the quality of data collection. The design and user-friendliness (UX) of the cookie bar play a critical role in the user’s decision-making process of whether or not to consent. What to consider when improving it? The cookie bar should be visually appealing and easy to navigate. For example, highlighting the consent button in green, while keeping the other options less prominent, can significantly increase the percentage of users who consent (but here some legal opinions differ on whether this point can be used – the visual design should be intuitive and not mislead users or lead them to unwanted consent). The text on the cookie bar should be clear and concise so that users understand exactly what they are consenting to. It is important that the text appears trustworthy and informs how the data will be used. A properly worded explanation can reassure users that their data will be processed responsibly and transparently. It is crucial to raise users’ awareness of the importance and benefits of providing consent so that data is lost as little as possible and analytical processes can be as accurate as possible. After all, we discussed this part above, that it is possible to personalize the bar and better explain its purpose (if someone had written that by giving consent you allow not to make services more expensive, everyone would probably agree on the spot :-)). Including animations or interactive elements can increase user engagement. For example, an animation that responds to cursor movement or triggers when the page loads can grab the user’s attention and increase the chance of consent. Users should be able to easily change their consent decision, which increases their confidence in the management of their data. The option to withdraw consent should be as accessible as the option to grant consent. Regular A/B testing of different versions of the cookie bar can help identify which design elements and what wording of text most effectively lead to consent. The data from these tests will allow the bar to be further optimized and improved. Implementing these features and continuously improving them can significantly contribute to a higher percentage of users giving consent to cookie collection, which is essential for effective online marketing and analytics. However, we are talking about – the entity in question needs to have the time and space for such forms of testing (for smaller companies/clients, this is basically pure utopia).
  • Behavioral modeling in GA4/Google Analytics – implementing a cookie bar that does not involve actively obtaining user consent can lead to significant data loss – specifically, it can be a 30% to 60% drop in analytics data from those users who have not consented to the use of cookies. By implementing an effective consent regime, we can save some of this data by using advanced behavioral modeling techniques in systems such as Google Analytics. This modeling allows us to simulate the likely behavior of users who have not provided consent and therefore allows us to maintain a degree of accuracy in our analytics reports. In this process, it is important to carefully set the cookie bar parameters to ensure maximum transparency and clarity of choice for the user. This can include clear and concise wording that informs users how and why their data is being used and offers simple options for granting or withholding consent.

  • Facebook Conversion API (CAPI for short) – the Facebook Conversion API (CAPI) is an advanced integration for digital marketing that provides two key benefits that directly impact the effectiveness and accuracy of digital advertising campaigns on Facebook. CAPI allows event data to be transferred directly from the advertiser’s server to Facebook’s server, resulting in higher quality and more reliable data. This minimizes data loss caused by blocking cookies in users’ browsers. As a result, the effectiveness of Facebook campaigns is improved as optimization is based on more accurate and complete information. According to recent studies, Facebook reports that implementing CAPI reduces acquisition costs by 13% and increases purchase event tracking by 19%. With the impending end of third-party cookie support, particularly in Chrome, CAPI offers a sustainable solution to continue profiling and data collection across domains. This is done through server-side measurement, which enables effective ad targeting and detailed reporting of campaign results without the need to rely on traditional cookies. In addition, CAPI provides flexibility in the transmission of different types of events, including those that take place on websites, in mobile apps, in offline interactions, and even in communications via apps like WhatsApp and Messenger. This includes the ability to transmit conversions from e-commerce transactions, in-app interactions, and other important signals relevant to marketing purposes. With CAPI, advertisers have full control over what data is shared with Facebook.
  • Enhanced Conversions/Enhanced Conversions – Enhanced Conversions, also known as Enhanced Conversions, is a key tool for increasing the accuracy of conversion measurement in digital marketing campaigns, especially Google Ads. This technology allows for better matching of conversion actions to real users by comparing hashed data collected from advertisers’ conversion pages with data from logged-in users in Google. A key aspect of successfully implementing Enhanced Conversions is obtaining users’ consent to use their data for this purpose. Users should be clearly informed about what data is being collected and how it will be used, and they must actively consent to the sharing of this information with third parties. This is achieved by effectively deploying a cookie bar that allows users to grant or deny this consent. Enhanced conversions can be implemented in several ways that vary according to technical requirements and advertiser preferences:
    • Using Google Tag (gtag.js), which is a direct integration into the website code.
    • Using Google Tag Manager, which allows tag management without the need to intervene in the page code.
    • The Google Ads API, is suitable for advanced users who want to automate and scale processes through the API.

