As discussed in the previous edition of KC Navigator, data is the lifeblood of the modern enterprise. However, that data needs to be well managed to deliver value to the business, and at the same time to ensure compliance with local and international data privacy regulations. This not only means providing adequate protection for personal data, but also means ensuring that you have obtained the necessary consent to use that data in the ways you are using it.
Privacy and Consent Management software tools have emerged to help modern enterprises cope with these challenges. These solutions are designed to help businesses further their commercial interests, while ensuring all personal data is adequately protected and customers are provided with the necessary privacy choices.
Privacy and Consent Management is a dynamic and competitive space where solutions continue to evolve to meet changing requirements, so it is not only important for organizations to keep up with those changing requirements, but they also have to continually check that those requirements are being met. While handling privacy will remain an important use case for organizations, vendors may be able to address more widespread needs in the organization, such as data governance. Choosing the right Privacy and Consent Management solution is therefore important, but it can be challenging.
Although most solutions handle incoming signals from user consent, cookies and trackers, and self-service privacy, other vendors are taking a data-centric approach to provide for internal management of data, including discovery and mapping of sensitive data, documenting the compliance steps taken, and automating privacy processes. The capabilities provided, as well as the approaches to delivering a Privacy and Consent Management solution, are varied.
Some vendors believe Consumer Identity and Access Management (CIAM) and identity solutions are best situated to provide management and protection of private information, some believe data is the foundation of privacy and take a strong data governance stance, some think that the current model for cookies and analytics is too extractive and are designing privacy-centered alternatives to the existing analytics and tag managers, and others present Privacy and Consent Management as compliance combined with marketing.
The best way to approach choosing the vendor that best meets your needs is to identify your top use cases, what functionality best supports those use cases, and then which solutions provide most or all of that functionality.
Ultimately, you are looking for the solutions that provide the means for your enterprise to assess your privacy compliance, take meaningful action to increase the data privacy protections afforded to end users, and balance the needs of compliance with the needs of the marketing department to understand who their customers are and what they want.
Data discovery capabilities support designing a well-informed privacy initiative, with better insight into what type of information is collected, how it is legitimately used or proliferated through the organization and up/downstream, manage data breaches quickly, and fulfill Data Subject Rights requests efficiently. What remains to be seen, is if Privacy and Consent Management can move beyond automation for compliance's sake to more transparent relationships.
— Anne Bailey, Senior Analyst, KuppingerCole
Because we understand the importance of privacy and consent management, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.
The best way to orientate yourself to the available tools for effective privacy and consent management, is to start in by looking at the recently published Leadership Compass on Privacy and Consent Management and the newly published Buyer’s Compass on the same topic, which identifies the most important capabilities, major use cases, and other criteria that can help select the vendor that best meets your needs.
Compiling customer profiles has long been a standard practice to deliver personalized services, but data collection is a thorny issue. For a focus on technologies that support in the world of Consumer Identity and Access Management (CIAM), have a look at this Leadership Compass on CIAM Platforms.
APIs are enabling organizations to create new business models, connect with partners and customers while providing a seamless experience by linking systems and services together. To find out how APIs are related to privacy and consent, have a look at these Leadership Compasses on Identity API Platforms and API Management and Security.
Two key privacy-related regulations are the EU’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). For more information on privacy and consent management in the context of these two pieces of legislation, have a look at these Leadership Briefs on Marketing Chatbots and GDPR and Six Key Actions to Prepare for CCPA.
The Internet of Things (IoT) is an IT megatrend. Apart from offering new possibilities and experiences to its users, IoT is highly interesting for marketers as it offers new ways to communicate with consumers and customers, but once again, privacy and consent management are key. For more on this topic, have a look at this Leadership Brief on Marketing, IoT, and Privacy.
Organizations interested in consent and privacy requirements under the GDPR, should have a look at this Advisory Note, which provides a Maturity Level Matrix for GDPR Readiness, while this Advisory note covers Dealing with privacy risks in mobile environments, and this Advisory not looks at Life Management Platforms: Control and Privacy for Personal Data.
If you would prefer to listen to what our analysts have to say about privacy and consent management, listen to these Analyst Chats on Privacy and Consent Management, on Consent management Done Right, on FloC and the Death of the 3rd Party Cookie, onAdTech and Future Alternatives to 3rd Party Cookies, and on Innovation in CIAM.
This interview on Privacy & Consent Management with Ian Evans, Managing Director at OneTrust looks at a range of topics, including how to ensure personal data is used appropriately, how to identify tracking technologies on a website, how to keep up with global privacy regulations, the role of attributes in privacy solutions, the use of AI in Privacy and Consent Management tools, and other key questions.
For some perspectives from industry leaders who have spoken at past KuppingerCole events, choose from the following list of presentations:
- From a Business Centric Consent Management Paradigm to a User Centric One
- From Dumb Cookies to Informed Consent: Privacy-by-design as a Strategic Requirement
- Digital Identity for the Internet of Things: Security, Privacy and Consent Challenges
Our analysts have written a number of blogs about the topics of privacy and consent. Have a look at the following list and choose those most appropriate to your needs.
- Privacy Seekers Are Really Looking for Life Management Platforms
- Building Trust by Design
- Data Privacy & CX
- The Importance of Consent Management: CIAM vs. GDPR
- Privacy Issues in Mobile Security
- Consent – Context – Consequence
- EU Privacy Direction
- Follow-Up on “Managing the User's Consent Life Cycle: Challenges, GDPR Compliance and (Business) Rewards”
For a discussion on how to manage consumer requests effectively, document processing activities and data transfers, and stay on top of a rapidly evolving regulatory landscape, have a look at this webinar entitled: Privacy Compliance That Empowers Instead of Hinders.
As the number of online and mobile transactions increases, businesses, government agencies, and other organizations are actively searching for solutions to help them minimize fraud and other kinds of cybercrime. To find out more about tackling these challenges, have a look at this webinar entitled: Techniques for Securing Transactions With Identity Verification and Verifiable Claims.
Digital Transformation is all about enabling everyone and everything to connect seamlessly to new digital services to facilitate value exchange while still ensuring regulatory compliance, faster product innovation, secure remote working capabilities, and multi-channel consumer access despite ever-tightening budgets. For more on this topic, have a look at this webinar on Seamless Connectivity: Why You Need It and How to Get It Right.
And for more on consent management, have a look at this webinar on How to Handle Consent to Be Compliant With the GDPR and the ePrivacy Regulation.
For in depth discussions on some topics related to privacy and consent management, have a look at the following list of Whitepapers and choose those that are most relevant to your business:
- Serving the Customer in the Digital Age
- Technical Approaches to Consent Management and Dynamic Access Management: Ping Identity
- Radiant Logic and the Identity Integration Imperative
- Whitepaper: California Consumer Privacy Act: The Need for Data-Centric Security
- The Effect of GDPR on Customer Relations
Organizations investing in technologies to support privacy and consent management capabilities, can have a look at some of the related technology solutions that we have evaluated:
- OneWelcome Customer Identity and B2B identity
- WSO2 Asgardeo
- Strivacity Fusion
- IBM Security Verify for CIAM
- iWelcome IDaaS and CIAM
- NRI Secure Technologies: Uni-ID Libra 2.4
- Synacor Cloud ID
- Informatica Data Privacy Management
- Callsign Intelligence Driven Authentication
- WidasConcepts cidaas
- Sphere Identity Platform