Case Study: A Customer-centric Approach to Consent Management
‘When SiteVisibility proposed to research and guide our development team to implement a solution for obtaining cookie consent we gladly took them up on it. While maintaining a strong customer focus, SiteVisibility can always be relied upon to be pragmatic in their approach and we are confident the solution provided is the best fit for our needs.’
Overview of our Partnership
Aura-Soma’s goal is for their wellness products to help every person fulfil their potential. It was this focus on wellbeing that fuelled their desire to put the decision about tracking their customers’ behaviour in the hands of their customers.
Our expertise was sought to identify and implement a Consent Management Platform (CMP) that mirrored Aura-Soma’s focus; used a future-proofed implementation to align with how privacy laws are evolving; and maintained data accuracy, which was of paramount importance to successful marketing.
Read on to find out exactly how helped Aura-Soma with their consent management, or get in touch here and find out how we can help you to ensure your data remains accurate and your customers have choice when it comes to consent.
Our Approach: Consent Framework & Consent Management Platform Implementation
Identifying the Right CMP: Cookiebot
After we identified Aura-Soma’s platform criteria, our CMP research found Cookiebot was most suitable because it met criteria like:
- Consent logs: This is a compliance requirement of all tools, but it keeps logs of consent that users have given for their data to be collected. Should a user ever ask about their data, the logs will provide the information
- Accessibility: Supports users using assistive software
- Multi-language consent banner: This was essential because Aura-Soma operates worldwide
- Geo-targeted consent management: The banner adapted to the regulations in the user’s location, e.g. the California Consumer Privacy Act (CCPA) when the user was in California
- Development aligned with compliance laws: Actively develops the product as compliance laws change and is one of the first to launch new features
- Scalability: Additional domains could be added to the Cookiebot plan, should the business expand
Outlining the Customer-centric Approach
We’ve all seen an increased customer-first approach to privacy laws as they’ve continued to evolve to focus on giving customers control over what data is/isn’t collected about them. Enabling cookies to be set and tools to work, only when a user gives their consent, is another step in this direction.
CMPs offer two options for configuring your site’s tools to adhere to users’ consent preferences, i.e. automatic/default mode and manual/custom mode. We use the latter because:
- It’s in line with how data collection laws are evolving, which helps future-proof the approach
- It puts the customer at the centre of what, how, and why their data is collected – we believe this is most important!
This takes a cookie-centric approach, which is severely flawed because it deletes the cookies, but sets them in the first place, which isn’t in accordance with privacy laws as we understand them.
It also makes data accuracy a lot worse because it creates a new user with each cookie, which causes:
- ‘Bounce rate’ to increase significantly because every page is a bounce
- ‘Pages per session’ to drop to 1
- ‘Avg. session duration’ to decrease
- Your landing page report to be skewed, e.g. second and third pages are listed as landing pages
A further reason to avoid this approach is that tools change their cookies (e.g. what information the tool collects), so you can’t easily track cookies and their changes.
This takes a customer-centric approach because it ensures technology respects users’ preferences. The compliance comes from the tool only setting a cookie when a user gives their consent, not that a cookie is set and then deleted (like in the cookie-first approach above).
Aura-Soma had a mix of hardcoded tracking and tags managed in Tag Manager, as well as a range of Google and non-Google tags. Therefore, we opted for a blended implementation that used:
- Hardcoded installation of the Cookiebot script
- Hardcoded script amendments
- Google’s consent mode
- Tag amendments
Hardcoded scripts for tools were amended to include the appropriate tool category, i.e. ‘necessary’, ‘preferences’, ‘statistics’ or ‘marketing’. This told Cookiebot which category each tool belonged to, which ensured a tool only fired when the user consented to the corresponding tool category.
Google’s ‘Consent Mode’ solution tells Google tags and scripts whether a user has given their consent to data being collected through cookies being set. If a user did not consent, the Google tags and scripts would not set cookies, but they’d still record the anonymised hit, e.g. an anonymous visit to your website. As stated by leading data industry expert Simo Ahava, ‘Most likely Google will at some point build actionable data out of the cookieless data set as well, perhaps after applying extensive modelling to make it align with the data that was collected with storage consent.’ So, we can expect ‘Consent Mode’ to evolve over time and provide additional, valuable data in the future, which is why it was chosen to be part of our solution.
Firing triggers in Tag Manager were configured for each tool category and the tags were then configured to use them. This meant all non-google tags adhered to users’ consent choices using Cookiebot’s hardcoded banner script and our categorisation of cookies. The hardcoded banner script ensured the banner was served to users upon page load, which allowed them to set their tool preferences, enabling the consented tags to fire.
Once implemented, our solution enabled Aura-Soma to have peace of mind that they now had:
- A future-proofed, customer-centric framework to consent management
- A CMP that allowed customers not be tracked, if that was their choice
- Maintained data accuracy
- A website that meets the compliance requirements of all countries, e.g. GDPR and CCPA
*Please note we are not legal experts and just as we advise all of our clients, you should seek the guidance of your legal team on how best to make your site compliant with the privacy laws of the countries you operate in.
What do you think of our results? If you want assurance that your site is respecting your customers’ choices and data accuracy is maintained, leave a message via the contact form below or call us on 01273 733433.