All of these methods require careful configuration and testing to ensure that data is collected and processed correctly, resulting in the benefits of more effective and targeted ad campaigns. With a better understanding of users’ paths to purchase and their conversion behavior, marketing strategies can be optimized and ROI maximized.

How to evaluate data more effectively with Google Consent Mode 2.0?

Possible avenues that will be used to evaluate campaigns in the future may include:

  • Attribution – evaluation is done through Google Analytics 4 (GA4), which is a simple and affordable solution suitable for routine evaluation of ad campaign effectiveness, such as very simple click campaigns. It’s important to note that while clicks can provide useful data, additional, deeper metrics are needed to comprehensively analyze campaign effectiveness and understand user behavior (as any PPCer who does more than just brand campaigns will probably tell you, just evaluating clicks is certainly not enough). But for smaller companies, it may be enough for a while. It’s important to mention here that there will be a significant loss of data in GA4 – specifically, there may be a 30-60% drop in analytics data from those users who did not consent to the use of cookies, i.e. you’ll be missing a pretty important sample of data about users who were on the site but for some (unknown to you) reason did not consent and so you won’t learn much about them.
  • Incrementality (causality test) – for brand campaigns, you can use Google Casual Impact, which allows for detailed analysis. Optimal results can be achieved through geo-split testing, which involves selecting regions where the campaign will run or not. Choosing the appropriate region can be difficult and challenging to implement, but it’s effective for evaluating campaigns before and after launch. The advantage of incrementality is low cost.
  • Marketing Mix Modeling (MMM) – can be done by an experienced data analyst or with tools like lifesight.io. This is suitable for companies with a wide range of offline and online advertising activities and for tracking long-term trends. External factors such as GDP trends, inflation, interest rates, weather, or seasonality can also be included in the modeling, although the assessment can be complex. This model, on the other hand, is quite unusable for smaller companies as it requires quite a bit of time and money in addition to expert knowledge.

Other useful resources:

AI news OSN and global resolution on AI

AI news: OSN and global resolution on AI

Leave a reply

OSN has just unanimously adopted the first global resolution on artificial intelligence. While this step symbolizes significant progress towards a coordinated global approach to the regulation and development of AI, we must not overlook its non-binding nature and potential shortcomings.

The resolution calls on states to focus on the protection of human rights and personal data while monitoring the risks associated with AI. Although it is supported by more than 120 countries, including China and the US, its actual impact remains uncertain, mainly due to its non-binding nature.

Although the initiative counts on the support of all 193 UN member states and emphasizes unity in the approach to AI governance, there is a significant lack of concrete measures to guarantee its safe development and use. U.S. Ambassador to the U.N. Linda Thomas-Greenfield’s statement that “together we will choose to govern AI rather than have it govern us” sounds encouraging, but requires more than words – we need action.

Concerns about the potential misuse of AI, including disruption of democratic processes, fraud, or massive job losses, are ever present. The resolution offers a framework, but without binding rules or sanctions for those who do not respect the standards, its effectiveness remains in question.

Europe is emerging as a leader in AI regulation, while in the U.S., political polarization is hindering legislative progress. Although the White House is taking steps to reduce the risks associated with AI, a global response to the challenges posed by AI requires more than just US leadership.

This resolution is a step in the right direction, but its success will depend on the ability to transform words into binding actions that ensure AI serves society ethically and safely. It’s time to move the discussion out of UN meeting rooms and into concrete, binding action.

Machine learning – how does it actually work?

