[[{"@context":"http:\/\/schema.org","@type":"Article","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article","articleBody":"It\u2019s tempting to think of Google\u2019s recent GDPR penalty as a first. The $56 million judgement is the biggest GDPR fine to be issued by a European regulator, and the first time a tech giant has been found to be in non-compliance of the regulation.\nBut a different story emerges after looking more closely at the EU\u2019s regulatory activity since GDPR enforcement began in May 2018. The Google penalty isn\u2019t the start of something new; on the contrary, it\u2019s the latest development in the EU\u2019s pursuit to make businesses more transparent about data collection and processing.\nThis wider view also shows a clear trend: Regulators are primarily targeting a company\u2019s consent data collection and management practice in their investigations.\nWhat does this mean for your business? More than ever, consent data management is the front line for your GDPR risk exposure and your reputation as a transparent, trusted business.\n \nCustomer data strategy: Solving the direct to consumer puzzle\n   To optimize direct to consumer models and win against digitally native competitors, consumer products companies need a focused customer data strategy.  \nTransparency: The heart of the Google penalty\nWhen CNIL, the data protection authority in France, announced Google\u2019s penalty, regulators described two main violations. In both instances, the company\u2019s efforts to be transparent about its collection and processing of personal data were deemed to be flawed.\nIn the first violation, CNIL said users weren\u2019t able to fully understand the extent of Google\u2019s data processing operations across its ecosystem of products and services. In the second violation, CNIL said Google failed to validly obtain the user\u2019s consent to process data for ads personalization purposes.\nThe regulators cited two reasons for the ads personalization violation:\nFirst, the consent was not sufficiently informed since information was spread across multiple documents and did not enable users to understand the extent of the processing operations.\nSecondly, they didn\u2019t find consent requests to process data for ads personalization to be specific or unambiguous enough to meet GDPR requirements.\nCNIL felt these violations were enough to take unprecedented action: \u201cThe amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent.\u201d\nThe first shot across adtech\u2019s bow: Consent data management becomes more important than ever to the future of business\nEven before the Google penalty, CNIL had been aggressive in pursuing major investigations involving potential GDPR violations around the consent issue. In late October, they issued a decision against Vectaury \u2013 a French adtech firm \u2013 that is threatening the status quo of the entire adtech industry.\nIn their investigation, CNIL found that Vectaury, and the consent framework they used, bundled consent for third-party data processing through partner contracts. The governing authority called for a halt to this practice and has required Vectaury to cease data processing as the legal case proceeds.\nPrivacy activists and adtech firms took immediate notice of the decision. Bundled consent is at the heart of the online ad industry\u2019s real-time bidding (RTB) system. This system, which has displaced traditional models of digital ad selling, is growing at breakneck speed. It\u2019s estimated RTB digital advertising spend will reach $23.5 billion in the United States in 2018 compared to a $6.3 billion spend in 2014.\nWhen viewed in combination with other GDPR-based complaints about the RTB system, it\u2019s clear this pillar of the adtech industry is under regulatory assault. And, as the CNIL decision shows, regulators are willing to shut down a company\u2019s data processing operations if it finds it in violation of GDPR\u2019s consent requirements.\nAt the source: Consent matters to consumers\nIt\u2019s important to realize these high-profile investigations and penalties originally started with consumer complaints. EU member states received a total of 42,230 GDPR-related complaints from the time enforcement began until October. Of those, Giovanni Buttarelli, the European Data Protection Supervisor, told TechCrunch that customer consent is the most pressing issue:\n\u201cIn cases in which it is indispensable to build on consent it should be much more than in the past based on exhaustive information; much more details, written in a comprehensive and simple language, accessible to an average user, and it should be really freely given \u2014 so no blackmailing.