Cookie Consent Management

06/10/2021

Implementation of cookie consent management for 500+ websites in less than six months for GDPR/ePrivacy compliance, further deployment and optimization after initial implementation

Challenge

The General Data Protection Regulation (GDPR) and ePrivacy Directive require that website owners must obtain user consent from website visitors from the EU before installing cookies that are not strictly necessary for making a website work. Similar laws are in place for the UK with the Privacy and Electronic Communications Regulations or for Brazil with its Lei Geral de Proteção de Dados Pessoais (LGPD) and in preparation for countries like Canada, Switzerland and India.

What are cookies? Cookies are small text files that are sent to the computer when visiting a website. Cookies are used for storing, for example, your language preferences, your credentials for letting you return to a protected area without entering your credentials again or your shopping cart in an online shop to let you continue a shopping tour after having temporarily left the online shop. Besides those functional (and very useful) cookies, there are also so-called performance cookies that track how you use a website to allow the website owner to optimize, for example, marketing campaigns and targeting cookies that store information about your website visits for advertisement reasons.

Cookie banners were being implemented already for years. However, website visitors were just informed that the website is using cookies and that by continuing the website visitor accepts this. This is not compliant with the above “cookie laws”. They require to

  • Receive users’ consent before implementing any cookies except strictly necessary cookies
  • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received
  • Document and store consent received from users
  • Allow users to access the website even if they refuse to allow the use of certain cookies
  • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place

Being uncompliant with cookie laws puts organizations at significant financial and reputational risk. The first cases were seen in France in December 2020 when the French data regulator (CNIL) fined Google 100 million euros for not compliant cookie management and Amazon for 35 million euros for automatically placing advertisement cookies when visiting amazon.fr.

The initial situation with our customer was that a cookie consent management tool (SaaS) had been selected and implemented for some corporate communication sites. However, the implementation scope was not clear as no accurate website inventory was available. Furthermore, the capabilities for a quick and resource-saving implementation while ensuring that no new websites go live without proper cookie consent management were not available.

What KVALITO did

  • Management of a 10 weeks planning phase with:
    • Definition and accurate implementation scope by establishing a website inventory based on multiple existing inventories
    • Standardization of text for cookie banner and cookie preference centre (element to manage cookie settings) in collaboration with data privacy organization
    • Development of 3 design templates for the cookie banner with limited personalization possibilities in collaboration with UX experts
    • Design of an efficient implementation process with project office facilitating communication between website owners and technical implementation specialists
    • Development of controls to ensure sustainability of compliance status
  • Management of 10 weeks implementation period for appr. 500 websites for an audience of EU/UK residents
    • Mobilization of website owners
    • Development of a design proposal for each website in scope
    • Implementation of the design (after approval or revision by website owner) in the consent management tool and generation of the scripts for consent management integration into websites
    • Support of internal and external (80+ agencies) web developers for web integration
    • Validation of the consent management for all websites
  • Development and implementation of operations processes for new websites and changes to existing websites
  • Establishment of a monthly review and reporting cycle to measure sustainability of operations processes
  • Development of a monthly acceptance rate report to inform website owners about numbers regarding new visitors and their cookie management decision
  • Implementation of a major text and design change which facilitated a cookie acceptance increase of 20-150%
  • Onboarding of 4 new countries (Brazil, Canada, Switzerland and India)
  • Deployment of a similar solution to mobile applications by following same implementation process

People, Processes and Tools

People / Roles:

  • Project and Service Manager
  • Project Office

Processes:

  • Website and Mobile Assessment
  • Remediation Management
  • Website and Mobile Governance
  • Data Privacy Compliance Management
  • Website and Mobile Change Management
  • Periodic Website and Mobile Quality Control

Tools and Technologies:

  • One Trust (Cookie Consent Management, Mobile Application Consent Management)
  • Drupal web content management
  • Episerver web content management
  • HTML5

Value Delivered

  • Reduction of implementation time and effort by > 50 % compared with initial customer expectation
  • Efficient and action-oriented privacy remediation of digital assets before compliance gaps receive attention of authorities
  • Transparent status for data privacy stakeholders through periodical quality controls
  • Increase of availability of analytics data after cookie banner design optimization

Clients /References:

  • Novartis

Author

You May Also Like…

AI in Quality and Compliance

AI in Quality and Compliance

Artificial Intelligence (AI) is transforming the way regulated industries approach Quality Assurance (QA) and...

BioTechX Europe Event 2024

BioTechX Europe Event 2024

We are excited to announce that KVALITO Consulting Group will be a Silver Sponsor of BioTechX Europe 2024. As Europe’s...

Your Privacy

Any website you visit may use cookies to store or retrieve personal information about you. Data stored or retrieved may be about you, your preferences, or your device, and it is used for the purposes specified in the cookies section below. When you visit this website, KVALITO AG is the data controller for your data processed through our cookies. Furthermore, some of the cookies we use are from (and controlled by) third-party companies, such as Google Analytics, YouTube or Linked in Analytics, Instagram, for example. They provide us with web analytics and insight into our sites. You can accept or decline cookies based on your preferences by defining each cookie category. Accepting cookies activates the functionalities described in the cookies category while refusing cookies disables such functionalities. In addition, you set which types of cookies you accept or not, and you can withdraw your consent at any time by changing your preferences in our cookie consent manager. To learn more and change our default settings, click on the various category headings. For more information, please see our Cookies Policy.