Leave a reply

Lately, the term “machine learning” has been on everyone’s lips. But what’s the real scoop on how it works?

In a nutshell, it’s all about teaching computers to recognize patterns in data and make decisions based on them. Instead of manually writing out programs, algorithms are trained on heaps of data so they can “learn” to perform specific tasks on their own.

There’s a whole toolbox of machine-learning techniques out there. Let’s dive into a few of them in this article.

Regression – predicting numerical values

Regression models come into play when we want to predict a continuous numerical value based on input data. For instance, guessing a property’s price from its size, location, and so on. The poster child for regression techniques is linear regression, which fits a line through data points to minimize prediction error.

Classification – sorting into classes

Unlike regression, classification models aim to sort objects into classes or categories. Think of distinguishing between a cat and a dog in a photo or predicting whether a customer will stick with a company or jump ship based on their behavior. Common classification techniques include decision trees, neural networks, and support vector machines.

Clustering – finding similar points

Clustering algorithms seek out points in a large dataset that are similar to each other and group them into clusters or clusters. This technique is handy for things like customer segmentation for targeted marketing or organizing a vast number of documents into thematically similar groups.

Dimensionality reduction – simplifying data

We often encounter data brimming with attributes, which complicates processing and analysis. Dimensionality reduction techniques strive to reduce the number of attributes while retaining as much information as possible. For example, the principal component analysis method can replace a large set of original attributes with a smaller number of new variables.

Ensemble methods – strength in numbers

Instead of relying on a single model, we create multiple models and let them vote. For example, rather than using one decision tree, we might use a bunch of trees, each trained on different data slices. We then combine the results, say, by voting or averaging. This approach often leads to more accurate outcomes.

Neural networks – brain inspiration

Neural networks mimic the brain’s structure, consisting of simple computational nodes connected by links. By adjusting the weights of these links appropriately, the network can be trained to solve complex problems. In recent years, a special type of neural network, known as deep learning, has made significant strides in tasks like image recognition or speech processing.

The backbone of modern machine learning, especially deep learning, is the use of advanced high-tech computers, often referred to as high-performance computing (HPC) systems. These systems are equipped with powerful GPUs (Graphics Processing Units) or TPUs (Tensor Processing Units) designed specifically to handle the massive computational demands of training complex neural networks. HPC systems are crucial for processing large datasets, running simulations, and speeding up the training process, which can otherwise take an impractical amount of time.

The cost of these advanced computing systems can be substantial. Typically, funding comes from a mix of sources depending on the setting. In academic and research institutions, funding may come from government grants, research endowments, and partnerships with industry leaders. For private companies, especially those in the tech sector, investment in HPC infrastructure is often viewed as essential for staying competitive, with costs being a part of the company’s research and development (R&D) budget. Additionally, cloud computing platforms now offer access to HPC resources on a pay-as-you-go basis, making advanced computing power accessible to startups and smaller companies without the need for upfront investment in physical hardware.

The rise of cloud-based machine learning platforms has democratized access to advanced computing resources. Companies like Google, Amazon, and Microsoft offer machine learning services that run on their cloud infrastructures, allowing users to pay only for the computing resources they consume. This model has lowered the barrier to entry for innovative machine learning projects, enabling a broader range of companies and researchers to explore complex models without the need for significant capital investment in hardware.

Transfer learning – knowledge transfer

Instead of training a model from scratch, we can leverage knowledge gained from solving a similar problem. For instance, a neural network trained to recognize faces can be “retrained” to identify dogs and cats. Transferring learned features to a new domain often speeds up training and improves results.

With the advent of technologies like GPT-3, machine learning is not just about recognizing patterns or making predictions anymore. It’s also about understanding and generating human-like text, opening up new avenues in natural language processing and beyond. This leap forward has transformed how we interact with technology, making it more intuitive and human-centered.

We’ve seen a few examples of how machine learning works. The key is to find the technique that best matches the type of problem at hand and to train models on quality data. While the principles might seem straightforward, successfully deploying machine learning in practice is quite challenging. Yet, diving into this field is well worth it, as it opens up fascinating possibilities for data analysis and practical applications.

