As we approach the end of 2021, what has become clear is that customers want to have full transparency over their personal data. That means they want to have the ability to know where their data is going, know who and what is using their data, and better understand how their data is being used, stored, or distributed.
On top of that, companies want to ensure that if customers don’t want any personal information collected, those wishes will be respected and the customer has the best experience possible.
The problem that organizations face is finding a way to make sure customers’ consent is being met both prior to the customer making their decision and after the user has shared their consent level.
One action that is helping teams ensure compliance is investing in a consent management platform (CMP), but I would argue that there are specific items where a CMP needs a second set of eyes.
In this article, I will explain why organizations should consider utilizing both a CMP and a tag auditing/monitoring platform in tandem.
What’s The Difference?
Let’s start off by distinguishing the differences between a CMP and a tag monitoring platform. For simplicity’s sake, I will use two specific examples: OneTrust as one of the leading global CMPs and Tag Inspector as one of the leading global tag monitoring platforms.
A CMP is utilized to meet privacy regulations (i.e. California Consumer Privacy Act (CCPA), General Data Protection Regulation, etc.) by automating the process of obtaining a user’s consent for collecting his or her data through cookies during his or her visit. In other words, OneTrust runs a scan of the site to look for cookies being placed. It then leverages those results so it can dynamically display those cookie names in the company’s cookie notice, which OneTrust should also be handling.
A tag auditing/monitoring platform is utilized to gain visibility of all tagging behavior across your different properties. In this case, Tag Inspector runs a scan of the site to look at what marketing tags and cookies are loading. Users can then look at the results to understand what data is being collected by said tags/cookies, as well as how those tags are firing and cookies being set.
Limitations of Both Platforms
While both platforms are wonderful in the ways they operate, they do come with some constraints as well. Let’s start with tag auditing/monitoring platforms.
Tag Inspector has the ability to give you full transparency of all tags and cookies loading across your website(s) and what data they’re collecting, as well as send email alerts if specific criteria aren’t being met.
Where these types of platforms lack strength is providing any recommendations on what changes should be made, or applying any results to your banner notices on your websites. Tag auditing/monitoring platforms serve more as a watchful eye rather than a one-stop solution; it’s up to the teams that use the platform to take action on what is found.
OneTrust provides value by allowing teams to collect and handle user consent, as well as prevent tags from running and cookies from being set before you obtain legal consent. Where these types of platforms lack strength is collecting granular information on the marketing tags; CMPs typically focus on the cookies loading on the websites.
Some CMPs like OneTrust can report on tags, but they look at the type of tag and the script counts. They don’t classify what parameters are being collected by the tags, nor do they show what pages they’re specifically loading on and missing from.
On top of that, CMPs won’t alert you if a new tag is found loading on your website or where it came from (i.e. was it loading through a tag management system or piggybacking off another marketing tag?). This is imperative to know, as legislations like CCPA don’t focus solely on cookies but on all tagging behavior and ways data is collected on your websites.
Why Run Both in Tandem?
As you saw from above, both CMPs and tag auditing/monitoring platforms play a critical role in ensuring users get the best online experience, but in different ways. By using both simultaneously, you can then get the best of both platforms to create one unified approach to monitoring consent.
A great starting point would be to run a scan with Tag Inspector (or your tag auditing/monitoring platform) to see how every marketing tag is loading, which parameters are being collected, and what cookies are being set. You can use these findings as a benchmark to understand what can stay, what needs to be removed, and how these tags and cookies translate over to your governance policies.
From there, you can make the necessary updates to OneTrust (or your CMP) to reflect said changes from your findings. Along with the reflected updates in OneTrust, you can continue to utilize Tag Inspector to monitor your site to see any changes that occur and be alerted about it (e.g. were there any new tags found loading on the site and setting cookies?)
Having the ability to continuously monitor will lead to:
- Teams noticing prohibited outliers or platforms that need to be removed based on their policy guidelines.
- Teams noticing new approved platforms that need to be added to their policies and CMP.
Some tag auditing/monitoring platforms like Tag Inspector even have the ability to simulate users who gave or did not give approval to their CMP, such as OneTrust, and show the results of what fired based on those conditions. This serves as yet another measure of ensuring that users get the most out of their visit to your digital properties.
