Technical Approaches to Consent Management and Dynamic Access Management: Ping Identity
Privacy regulations are changing the way organizations handle personal information. GDPR was not the first and will not be the last to require data handlers to collect consent from users. Many Consumer Identity platforms have added in consent management features, and specialty Privacy and Consent Management solutions are available to address these evolving business scenarios. In this report, we’ll look at several approaches.
Commissioned by Ping Identity
The need to acquire consent from users for the use of their personal information has grown in recent years due to the passage of privacy regulations in various regions around the world. The privacy regulations themselves are a result of the widespread use, and in many cases unauthorized use, of personal information by commercial, non-commercial, and even government entities.
Doing business online almost always requires that individuals give up some amount of personal information. Online retailers, service providers, and government agencies generally encourage consumers, customers, and citizens to create accounts to facilitate persistent user experiences and personalization. These amenities are useful and timesaving but are also viewed by marketers as valuable sources of information that can be used for increasing sales and revenue.
Most site operators publish frequently changing “terms of service” written in convoluted legalese that users simply click through to get what they want. Buried in these agreements are phrases stating that by using this service a user agrees that the service provider can collect the user’s personal information and do with it whatever the service provider or its associates and partners want. Consequently, much of the data collected about service and site users has been and is used for purposes other than personalization. Moreover, personal information may be sold to and used by organizations other than those which collected it originally.
Thus, some governments have enacted digital privacy regulations intended to give more control over personal information back to consumers, customers, and citizens. The EU’s General Data Protection Regulation (GDPR) is probably the best known since it went into effect in 2018. However, several countries and even some US states have legislated new privacy laws into effect. Changes to current laws and additional laws in other countries and states are likely to appear in the years ahead.
Consumer Identity and Access Management (CIAM) solutions generally allow their customers to not only provide digital identities for consumers, but also collect and track consent actions. Consent management platforms have arisen in the last few years to specialize in just the privacy and consent management portion of CIAM and extending it for handling use cases other than purely for consumers. The abilities of CIAM and consent management solutions can vary widely between vendors. For more information, see our Leadership Compass on CIAM Platforms and Leadership Compass on Privacy and Consent Management Platforms.
Ping Identity offers a suite of products and cloud-delivered services that can help organizations meet the regulatory challenges across various jurisdictions. Ping Identity is a leading vendor in several aspects of the IAM and Consumer IAM markets. As part of their CIAM offerings, Ping has developed fine-grained consent collection and management capabilities that specifically address regulatory requirements in the privacy domain. Their solution provides the ability for customers to extend privacy management dashboards to their consumers and granularly track relevant consent actions.
Ping Identity solutions contain a mix of IAM/CIAM and data security functions, including modern Multi-Factor Authentication (MFA), fine-grained authorization, directory services, data access governance, and API security. Each of these components can be instrumental in building a CIAM and consent management platform that supports diverse regulatory compliance.
Given the accelerating shift to the cloud, many organizations are searching for consent management solutions which are available as SaaS, but which can integrate with other enterprise services and infrastructure. Ping Identity solutions can be consumed as SaaS or run in public or hybrid IaaS environments.