With the GDPR coming into effect on 25 May 2018 and the ongoing discussion about the eprivacy regulation (ePR) many privacy compliance tools and features pop up and companies emphasize privacy compliance as their USP. The real effect is another one: They terminate the discussion about opt-in and opt-out and establish the „granular opt-in“ as state-of-the-art.
Regarding ePR it is an ongoing discussion what the scope of the regulation will be, who the addressees are and especially to which extent cookies and similar tracking technologies can be used with consent or simply opt-out anymore. (more here for example) Consequently, the ongoing discussion leads to an enormous insecurity at online businesses, especially at those companies that implement or provide third party tracking tools, rely on online advertisement and don’t have a direct relationship with the data subjects to obtain their consent.
European politicians and lobbyists exchange hundreds of amendments concerning the regulation draft of January this year. The relevant companies could simply have waited for the results to be published but have already decided by themselves which direction to choose: the granular opt-in.
These solutions show that it is feasible to ask the user for consent that is neither abstract nor general. A general consent in the sense of a broad and comprehensive opt-in does not only seem to be unnecessary but not to be „state-of-the-art“ anymore. The more solutions are offered and implemented the less adequate general consent deemed to be appropriate.
Waiting for the regulators to define any practical and business supporting idea has not (never) been a good idea. Moreover, it is wise to offer settings that please data subjects, supervisory authorities as well as businesses. However, the arguments that detailed consent (which data, which purposes, which duration etc.) is in-transparent and confusing for the users and therefore destroy businesses won’t have any basis anymore in the current ePR discussion. Additionally, Companies which implement broad consent will face complains, claims and accusations why they don’t provide their services as privacy friendly as the others.
Here are a few examples:
Evidon Debuts Industry’s First GDPR and Cookie Law Universal Consent Platform
Key benefits include: A layered, user-centric experience, empowering the user to choose between top-level and deep-dive information on how their data is collected and used
(updated on 8/9/2017: typos)