Consent Management Platform (CMP) – what is it?

Leave a reply

In today’s digital age, it has become increasingly important for organizations to prioritize their users’ privacy and data protection. With the introduction of GDPR and other privacy regulations, businesses must now ensure that they are obtaining proper consent from their users before collecting and processing their personal information.

This is where Consent Management Platforms (CMPs) come into play.

What is Consent Management Platform (CMP)?

A Consent Management Platform is a tool used by organizations to facilitate and manage the collection of user consent for data processing activities. These platforms provide users with clear and transparent information about how their data will be used, and give them the ability to easily understand and control their privacy settings. CMPs also help organizations comply with various data protection regulations by ensuring that users have given explicit and informed consent before their data is collected and processed.

One of the main functions of a CMP is to collect and store user consent preferences in a central location. This allows organizations to easily manage and track user consent across different channels and platforms. CMPs also provide customizable consent pop-ups and banners that can be easily integrated into websites and mobile apps. These pop-ups typically include clear and concise language explaining the purposes of data processing, the types of data being collected, and the duration of data retention.

In addition to collecting and managing user consent, CMPs also help organizations monitor and audit their consent practices. These platforms often include dashboards and reporting tools that provide insights into user consent rates, preferences, and compliance status. This allows organizations to quickly identify and address any potential compliance issues and make necessary adjustments to their data processing activities.

Furthermore, CMPs play a crucial role in building trust and credibility with users. By providing transparent and user-friendly consent processes, organizations can demonstrate their commitment to privacy and data protection. This can lead to increased user trust, loyalty, and engagement, ultimately benefiting the organization’s reputation and bottom line.

Overall, Consent Management Platforms are essential tools for organizations looking to prioritize user privacy and comply with data protection regulations. By implementing a CMP, organizations can ensure that they are obtaining proper consent from their users, building trust and credibility, and ultimately safeguarding their users’ personal information.

How to choose the best CMP for your project?

Choosing the best CMP (Consent Management Platform) for your project requires considering several factors specific to your needs. Here’s a breakdown to help you navigate the selection process:

Understand your needs for your project and the features of CMP

  • Website Traffic – high-traffic websites require robust CMPs with features like advanced reporting and analytics.
  • Compliance requirements – identify the privacy regulations you need to comply with (e.g., GDPR, CCPA). Choose a CMP that caters to those specific regulations.
  • Technical expertise – consider your team’s technical capabilities. Some CMPs offer easier integration with user-friendly interfaces, while others require more technical expertise.

Key features to evaluate for new CMP

  • Consent management – look for features like granular consent options, clear and customizable consent banners, and the ability to manage consent across devices. Also when and how the banner will look like, and what possible behavior of the cookie banner you can directly set in admin (consent settings)
  • Reporting and analytics – track user consent choices and gain insights into how users interact with your CMP.
  • Integrations – ensure the CMP integrates seamlessly with your existing analytics and marketing tools.
  • Scalability – choose a CMP that can scale with your website traffic and evolving privacy needs.
  • Team collaboration – for bigger companies having many various websites, landing pages, and projects – you also need from CMP an easily manageable admin offering to select user roles, allowing you to simply add new users or delete people who left the company, etc.
  • Additional features – additional features can also play a significant role in your CMP selection. Look for options like:
    • Draft options allowing you to restore previously published versions: This is crucial for making edits and revisions to your consent banner or the privacy policy without permanently affecting the live version.
    • Advanced consent logging – detailed logging of user consent choices provides valuable insights into user behavior and helps ensure compliance with regulations requiring demonstrable consent records.
    • Customizable branding – the ability to tailor the CMP’s appearance to match your website’s branding creates a more seamless user experience.
    • Advanced reporting and analytics – beyond basic reporting, some CMPs offer advanced features like user journey tracking and consent trend analysis, providing deeper insights into user interactions with your CMP.
    • Offline consent management – this allows users to manage their consent preferences even when they’re not actively browsing your website.

