The Future of Compliance, Consent Management, and Why the UX Needs a Revamp

Brad Redding, Founder & CEO @ Elevar, shared his thoughts recently on the future of consent compliance (GDPR, CCPA) and why the experience for end users, brand owners, and consent integrators needs a major overhaul.

Compliance is a subject we all tend to groan about – whether we’re the end user, the brand owner, or implementer (aka, “compliance integrator”). As Brad explains in the first few minutes of this podcast, it’s a terrible experience for everyone – just, terrible.

But what makes it so rotten, and how can we fix it? The experience and the level of rottenness depends on which side of the screen you’re on, of course. There are different ways to approach consent compliance – let’s explore further:

User Experience (UX), the extreme options:

• The cookie pop-up: When a user visits a site, they may see a pop-up that essentially says “We think we have to show you this, so here it is thanks, have a great day.”
  • (The idea here might be that the visitor is not turned off by legalese, tracking commences per usual, and they continue into the site to make a purchase.)
• User outside of the U.S. tries to access a site, but immediately sees: “You cannot enter our website at all unless you’re in the U.S.” pop-up.
  • (Clearly, said user likely exits the site and certainly isn’t buying anything at that point.)

UX, the middle ground options

• Pop-up says, “Hey, thanks for visiting. You can use our site, but you can’t use it unless you select some information first and/or fill out this form.”
  • (These are largely found in Europe because of GDPR, and force the user to jump through some hoops before they can enter a brand’s website, which surely is a deterrent to converting.)
• Pop-up says “We’re glad you’re here. Accept all of our cookies (button A) or choose between these four different cookie types (button B). Have a great day!”
  • (The big issue here is that most users don’t know the difference between the four different types of cookies, so they may leave the site altogether if they’re concerned about tracking.)

Brand experience

• Brands don’t really know what to do so they make an educated guess.
• Most brands are doing only what they must to stay out of the spotlight, until it becomes necessary to make (more) changes.
• A lot of consent-compliance implementation options don’t work, or don’t work well, so when users do choose to opt out or in, their wishes aren’t met, leaving the brand open to scrutiny for wrongdoing. If a user requests through the consent compliance process that all their data be erased, it’s a time-consuming, manual, convoluted process.

Implementer’s experience

Implementation options are not ideal, and there are a number of platforms and tech systems that simply don’t talk to one another, making it that much harder to maintain a lawful consent compliance process.

Example:

• Brand X wants to send its users straight to checkout, bypassing the cart (to increase conversions). Javascript mobile simply doesn’t talk to their platform – it cannot be installed.

• Brand X’s Implementers have two options: 
  • Choose to take the risk of setting up the checkout process as they’ve planned, without the Javascript mobile in place.
  • Don’t make any changes to the checkout process: users must “go to cart” prior to checkout and there is no opportunity to increase conversions.

So what does the future hold? 

How do we address the consent compliance conundrum so that users, brands, and implementers are happy with their options and with the process? 

At Elevar, we choose to see the glass as half-full: we think it’s going to get better, sooner rather than later. And we’re not basing that on our own sheer optimism alone.

Here are the facts:

Lawsuits against Sephora and Google resulted in enormous settlement costs – $1.2 million and $391.5 million dollars, respectively. That’s not good for the economy because it’s not good for business in general. So even though these lawsuits are cringe-worthy for business owners, they may actually serve to benefit us in the long run. 

Because…

If nothing changes, and business owners continue to be scared of missing the mark on consent compliance, we might find ourselves:

• Overdoing efforts to comply and making it too hard for users, resulting in fewer conversions; 
• Giving up on trying to follow consent compliance laws and waiting to be next in line for a lawsuit; or
• Adhering to consent compliance laws as much as possible, knowing it could mean fewer conversions.

Conclusion: 

There has to be a different way to ensure consent compliance is handled appropriately, for everyone’s sake. Right? 

We believe that consent compliance will be handled at the platform and/or browser level instead, with API integrations that work with everyone’s websites. So the big guns, like Google, Safari, etc., will be held responsible for consent compliance, rather than the individual brands. This is a great opportunity for platforms and browsers to show all of us how helpful they can be and how much they care (embracing the greater good and all that jazz). 

One final note: 

And with that happy ending, welcome back and happy 2023! Stay tuned to Brad Redding’s Conversion Tracking podcast for more news about this ongoing topic, as it surely will continue to unfold in 2023. For the whole story, listen here (and like and subscribe while you’re there).

P.S. Elevar has integrations with 4 consent management technology partners – OneTrust, Cookiebot, Consentmo, and Pandectes. If you’d like to learn more just let us know!

 

For the whole story, listen to the podcast.