Why B2B Marketers Need More Than Just Cookie Warnings

Cookie regulation is on the move

The regulatory environment for cookie consent reminds me of A23a, the world’s largest iceberg (https://www.bbc.co.uk/news/science-environment-67507558) – dangerous, poorly-understood and takes a while to move, but when it finally starts to change it’s important to pay attention.

Like A23a, the regulators – at least, the UK’s Information Commissioner – have been making moves in November 2023. Major sites have been given 30 days to adjust the way they gather users’ consent for cookies – see https://www.bbc.co.uk/news/technology-67488305 for more details.

Although to date there has been relatively little enforcement action, everyone in the digital marketing world needs to be mindful that the regulatory environment around cookies is both strict and complex. And the laws have teeth – companies can be fined up to 4% of global turnover, and we’ve seen fines of more than £100 million already imposed on large tech companies.

So we think it’s timely to remind B2B marketers to take a look at their consent management setup.

Last orders at the “cookie bar”

A “cookie bar” or other drop-in user interface component is the most visible part of consent management, but on its own is just not enough to ensure compliance with the regulatory environment.

If you want to comply with the law, and to verify that you continue to comply as things change over time, then you are going to need a proper Consent Management Platform (or CMP). This is a technology that you integrate with your website (and any other web-based digital content, like specialist landing pages) and which makes the technical aspects of compliance much easier to achieve and assure.

What does a CMP do?

A good CMP does 4 main things:

1. Generates the “cookie bar” user interface component that allows a user to grant or withhold consent for cookies of different types, and records that consent – ironically, most likely in a cookie! – so that a user doesn’t have to be asked again on a return visit.
2. Provides technical control mechanisms allowing for tracking scripts and other cookie-using components to modify their behaviour based on a user’s consent choices – for example, not firing an analytics tag if a user hasn’t consented. These control mechanisms need to be able to play nicely with the rest of your tech stack. In particular, they need to work with a tag manager if you use one.
3. Automatically documents the cookies that your site uses, with the purposes of each, to avoid a lot of error-prone manual work in maintaining a compliant cookie policy document.
4. Automatically audits the use of cookies on your site so that you can tell whether you are compliant, and identify any steps you need to take to remedy non-compliance.
   Here’s an example of the technical architecture of a website with a CMP in place:

And here’s how that picture changes if a tag management system (like Google Tag Manager) is in use:

There’s a LOT of complexity here! And only a tiny part of that is the visible “cookie bar”.

With all this complexity, there is a lot that can go wrong. Even the best CMP does not guarantee compliance. So it is crucial to use the auditing features of your CMP to check for compliance. And even once you have a compliant site, you should still plan to repeat this audit process regularly – it’s easy for non-compliant technologies to creep in via apparently harmless site updates.