Consent Management Platforms (CMP) for Beginners 

Tobias Pennings
November 13, 2023
Overview
This is also a heading
This is a heading

In today's digital age with increasingly strict regulations around privacy (such as AVG) in Europe, managing cookies is a big challenge. Cookies are invaluable for collecting user data and personalizing online experiences, but they have also led to privacy and data protection concerns.

In this article, we dive deeper into the Cookie world and shed light on the role of Cookies in today's digital marketing and data protection strategies. Whether you are a marketer, a website owner or a privacy-conscious consumer, this article will give you insight into the role of Cookies and how Cookie Management Platforms can help balance personalization of online experiences with privacy.

What are Cookies?

Before we get into the use of Cookies Management Platform (CMP), let us explain to you what exactly Cookies are.

Cookies are pieces of code that are sent from a website you visit to your web browser. They are stored on your (mobile) browser (Chrome, Safari, Edge, etc) with which you visited the website. They serve various purposes, such as remembering information about your visit to a website. For example, cookies can contain information about which pages you visited, how long you stayed on a website, which products you placed in a shopping cart, or even your login information.

Cookies are pieces of code
Cookies are pieces of code that are forwarded from a website

This information is useful to both the website visitor and the website owner. For the visitor, cookies can improve the user experience, for example by keeping you logged in to a website or showing product recommendations based on your previous activities.

For website owners, cookies help them understand their visitors' behavior and can optimize their website to better meet their users' needs.

Different types of cookies

Not all cookies are the same. Some cookies are automatically deleted as soon as you close the browser, while others remain on your device for an extended period of time. There are also third-party cookies, such as Meta or Google, which are used to track your online activities and tailor advertisements.

There are different types of cookies used on website. Each type of cookies has its own specific purposes. These are the most common cookies:

  • Session Cookies: These are temporary cookies that are automatically deleted when you close the browser. They are used to keep track of temporary information from the website visitor for that one session, for example items added to the shopping cart. When the session ends, these cookies are not stored.
  • Permanent cookies: These remain on your browser. Even after you close your web browser. Permanent Cookies do have an expiration date, after a certain period they are automatically deleted. These cookies are used to remember information for your next visit to the website, such as your login details or language settings.

Both types of cookies can be divided into different cookie categories:

  • Functional cookies: Functional cookies are designed to improve the visitor's user experience. For example, it stores what region you are visiting website from or what language you have set the website to.
  • Analytical cookies: These cookies are used to collect information from your website visitors. They give you as a website owner insight into the behavior of your visitors. Which pages did they visit? How long do they stay on the page? What do people click on?
  • Marketing and advertising cookies: These are used by advertisers (such as Meta and Google Ads) to track users and better tailor ads to customer needs. Information such as your interest and browsing habits are recorded in this process. These cookies allow advertisements to be more personalized, but now also cause anxiety around privacy.
  • Tracking cookies: This is a specific type of marketing cookie used to track users across different Web sites. They can be used for advertising purposes, but often have privacy implications and are affected by stricter regulations.
  • Third-party cookies: These are cookies set by third parties, such as advertising networks or social media platforms, and not directly by the website you visit. These cookies are often used for advertising and marketing purposes and may share information between different websites.

What is a Cookie Management Platform?

A Cookie Management Platform (CMP) is the software you use to manage and control the cookies on your website. A CMP is primarily intended to ensure that you, as a website owner, comply with privacy regulations. It is also intended to give website visitors transparency and choice when it comes to the use of cookies.

Examples of Cookie Detectors
With a Cookie Management Platform you ensure compliance with (online) privacy regulations

We list the most important features of a CMP for you:

  • Cookie management: Every website uses cookies; as a website owner, you are responsible for managing them. A CMP helps you identify, classify and manage the different types of cookies.
  • Permission management: A visitor to your website should always have the option to give permission for the use of cookies. Through a popup window on the website, visitors indicate their preferences for accepting different types of cookies.
  • Transparency: As a website owner, you are required to be transparent about the use of cookies. A CMP ensures that website visitors have easy access to this information. It states, for example, what types of cookies are used, what they are used for and which parties collect the data.
  • Comply with regulations: By using CMP in the right way, you comply with the most legal requirements regarding privacy. This way, you comply with all regulations and avoid any fines or legal problems.
  • Reporting: A CMP often also provides a report of cookie usage on your website. This can be valuable for internal monitoring (how often are your cookies accepted/not accepted?) and allows you to demonstrate compliance with legislation.

Managing cookies has become increasingly complex recently. Not only does it require technical knowledge to set everything up, it also involves legal considerations. That's why using a CMP is so important. With the right CMP, you make sure that you as a company can both technically and legally comply with all the rules around Cookie Management.

