Consent is typically considered in two components: consent for data collection and processing, and consent for marketing and communication. Regulations covering these two types of consent vary by jurisdiction... and constantly evolve. To stay prepared, adopt a privacy-first approach to consent that gives users control over what data is collected, how that data is used, and whether it is sold or shared.
Use this checklist to evaluate your current processes against the consent management best practices.
Consent Management Basics
When you consider your consent processes, do users have control over what data your app collects from them and how that data is used?
Giving users control over their data is foundational to a privacy-first approach, which will help you stay compliant with ever-evolving data privacy laws. Review your processes for opportunities to grant users more control.
Does your system allow you to opt users in OR out by default?
To respect user privacy rights without being too intrusive, search for a system that allows you to opt users in OR out by default.
Do you store a record of your users' consent?
Storing a record of user consent will prepare you for future audits. Search for a low-cost storage solution and implement a tamper-proof system of record.
Consent for Data Collection & Processing
Do you have a stated purpose for every type of user data you collect?
Leading data privacy laws generally consider the purposes for which users grant consent, not just the method by which you collect it. Review your data collection and use, communication, and marketing practices to confirm you have a valid business case for each type of data you collect.
If you, and/or your users, fall under a jurisdiction that requires affirmative consent or an explicit opt-in, do you collect a consent signal before tracking the user?
For a true opt-in experience, you need to halt all data collection until you have affirmative consent. Make sure your system does not load tags or cookies until you collect express consent from your users.
Consent for Marketing
Do you collect explicit, opt-in consent at the point of lead capture?
As a best practice, provide an upfront disclosure that clearly asks the user if they would like to be marketed to by each particular channel.
Do your users have the ability to opt out of marketing entirely?
Minimally, your product should allow users to opt out of marketing entirely. Prioritize this functionality as soon as possible.
Do your users have the ability to opt out of each topic or channel, including third-party channels?
As a first step, evaluate your system and processes, and make a list of all marketing channels. Then, determine the technical requirements for enabling users to opt out on a case-by-case basis.
Do you offer a separate, unified marketing preferences center where users can manage their consent preferences in a single location?
This is the ideal consent management solution that will help reduce friction and build user trust. Audit your platform to identify where users opt out currently, and make a plan to consolidate those options into a single landing page.
Scaling Consent Management
Does your consent management platform allow users to opt out after previously providing consent?
Your system should allow users to opt out of anything they previously consented to at any time. Audit your product, service, and/or site to determine how difficult it is for a user to opt back out, and then make a plan to enable that functionality.
Does your system include orchestration that sends opt-out signals across all of the apps and systems your organization uses?
Users' consent preferences must be respected across the various systems and partners you integrate with. If you are preparing to scale consent management, prioritize signal orchestration.
Does your consent orchestration tool have identity resolution to translate signals across various systems and apps?
To be effective, your consent orchestration must be able to determine how each particular user is identified across your various third-party systems. Prioritize this capability when searching for an orchestration tool.
If you default to opt-in consent, does your consent orchestration control other apps' and tools' ability to collect data at the point of user interaction?
For a true opt-in experience, you must halt all data collection until you receive affirmative consent, which often means holding off on loading tags and cookies. Ensure your orchestration tool can enforce this across your various integrations.
Next Steps
Evaluate the checklist and and take note of the questions you answered “no” to. Review the guidance, identify the necessary stakeholder(s), and work together to make a plan to address gaps or optimize your processes.
For more on this topic, take the Course:
1 Course
The Art of Consent
This course walks you through how to respect a consumer’s decision to consent – or not consent – to providing you with their personal information.
