The 3 Biggest Weaknesses of Consent Management Platforms

June 30, 2021 Dylan Sellers

Consent Management Platforms (CMP) are software solutions that enable you to display cookie banners on your digital property, collect and manage user consent, and ensure the right tags are fired according to visitor consent preferences. Understandably, in today’s landscape of ever-increasing data privacy regulations, investing in a CMP is a no-brainer. The question is, how do you verify that your CMP is working as expected and not putting you and your company at risk?

When an auditing or enforcing entity is examining your company’s digital properties, they won’t care if you have a CMP or not. They will care about the end result, which is your ability to either comply or not. The onus is on your company to make sure that your CMP investment is actually functioning properly. 

As with any technology, it would be a mistake to assume that there won’t be issues interfering with the CMP’s performance, whether caused by human error, natural entropy in your implementation, or other unseen factors.

 

CMPs + TMSs

The top three weaknesses of CMPs that you should look out for, however, are all related to their reliance on integrating with your Tag Management System (TMS). So even if you’ve categorized your cookies and configured everything in your CMP correctly, it doesn’t necessarily mean that it’s saving your bacon.

Consent Management Platforms rely on Tag Management Systems to actually drop cookies or fire tags. If you’ve worked with a TMS, you might be familiar with some known issues that have been around for years. Your CMP inherits these weaknesses and is therefore susceptible to risks associated with significant blind spots.

Let’s take a look at those 3 Biggest Weaknesses now.

 

1. Flawed Integration with TMS 

Timing and syncing issues have been endemic to tag implementations in general and Tag Management Systems, like Google Tag Manager or Adobe Launch, for a while. Timing issues can happen for a number of reasons such as a user leaving before a tag finishes executing, tags loading too late, or asynchronous JavaScript firing in an unintended order. So how does this affect your CMP implementation? In the worst case, cookies can be dropped before the visitor has made a choice about their consent preference, which is the exact opposite of what your CMP should be doing.

Waterfall report of network request timing on the page.

 

2. Piggybacking Tags

Piggybacking tags are tags loaded via other tags. These tags are crashing your party. They were not invited intentionally by an analyst; they heard from a friend of a friend and hitched a ride with other tags. When the TMS loses control of the invite list, so does your CMP. The CMP is therefore unaware of third-party tags that it should be monitoring and blocking based on the user's choices. You should watch out for piggybacking tags because they can pass data to unapproved third parties and add delays to your page load time.

The results of ObservePoint’s Privacy Tags report showing 500 pages with an unapproved Google Universal Analytics tag account in contrast to an approved, internal account.

 

3. Hard-coded Tags 

These tags are usually legacy tags, not managed through your TMS. They can also come from embedded widgets, images, and tools iframed into your website. By definition, your TMS can’t see these, so neither can your CMP, which means they can’t address these tags properly for compliance either.

Five hard-coded tags loading outside of the TMS, as shown using ObservePoint’s Tag Initiator report. 

 

Conclusion

Now that you know the top 3 weaknesses of CMPs to look out for, what can you do about it? 

Automated data governance software, like ObservePoint’s Privacy Compliance solution, can show you the reality of what’s happening on your site.

Privacy Compliance can provide an inventory of all tags, whether in or outside of your TMS, and show their relationship to each other. This gives you context for every tag and helps you take action before it’s too late.

Privacy Compliance can also navigate your site simulating users with different consent preferences to make sure that your CMP is firing the right tags and dropping the appropriate cookies.

Click if you want to learn more about Privacy Compliance or have a representative contact you by filling out this form!

 

About the Author

Dylan Sellers

As a Customer Solutions Engineer for ObservePoint, Dylan builds custom solutions to meet client’s data collection and reporting needs while also working as an internal technical implementation specialist. Before his current role, he was head of UX Research, Customer Education, and a Customer Success Manager. His background is in Product & Project Management with a Bachelor’s in Electrical Engineering.

More Content by Dylan Sellers
Previous Article
7 Steps to Create an Adobe Analytics Solution Design Reference (SDR)
7 Steps to Create an Adobe Analytics Solution Design Reference (SDR)

This article walks through the steps of how to create an Adobe Analytics Solution Design Reference for a mo...

Next Article
How to Improve Site and Data Health with Quadratic & ObservePoint
How to Improve Site and Data Health with Quadratic & ObservePoint

Ensuring quality data doesn't have to be an overwhelming task. Learn how you can improve your site and data...

Get a Custom Pre-Recorded Audit

REQUEST YOUR AUDIT