What is important when choosing a CMP?

The range of CMP systems on offer is enormous. To make sure you make the right choice, there are a number of points to consider.

  • User-friendly: Of course, the system must be user-friendly. Not only for yourself (easy to use and implement) but especially for your website visitors. They should be able to give or refuse permission easily.
  • Comply with laws and regulations: Always check that the CMP feels it complies with relevant and current privacy laws in Europe. Are you using American software? Then keep in mind that different rules apply in America! Avoid possible fines or legal problems.
  • Integration capabilities: Check out the integration options with other software tools and systems you already work with, such as your CRM system or e-commerce platform.
  • Support and updates: Always check if the software also offers good customer support. Should you run into any problems, it is nice if you are helped easily and quickly. In addition, it is also good to check for regular updates so that it always remains compliant with changes in privacy laws and regulations.
  • Cost: Everything costs money these days, even a good CMP often has costs associated with it. Compare the prices of different providers and always check if there are additional costs for additional functions or support, for example.

Some systems we recommend:

Cookiebot's cookie detector
Cookie code.co.uk cookie detector
Cookie notification from iubenda

Common mistakes when setting up CMP

As mentioned many times in this article, setting up a CMP is quite technical. Without the right knowledge, it can be very complex and mistakes are easily lurking. We list the most common mistakes for you.

  • Incomplete or unclear information for visitors: It is important that your information is complete and clearly understandable to your visitor. It should be clear which cookies your visitor is giving permission for and also what these cookies are used for.
  • Forcing your visitor to accept cookies: You often see with a Cookie Notifier that a visitor really has no choice but to accept the cookies. No option is offered to refuse. This is in violation of regulations.
  • Data consent and preferences not followed up: If a user does not consent to the use of cookies or adjusts his/her preferences, it should always be followed up on immediately. So beware of doing anything other than what you promise.
  • Ignoring Regulations: Please note that the laws and regulations governing the use of Cookies vary from country to country or region to region.

The above mistakes should be avoided at all costs. These mistakes can not only lead to legal problems (which is bad enough), but can also cause website visitors to have less confidence in your organization.

Google Consent Mode

By using Google Consent Mode, you can communicate the status of your users' consent to cookies to Google. Tags and the method of data collection of those tags are then adjusted based on the choice made by a user.

Activation mode works in conjunction with your Consent Management Platform. This mode receives users' consent decisions via the cookie notification or widget and dynamically adjusts the behavior of Analytics, Ads and external tags that create or read cookies.

If visitors decide not to consent, it will be sent to Google via Google Consent Mode instead of storing cookies. If you use Google Analytics 4, Google will complete the missing data with conversion modeling and behavioral modeling.

Thus, if the user does not consent to the processing of their data for Google Analytics, thanks to Consent Mode in Google Analytics, a random fake user ID is generated before data is collected, which is not stored as a cookie. This identifier is renewed each time the page is reloaded.

This means that each page view is attributed to a new user ID and a new session, making users, sessions and page views completely independent. Additional events besides page views are identified with the same identifier as that of the page on which they occurred.

This way you can continue to collect valuable performance data unabated, while still respecting each user's privacy preferences. The disadvantage of applying the Google Consent Mode is that the visitors who refuse cookies are excluded from processes that use cookies and process personal data such as saving your shopping cart or staying logged into a website. But the advantage of using Consent Mode is for those users who don't want to be tracked. With it, you give those users peace of mind that they can be safe on your site.

CMP combined with Server-side Tagging

Server-side tagging is an advanced approach to Web site tracking and analytics. Normally, websites place third-party pixels (pieces of code) that allow visitors' browsers to collect and transmit data. With server-side tagging, the measurement of visitor data is done through a server of the website itself, thus keeping the website owner in control to choose which platforms to send that stored data to.

With server-side tagging, visitor data is measured through a server, leaving the website owner in control of choosing which platforms to send that stored data to.

Benefits of Server Side Tagging in combination with CMP

Through Server side Tagging, you have control over what data you forward. For example, if you load a Meta Pixel, then Meta itself can determine which data is forwarded and there is little chance that you are AVG compliant. If you load your own pixel (which is connected to your own server) then you can control from the server how you forward this data to Meta so that you are compliant.

How do you set up Server Side Tagging with your CMP?

Setting up the CMP in combination with Serverside Tagging is basically the same. You ask the visitor what they are consenting to and you make sure you are going to process the consent data through your own server.

Conclusion

By now, the importance of a good CMP system is hopefully clear to you. As an (online) entrepreneur, you don't want to risk legal or even financial consequences. Make sure you read up on the various options and possibilities.

Does all the technology involved make you feel too dizzy? Then enlist the help of an expert!