Other factors to consider for CMP

  • Pricing – pricing models for CMPs can vary. Some tools are for a fixed price, some are based on a number of consents collected, while others might have custom quotes. Consider the value proposition – is the cost justified by the features and benefits offered? Some CMPs look cheap at the beginning, but when you try to recalculate the whole price for all features you need including for example thousands or millions of pages, it can be very, very expensive tools sometimes.
  • A/B testing – this allows you to test different consent banner designs and messaging to see which ones result in higher consent rates.
  • Geo-targeting – enables the CMP to display different consent banners or options based on the user’s location, ensuring compliance with regional privacy regulations.
  • Customizable workflows – the ability to configure the CMP’s workflow to fit your specific needs. This might include things like defining what happens when a user consents/doesn’t consent, or how long consent lasts.
  • Vendor management – some CMPs offer features to help you manage your relationships with third-party vendors who place cookies on your site. This might include functionalities for creating vendor contracts or managing consent preferences for individual vendors.
  • Consent recollection – the ability to easily recollect consent from users at a later date, especially important if your privacy policy or cookie usage changes significantly.
  • Advanced consent options – look for CMPs offering features like remembering user consent preferences across visits or allowing for granular consent for specific cookie categories. Of course, the new CMP should support Google Consent Mode V2, some experimental features, etc.
  • Data leak prevention – some CMPs integrate with data leak prevention (DLP) solutions to ensure user data collected through cookies is handled securely.

Many CMPs offer free trials or demos. Take advantage of these to test the platform’s user interface, ease of integration, and reporting features.

There’s no “one size fits all” solution. The best CMP for you depends on your specific project requirements and resources. By carefully evaluating your needs and comparing different options, you can find the platform that best supports your consent management goals.

What are the most used and well-known CMPs?

I can personally recommend these tools (all are paid ones, I mean if some of them are free, even for smaller projects you need to use the paid version). But in case you don’t want to create your solution, it is actually quite an easy decision. Most of these costs around 30 – 1 00 euros per month per domain depending on the complexity of your website.

  • CookieBot and Usercentrics – these are established CMP providers offering various features for cookie consent management and compliance with regulations like GDPR and CCPA. They likely have quite a good pricing model (around 30-100 USD per month depending on the size of your site/number of website pages).

  • CookieFirst – this is another CMP solution aiming for GDPR, ePR, CCPA, and LGPD compliance. They emphasize features like a comprehensive cookie scanner and user-friendly setup. It is a little cheaper than CookieBot, so for some smaller projects, it can be also a very good choice.

  • OneTrust – one of the most used and well-known CMPs is OneTrust. Very popular platform known for its wider privacy compliance solutions. OneTrust offers a CMP alongside other privacy tools like data governance and breach response. This makes it a good choice for companies needing a comprehensive privacy program. OneTrust offers a range of pricing options depending on the size and needs of the organization.

  • Osano – is known for its scalability and ease of use. Osano boasts a massive user base and processes billions of consents monthly. Their focus on a single-line JavaScript code snippet makes integration simple.

  • TrustArc – a privacy industry veteran offering a comprehensive CMP suite. TrustArc goes beyond basic consent management, providing features for data subject requests and vendor management. Their experience gives them a strong understanding of evolving privacy regulations.

  • CookieScript – a user-friendly CMP with a focus on simplicity and affordability. CookieScript offers a user-friendly interface and is known for its clear and concise consent banners. This makes it a good option for smaller websites or those prioritizing a straightforward solution.

  • Didomi – a European-based CMP known for its strong data privacy focus. Didomi is built with a focus on European regulations like GDPR and offers granular consent options. Their European base allows them to stay updated on the evolving privacy landscape there.

  • Complianz – GDPR/CCPA Cookie Consent for WordPress is a plugin (in a free and paid version) that complies with many privacy laws and regulations around the world, including GDPR, CCPA, and PECR. It also offers features such as cookie scanning, automatic cookie blocking, and consent recording.