\u201d\n \nThe customer data revolution: CRM and CDP roles evolve\n   CDP solutions offer businesses an answer to the consumer privacy concerns that fueled data privacy laws and the customer data revolution.  \nConsent data management strategy is a must\nIf your company serves customers in Europe, your consent data management strategy needs to be a priority. By developing a vision for capturing consent and preferences holistically across touchpoints, brands, and channels \u2013 for every instance when this data needs to be captured according to GDPR requirements \u2013 you can drastically mitigate regulatory risk.\nIn addition, if you develop a reliable system for enforcing a customer\u2019s preference and consent choices to downstream applications and services, your business will avoid a major source of GDPR-based complaints.\nMoreover, honoring customers\u2019 preferences and consent choices helps build trust in this new age of consumer privacy and data protection. And this trust is the foundation of today\u2019s meaningful customer relationships. Without trust, customers jump to competitors and brand reputation takes a serious hit, as many businesses who are not managing preferences and consent data according to GDPR standards are about to find out.\n\u2714\ufe0f Holistic digital strategy \u2714\ufe0f\u00a0Address data privacy regulations \u2714\ufe0f Build trust with customers  We\u2019ve got it all HERE.","author":{"@type":"Person","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article_Person","image":{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article_Person_ImageObject","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/uploads\/2018\/09\/Ratul_Tie-150x150.jpg"},"name":"Ratul Shah","sameAs":["https:\/\/twitter.com\/Ratul","https:\/\/www.linkedin.com\/in\/ratulshah\/"],"url":"https:\/\/www.the-future-of-commerce.com\/contributor\/ratul-shah\/"},"dateModified":"2021-03-01T19:50:12+00:00","datePublished":"2019-02-05T11:00:00+00:00","description":"Companies are beginning to see enforcement actions around data privacy violations. A consent data management mitigates regulatory risk.","headline":"Consent data management is essential to the future of business","image":{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article_ImageObject","height":"630","url":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2019\/02\/thumbnail-ded60504a398e8bdf9ee903067a54d60-1200x630.jpeg","width":"1200"},"mainEntityOfPage":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/","name":"Consent data management is essential to the future of business","publisher":{"@type":"Organization","@id":"https:\/\/www.the-future-of-commerce.com\/","additionalType":"https:\/\/www.wikidata.org\/wiki\/Q1193236","description":"Relevant, timely information & analysis on commerce trends, both consumer-facing and B2B.","logo":{"@type":"ImageObject","@id":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1","height":"96","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1","width":"500"},"name":"The Future of Customer Engagement and Experience","sameAs":["https:\/\/podcasts.apple.com\/us\/podcast\/a-call-for-a-better-experience\/id1479742201","https:\/\/twitter.com\/FutureOfCEC","https:\/\/www.linkedin.com\/groups\/4844282","https:\/\/www.the-future-of-commerce.com\/feed\/"],"url":"https:\/\/www.the-future-of-commerce.com\/"},"url":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article"},{"@type":["Article"],"@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article","@context":{"@vocab":"http:\/\/schema.org\/","kg":"http:\/\/g.co\/kg"},"url":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/","publisher":[{"@id":"https:\/\/www.the-future-of-commerce.com\/"}],"author":[{"@type":"Person","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article_author_Person","image":[{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article_author_Person_image_ImageObject","url":"https:\/\/cdn-bijap.nitrocdn.com\/AuMaQmessFRMSicXmZsEecJFLEquAyoT\/assets\/static\/optimized\/rev-b3d386d\/wp-content\/uploads\/2018\/09\/Ratul_Tie-150x150.jpg"}],"sameAs":["https:\/\/twitter.com\/Ratul","https:\/\/www.linkedin.com\/in\/ratulshah\/\nhttps:\/\/twitter.com\/Ratul"],"url":"https:\/\/www.the-future-of-commerce.com\/contributor\/ratul-shah\/\nhttps:\/\/www.the-future-of-commerce.com\/contributor\/ratul-shah\/","name":"https:\/\/www.the-future-of-commerce.com\/contributor\/ratul-shah\/\nhttps:\/\/www.the-future-of-commerce.com\/contributor\/ratul-shah\/"}],"subjectOf":[{"@type":"FAQPage","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article_subjectOf_FAQPage","mainEntity":[{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#subjectOf_FAQPage_mainEntity0","name":"Transparency: