Consent Management Platforms (CMP) are software solutions that enable you to display cookie banners on your digital property, collect and manage user consent, and ensure the right tags are fired according to visitor consent preferences. Understandably, in today’s landscape of ever-increasing data privacy regulations, investing in a CMP is a no-brainer. The question is, how do you verify that your CMP is working as expected and not putting you and your company at risk?
When an auditing or enforcing entity is examining your company’s digital properties, they won’t care if you have a CMP or not. They will care about the end result, which is your ability to either comply or not. The onus is on your company to make sure that your CMP investment is actually functioning properly.
As with any technology, it would be a mistake to assume that there won’t be issues interfering with the CMP’s performance, whether caused by human error, natural entropy in your implementation, or other unseen factors.
CMPs + TMSs
The top three weaknesses of CMPs that you should look out for, however, are all related to their reliance on integrating with your Tag Management System (TMS). So even if you’ve categorized your cookies and configured everything in your CMP correctly, it doesn’t necessarily mean that it’s saving your bacon.
Consent Management Platforms rely on Tag Management Systems to actually drop cookies or fire tags. If you’ve worked with a TMS, you might be familiar with some known issues that have been around for years. Your CMP inherits these weaknesses and is therefore susceptible to risks associated with significant blind spots.
Let’s take a look at those 3 Biggest Weaknesses now.
1. Flawed Integration with TMS
Waterfall report of network request timing on the page.
2. Piggybacking Tags
Piggybacking tags are tags loaded via other tags. These tags are crashing your party. They were not invited intentionally by an analyst; they heard from a friend of a friend and hitched a ride with other tags. When the TMS loses control of the invite list, so does your CMP. The CMP is therefore unaware of third-party tags that it should be monitoring and blocking based on the user's choices. You should watch out for piggybacking tags because they can pass data to unapproved third parties and add delays to your page load time.
The results of ObservePoint’s Privacy Tags report showing 500 pages with an unapproved Google Universal Analytics tag account in contrast to an approved, internal account.
3. Hard-coded Tags
These tags are usually legacy tags, not managed through your TMS. They can also come from embedded widgets, images, and tools iframed into your website. By definition, your TMS can’t see these, so neither can your CMP, which means they can’t address these tags properly for compliance either.
Five hard-coded tags loading outside of the TMS, as shown using ObservePoint’s Tag Initiator report.
Now that you know the top 3 weaknesses of CMPs to look out for, what can you do about it?
Automated data governance software, like ObservePoint’s Privacy Compliance solution, can show you the reality of what’s happening on your site.
Privacy Compliance can provide an inventory of all tags, whether in or outside of your TMS, and show their relationship to each other. This gives you context for every tag and helps you take action before it’s too late.
Privacy Compliance can also navigate your site simulating users with different consent preferences to make sure that your CMP is firing the right tags and dropping the appropriate cookies.
Click if you want to learn more about Privacy Compliance or have a representative contact you by filling out this form!
About the AuthorMore Content by Dylan Sellers