Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm an analyst and advisor at KuppingerCole analysts. And my guest today is Annie Bailey. She is an analyst covering emerging technologies here at KuppingerCole. Hi, Annie.
Hi Matthias. Thanks for having me back.
Have you again, and I'm really looking forward to this episode and we will be talking about a topic that is actually something that we had to deal with many times before because of regulations, because of, especially of course the GDPR, we want to talk about privacy and content management, and I think we all know the back story with privacy and content management, or do we,
Yeah, I think we all do have a pretty good idea either personally, as individuals or from our corporate sites. We know how this impacts us as a company, but also as individuals. So most companies of course have an online presence now, and they're always trying to understand who their end users are, who they are and what they want in order to provide a better service. And so this idea is not new at all. And in efforts to do this better things like cookies, tags, other technologies have been used on websites to gather user information. And only until very recently, any participation that an end user has on a website, this is taken as an implicit consent that their information will be used. And this was simply because there wasn't a requirement to communicate with the end user, what information was being used for what purpose. It just simply wasn't required. This has renewal has changed. The, the huge public outcry for more privacy is of course, result of end things like the GDPR in the EU, the CCPA in the U S and then countless other privacy regulations across the globe. So we're looking at something, what we've defined this, this area as being privacy and consent management. This also isn't new, these solutions have existed before to do PR, but these sorts of regulations have made this market segment grow exponentially.
Okay. And if we look at these products, so we are talking about a market segment, I think they provide varying functionalities in different aspects. As you mentioned, managing different aspects of, of the privacy and of managing given consent. What are those specific functionalities?
Yeah, absolutely. So the ones that usually come to mind first are things like cookie management. So it's banner that pops up, but when you, as an end user first visit a website and you have to agree or decline to use certain cookies on that site. And so there are different requirements with that banner, or pop-up has to fulfill depending on the jurisdiction of the company, but also the jurisdiction where the end user is located. So this means it's always going to look different where you are in which regulation is being applied. So for the GDPR, the requirements that a banner would have to fulfill is to provide the legal basis for processing the data. And this has to be specified. And what's interesting is consent is only one of the six legal basis for processing data. So this has to be collected in an unambiguous and specific manner.
Some more challenging things than simply collecting consent is actually communicating those decisions from the end user to the correct department within your organization, to make sure that decision is applied correctly and respected, but also outside of the organizations to multiple other players in this digital advertising ecosystem. So this sort of capability we can see coming up in emerging standards, coming from something called the IAB Europe, and they have a transparency and consent framework often abbreviated to TC. And this standardizes how an end user can deliver their decision. It's called a signal and how this signal is then communicated to the correct cookie vendor or tracking technology, whoever is active on that site and needs that information. And then to ensure that that information is then enforced that that end user consent decision is respected.
I think an important aspect to look at is I think that data subject access, right? So though, if I sent the request to one of the partners I'm dealing with as a customer, they are required to provide me the information that they store about me. Is this also part of this section?
Yes, absolutely. So the capabilities we were talking about before deal with the larger ecosystem of making sure that kind of each party in this long chain of digital advertising has the correct information is actually respecting that information, but there's a course so much more that goes into protecting privacy and also remaining compliant with these regulations. So having functionalities like offering support for data, subject access rights, having these workflows even automated really, really helps an organization to protect and make sure and users can use their rights and exercise their rights. Some other interesting ones are of course having processes for mandatory breach reporting and also data protection impact assessments, which have to be done regularly.
Okay. Any, any other interesting functionalities that we might not think of immediately when looking at this market segment?
Yeah. So instead of just focusing on functionalities that are strictly required for compliance, it's interesting to take a look at what could support having a privacy centric relationship with end users and being able to protect that. And so some functionalities that we identified, there are things like data inventory and mapping capabilities, so that companies and organizations can really understand what types of data they hold and how they need to protect that, and also where it's flowing to and make sure that they have they're working well with adequacy rights and things like that. Something else, which is interesting is that having tools to measure your compliance progress is a really big plus here because I can help highlight any gaps in compliance that an organization currently faces, or if regulation is updated, then you can quickly know how that affects your data processing workflows and how those need to be changed in order to remain compliant.
Okay. But measuring things, measuring and improving internal processes, that sounds very much like analytics. What usually the vendors of CIM consumer identity and access management solutions would think of, is there a crossover, there is something which is connected or at least functional
Actually yes, a lot more than you would think. And this comes from a couple different angles. So first is that a lot of the vendors who are active in this space and providing privacy and consent management solutions have a background in analytics. And so they've been able to find value in bringing those capabilities to their privacy solutions and looking at it from another angle is that companies have multiple needs when we're talking about privacy so that they of course have to be compliant with regulations, but many also depend on personalized advertising as a key part of their business models, especially publishers things like streaming sites. And so they have to create a positive relationship with their end users so that they often, and they can maintain that revenue stream in a compliant manner and where end users feel respected and are respected. And so privacy solutions that combine analytics features and things like AB testing allows companies to see what types of consent experiences and users actually engage with and what generates the most opt in and consent. And so bringing in the analytics part to privacy is one way to create alignment between the needs of the legal departments who need compliance. And also those of the marketing departments who need to create this relationship with end users. And this is one of the biggest themes in privacy and consent management solutions that we seen recently, right?
But it's still a very versatile market segment with different solutions provided. You said you looked at that market segment and wrote some research on that. Is this already available? At least you make me interested. And if the audience is also interested in learning more, is there more to read?
Absolutely. So this is a really dynamic space and there's a lot of different types of solutions there. Some which offer pretty narrow solutions, the best in breed for this cookie management, things like that. And then there are others which take a much wider look at what does it mean to take care of privacy in general? So you could read about that in a couple of different documents. We have a leadership compass, which compares a lot of the main vendors in this space and really shows what they're best at. And then also a buyer's compass, which takes a closer look at some of these core functionalities.
Anybody of the audience is interested in learning more, there is material to read and to find it our website KuppingerCole dot com. And I assume if they have specific questions, they can also get in touch with you and just ask them.
Yeah, absolutely. I'm always here.
Okay, great. So thank you very much, Annie, for, for providing that quick market overview about this interesting market of privacy and concept management tools. Any final words you want to add here?
Yeah. Another big takeaway here is that privacy is much more than simply fulfilling requirements or looking to where you just need to check a box it's at a deeper level. So really try and understand what privacy means in the context of your organizations. And then look at what processes would need to change in order to protect that. And so solutions which can help identify those sorts of processes and really come in at a privacy by design level are going to be really useful here. So keep that in mind as you go along your privacy journey,
Right? So if the, with privacy is not within the DNA of all the processes that you are implementing for dealing with your customers, buying such a tool will not help at all. I think that sums it up a bit. So it's really not something that, that you add to your, to your it department. This is something that you have to build into your processes. So again, thank you very much, Annie, for, for being here today for supporting me in this episode of our podcast. I'm looking forward to having you back again in an upcoming episode. Thank you very much.
Bye .