The heart of the Google penalty","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#subjectOf_FAQPage_mainEntity0_acceptedAnswer_Answer","text":"When CNIL, the data protection authority in France, <a href=\"https:\/\/www.cnil.fr\/en\/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc\" target=\"_blank\" rel=\"noopener noreferrer\">announced Google\u2019s penalty<\/a>, regulators described two main violations. In both instances, the company\u2019s efforts to be transparent about its collection and processing of personal data were deemed to be flawed.In the first violation, CNIL said users weren\u2019t able to fully understand the extent of Google\u2019s data processing operations across its ecosystem of products and services. In the second violation, CNIL said Google failed to validly obtain the user\u2019s consent to process data for ads personalization purposes.<strong>The regulators cited two reasons for the ads personalization violation:<\/strong> <li><strong>First<\/strong>, the consent was not sufficiently informed since information was spread across multiple documents and did not enable users to understand the extent of the processing operations.<\/li> <li><strong>Secondly<\/strong>, they didn\u2019t find consent requests to process data for ads personalization to be specific or unambiguous enough to meet GDPR requirements.<\/li> CNIL felt these violations were enough to take unprecedented action: \u201cThe amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent.\u201d"}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#subjectOf_FAQPage_mainEntity1","name":"The first shot across adtech\u2019s bow: Consent data management becomes more important than ever to the future of business","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#subjectOf_FAQPage_mainEntity1_acceptedAnswer_Answer","text":"Even before the Google penalty, CNIL had been aggressive in pursuing major investigations involving potential GDPR violations around the consent issue. In late October, they <a href=\"https:\/\/techcrunch.com\/2018\/11\/20\/how-a-small-french-privacy-ruling-could-remake-adtech-for-good\/\" target=\"_blank\" rel=\"noopener\">issued a decision against Vectaury<\/a> \u2013 a French adtech firm \u2013 that is threatening the status quo of the entire adtech industry.In their investigation, CNIL found that Vectaury, and the consent framework they used, bundled consent for third-party data processing through partner contracts. The governing authority called for a halt to this practice and has required Vectaury to cease data processing as the legal case proceeds.Privacy activists and adtech firms took immediate notice of the decision. Bundled consent is at the heart of the online ad industry\u2019s real-time bidding (RTB) system. This system, which has displaced traditional models of digital ad selling, is growing at breakneck speed. It\u2019s estimated <u><a href=\"https:\/\/www.statista.com\/statistics\/377658\/rtb-digital-display-ad-spend-selected-countries\/\" target=\"_blank\" rel=\"noopener noreferrer\">RTB digital advertising spend will reach $23.5 billion<\/a><\/u> in the United States in 2018 compared to a $6.3 billion spend in 2014.When viewed in combination with other GDPR-based complaints about the RTB system, it\u2019s clear this pillar of the adtech industry is under regulatory assault. And, as the CNIL decision shows, regulators are willing to shut down a company\u2019s data processing operations if it finds it in violation of GDPR\u2019s consent requirements."}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#subjectOf_FAQPage_mainEntity2","name":"At the source: Consent matters to consumers","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#subjectOf_FAQPage_mainEntity2_acceptedAnswer_Answer","text":"It\u2019s important to realize these high-profile investigations and penalties originally started with consumer complaints. EU member states received a total <a href=\"https:\/\/techcrunch.com\/2018\/10\/03\/europe-is-drawing-fresh-battle-lines-around-the-ethics-of-big-data\/\" target=\"_blank\" rel=\"noopener noreferrer\">of 42,230 GDPR-related complaints<\/a> from the time enforcement began until October. Of those, Giovanni Buttarelli, the European Data Protection Supervisor, told TechCrunch that <a href=\"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/\">customer consent<\/a> is the most pressing issue:\u201cIn cases in which it is indispensable to build on consent it should be much more than in the past based on exhaustive information; much more details, written in a comprehensive and simple language, accessible to an average user, and it should be really freely given \u2014 so no blackmailing.