Further discussion for consent
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
July 12, 20211.2K views0 comments
When you go to some websites, you will find this gentle pop-up that seeks consent. Usually, it is the cookie consent or directions to read privacy notices. But most of the time, people don’t read these things because they are long and inaccessible.
However, when you dig deeper into some consent forms, you would find it shocking and scary. For example, a free site that talks about health and gives instructions to individuals on how to do certain things will have to make money. The question then is how do they make this money? It’s called ad.
These websites sell targeting and advertising cookies to companies that run analytics. These cookies are structured to gather information from an individual’s device to display advertisements based on your interests. Thus, your behaviour online becomes a thing of monitoring. Websites can also share these datasets with other advertisers to do their marketing further.
In the strict sense, it is called online behavioural advertising, where websites place cookies on your device to observe your every move online. For example, you can speak to your friend about buying a new television, and you would start getting adverts and wondering how that happens. What happened is that you probably consented to a separate cookie policy.
What’s more, these companies claim that they would place the cookie on your device for a long time. Some marketing companies say that they would leave the cookie on your device for “as long as possible”. Which, in simple terms, means forever.
Individuals need to be wary about consenting to anything. You must check what you agree to and what the company intends to do with your data. Unfortunately, most websites are not clear about their consent policies, and that’s a complex area in data protection. Some claim that their legitimate interests override the consent of individuals. In addition, most websites don’t track if cookies are removed from the customers’ devices as stipulated on their website.
It’s interesting also to note that individuals think they are getting freemium services from these websites. What we need to know is that we pay with our privacy when we use sites for free.
Research shows that some third-party advertising companies place cookies on visitors’ websites immediately after the page opens. That means, if you open xyz.com’s website, for instance, they put a cookie on your website without consent.
There is a thin line between consent and management. Most companies rely on consent management tools. Some of these tools allow companies to collect and handle user consent, display consent banners and pop-up to users, prevent tags from running before obtaining legal consent, and manage data subject requests. However, they don’t do enough when it comes to tracking third party companies.
Consent management is a tricky and sometimes complex place in data protection. It needs an extensive analysis and technical approach in management. For example, there is a requirement for companies to maintain “affirmative actions of data subjects”. How can companies record this, keep it and also ensure they seek further consent? Most companies would turn to consent management tools. That’s not enough. There need to be other steps to put into consideration.
Consent management, as technology expands, will continue to evolve. Companies must pay critical attention to this area. There is no complete data protection framework without a robust consent framework.