When it comes to data privacy and consent orchestration, companies need to not only govern and automate the collection of their data but also create secure and data-driven experiences. This means brands need an automated system to act as the governing software tasked with the collection and downstream delivery of consented consumer data. In our latest Tealium’s Take, we sat down with industry experts (Caleb, Sarah, Timothy, and Sav) to talk about consent orchestration, data privacy, compliance, and more.
When it comes to consent, it’s so easy to forget it’s not just about the CMP, data deletion, consent collection, or the “accept all” box that we all get. It’s about the whole cycle of consent. What do you think is Tealium’s role in consent orchestration?
Caleb: I like to slice it… Instead of what features Tealium offers, I think of it like, “What do our customers need from us?”
I think you can put customers in a few groups.
- Using full-featured CMP – You can say, “Some people want to buy an all-encompassing CMP that helps them with every regulation at the push of a button.” They want us to help them enforce that signal.
- Building their own consent manager – A customer also wants to build their own thing from the top down because they have enough resources and are picky about how things look and how they work. In that case, they need us to enforce the thing. So for those cases, we’re doing Consent Integrations, the feature that helps those groups.
- Using consent built into the tag manager – Then, there are a couple of other people who want to build it in the tag manager… They’re not necessarily going to build something and have it be a version of a CMP. We support them as well and we’ll continue to help them. I think the solution that we offer that group is going to change in the next year for sure, but we’ll continue to support them.
- Using a basic cookie banner – There is a group of people who come in and they say “Hey I don’t have a lot of resources. I just need consent enforcement and I need a little cookie banner.” And we can help them to get something going. I think that we’ve been doing this for years since GDPR hit in Europe (see our blog, Demystifying Data Privacy).
I think that really what customers need from us, in the end, is enforcement. They want us to be that centralized enforcement hub. That’s our natural position in the ecosystem. They need this robust kind of thing through the entire platform that does enforcement and activation and that’s where we land.
We have lots of ways of integrating and we are building a lot of functionality to help you combine things at the visitor level and do things with that consent on our side. But manually you can already configure that today then we have a way for you to audit and log all the consent. We have a way to send it downstream… It is just like the supply chain that we’ve been doing from the beginning.
We offer something in all aspects of compliance regarding data privacy with customer data from collection to deletion and reporting. Can you expand on this?
Timothy: We take pride in our content offering and the role we play in the compliance journey of companies using our platform and our modules. We have our consent management widget which is seamlessly integrated with our tag – the value is easy implementation. It covers all requirements of regional data regulations.
We also provide an out-of-the-box integration with any external CMP. That’s also very easy to apply and it’s powerful.
In simple terms, the CMP captures the consent signals and hands them over to us and we evaluate these signals based on the consent enforcement framework. That framework is sitting within our tag management system and this enforcement framework is very easy to set up.
With this framework, you’re decoupling the decision logic… “Is this tag allowed to be triggered? Yes or no” from the load rules which is super powerful. This saves a lot of configuration effort and gives you full governance and transparency about data flow. This is where the value comes from! We don’t get in the way of CMPs working.
With regards to data processing and storage, we also provide a lot of value to our customers because audibility is a very important requirement. It’s a necessary use case and we’re able to store consent and we can report on it with our data visualization features (Data Insights) that can be sitting on top. With our AudienceStream CDP, we’re able to persist and merge cookie consent with offline permissions against this central visitor profile which is then the ideal foundation for data subject use cases like subject access requests. We also have APIs in place to improve and automate workflows and processes.
Tealium has an overarching theme of privacy by design. Tealium helps you mitigate risks, and improves operational efficiency, and those two building blocks help you build trust with customers.
Can you talk about consent when it comes to highly regulated industries?
Sarah: Usually when you consider consent you think about the activation side… You’re granting permission to use your data for analytics or advertising and a lot of the time, one of the key aspects is left out by competitors. You need to be able to obtain that consent before data collection! Tealium is a leader in this space.
When it comes to healthcare (see our new offering, Tealium for Healthcare) many companies are left in a spot where they need more data on their patients because of all the regulations and HIPAA requirements. You can’t collect PII and PHI to send to vendors without a BAA. However, if you have a data collection platform that chooses and makes it known through the documentation that they’re going to collect that data and send it to your data warehouse that’s still a violation of a lot of the different local governance laws. This is because they’re still collecting that data prior to giving consent and ignoring the visitor’s experience and their legal regulations.
Tealium helps you control how you set up your data collection, your consent collection, when the data gets collected, shared, and when it gets used. That level of control is not something that you can always get from other tools.
Wrapping Things Up
In conclusion, compliance is not just about collecting and enforcing consent. It is about building trust and long-term value. In marketing, there is no future without consent. If you work with customer data, you have to put consent front and center and Tealium can help!