\u201d"}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#subjectOf_FAQPage_mainEntity3","name":"Consent data management strategy is a must","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#subjectOf_FAQPage_mainEntity3_acceptedAnswer_Answer","text":"If your company serves customers in Europe, your consent data management strategy needs to be a priority. By developing a vision for capturing consent and preferences holistically across touchpoints, brands, and channels \u2013 for every instance when this data needs to be captured according to GDPR requirements \u2013 you can drastically mitigate regulatory risk.In addition, if you develop a reliable system for enforcing a customer\u2019s preference and consent choices to downstream applications and services, your business will avoid a major source of GDPR-based complaints.Moreover, honoring customers\u2019 preferences and consent choices helps build trust in this new age of consumer privacy and data protection. And this trust is the foundation of today\u2019s meaningful customer relationships. Without trust, customers jump to competitors and brand reputation takes a serious hit, as many businesses who are not managing preferences and consent data according to GDPR standards are about to find out."}]}]}],"image":[{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#Article_image_ImageObject","url":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2019\/02\/thumbnail-ded60504a398e8bdf9ee903067a54d60-1200x630.jpeg","width":"1200","height":"630"}],"mainEntityOfPage":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/","articleBody":" It\u2019s tempting to think of Google\u2019s recent GDPR penalty as a first. The $56 million judgement is the biggest GDPR fine to be issued by a European regulator, and the first time a tech giant has been found to be in non-compliance of the regulation. But a different story emerges after looking more closely at the EU\u2019s regulatory activity since GDPR enforcement began in May 2018. The Google penalty isn\u2019t the start of something new; on the contrary, it\u2019s the latest development in the EU\u2019s pursuit to make businesses more transparent about data collection and processing. This wider view also shows a clear trend: Regulators are primarily targeting a company\u2019s consent data collection and management practice in their investigations. What does this mean for your business? More than ever, consent data management is the front line for your GDPR risk exposure and your reputation as a transparent, trusted business.   Customer data strategy: Solving the direct to consumer puzzle   To optimize direct to consumer models and win against digitally native competitors, consumer products companies need a focused customer data strategy.    Transparency: The heart of the Google penalty When CNIL, the data protection authority in France, announced Google\u2019s penalty, regulators described two main violations. In both instances, the company\u2019s efforts to be transparent about its collection and processing of personal data were deemed to be flawed. In the first violation, CNIL said users weren\u2019t able to fully understand the extent of Google\u2019s data processing operations across its ecosystem of products and services. In the second violation, CNIL said Google failed to validly obtain the user\u2019s consent to process data for ads personalization purposes. The regulators cited two reasons for the ads personalization violation:  First, the consent was not sufficiently informed since information was spread across multiple documents and did not enable users to understand the extent of the processing operations. Secondly, they didn\u2019t find consent requests to process data for ads personalization to be specific or unambiguous enough to meet GDPR requirements.  CNIL felt these violations were enough to take unprecedented action: \u201cThe amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent.\u201d The first shot across adtech\u2019s bow: Consent data management becomes more important than ever to the future of business Even before the Google penalty, CNIL had been aggressive in pursuing major investigations involving potential GDPR violations around the consent issue. In late October, they issued a decision against Vectaury \u2013 a French adtech firm \u2013 that is threatening the status quo of the entire adtech industry. In their investigation, CNIL found that Vectaury, and the consent framework they used, bundled consent for third-party data processing through partner contracts. The governing authority called for a halt to this practice and has required Vectaury to cease data processing as the legal case proceeds. Privacy activists and adtech firms took immediate notice of the decision. Bundled consent is at the heart of the online ad industry\u2019s real-time bidding (RTB) system. This system, which has displaced traditional models of digital ad selling, is growing at breakneck speed. It\u2019s estimated RTB digital advertising spend will reach $23.5 billion in the United States in 2018 compared to a $6.3 billion spend in 2014. When viewed in combination with other GDPR-based complaints about the RTB system, it\u2019s clear this pillar of the adtech industry is under regulatory assault. And, as the CNIL decision shows, regulators are willing to shut down a company\u2019s data processing operations if it finds it in violation of GDPR\u2019s consent requirements. At the source: Consent matters to consumers It\u2019s important to realize these high-profile investigations and penalties originally started with consumer complaints. EU member states received a total of 42,230 GDPR-related complaints from the time enforcement began until October. Of those, Giovanni Buttarelli, the European Data Protection Supervisor, told TechCrunch that customer consent is the most pressing issue: \u201cIn cases in which it is indispensable to build on consent it should be much more than in the past based on exhaustive information; much more details, written in a comprehensive and simple language, accessible to an average user, and it should be really freely given \u2014 so no blackmailing.\u201d   The customer data revolution: CRM and CDP roles evolve   CDP solutions offer businesses an answer to the consumer privacy concerns that fueled data privacy laws and the customer data revolution.    Consent data management strategy is a must If your company serves customers in Europe, your consent data management strategy needs to be a priority. By developing a vision for capturing consent and preferences holistically across touchpoints, brands, and channels \u2013 for every instance when this data needs to be captured according to GDPR requirements \u2013 you can drastically mitigate regulatory risk. In addition, if you develop a reliable system for enforcing a customer\u2019s preference and consent choices to downstream applications and services, your business will avoid a major source of GDPR-based complaints. Moreover, honoring customers\u2019 preferences and consent choices helps build trust in this new age of consumer privacy and data protection. And this trust is the foundation of today\u2019s meaningful customer relationships. Without trust, customers jump to competitors and brand reputation takes a serious hit, as many businesses who are not managing preferences and consent data according to GDPR standards are about to find out. \u2714\ufe0f Holistic digital strategy \u2714\ufe0f&nbsp;Address data privacy regulations \u2714\ufe0f Build trust with customers  We\u2019ve got it all HERE.    ","name":"Consent data management is essential to the future of business","dateModified":"2022-03-17T03:09:12+00:00","datePublished":"2019-02-05T11:00:00+00:00","headline":"Consent data management is essential to the future of business","description":"Companies are beginning to see enforcement actions around data privacy violations. A consent data management mitigates regulatory risk."},{"@context":"http:\/\/schema.org","@type":"Organization","logo":{"@type":"ImageObject","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1","height":"96","width":"500","@id":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1"},"name":"The Future of Customer Engagement and Experience","sameAs":["https:\/\/podcasts.apple.com\/us\/podcast\/a-call-for-a-better-experience\/id1479742201","https:\/\/twitter.com\/FutureOfCEC","https:\/\/www.linkedin.com\/groups\/4844282","https:\/\/www.the-future-of-commerce.com\/feed\/"],"additionalType":"https:\/\/www.wikidata.org\/wiki\/Q1193236","url":"https:\/\/www.the-future-of-commerce.com\/","description":"Relevant, timely information & analysis on commerce trends, both consumer-facing and B2B.","@id":"https:\/\/www.the-future-of-commerce.com\/"}],{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"2019","item":"https:\/\/www.the-future-of-commerce.com\/2019\/#breadcrumbitem"},{"@type":"ListItem","position":2,"name":"02","item":"https:\/\/www.the-future-of-commerce.com\/2019\/\/02\/#breadcrumbitem"},{"@type":"ListItem","position":3,"name":"05","item":"https:\/\/www.the-future-of-commerce.com\/2019\/\/02\/\/05\/#breadcrumbitem"},{"@type":"ListItem","position":4,"name":"Consent data management is essential to the future of business","item":"https:\/\/www.the-future-of-commerce.com\/2019\/02\/05\/consent-data-management\/#breadcrumbitem"}]}]