Why B2B Marketers Need More Than Just Cookie Warnings
Cookie regulation is on the move
The regulatory environment for cookie consent reminds me of A23a, the world’s largest iceberg (https://www.bbc.co.uk/news/science-environment-67507558) – dangerous, poorly-understood and takes a while to move, but when it finally starts to change it’s important to pay attention.
Like A23a, the regulators – at least, the UK’s Information Commissioner – have been making moves in November 2023. Major sites have been given 30 days to adjust the way they gather users’ consent for cookies – see https://www.bbc.co.uk/news/technology-67488305 for more details.
Although to date there has been relatively little enforcement action, everyone in the digital marketing world needs to be mindful that the regulatory environment around cookies is both strict and complex. And the laws have teeth – companies can be fined up to 4% of global turnover, and we’ve seen fines of more than £100 million already imposed on large tech companies.
So we think it’s timely to remind B2B marketers to take a look at their consent management setup.
Last orders at the “cookie bar”
A “cookie bar” or other drop-in user interface component is the most visible part of consent management, but on its own is just not enough to ensure compliance with the regulatory environment.
If you want to comply with the law, and to verify that you continue to comply as things change over time, then you are going to need a proper Consent Management Platform (or CMP). This is a technology that you integrate with your website (and any other web-based digital content, like specialist landing pages) and which makes the technical aspects of compliance much easier to achieve and assure.
What does a CMP do?
A good CMP does 4 main things:
- Generates the “cookie bar” user interface component that allows a user to grant or withhold consent for cookies of different types, and records that consent – ironically, most likely in a cookie! – so that a user doesn’t have to be asked again on a return visit.
- Provides technical control mechanisms allowing for tracking scripts and other cookie-using components to modify their behaviour based on a user’s consent choices – for example, not firing an analytics tag if a user hasn’t consented. These control mechanisms need to be able to play nicely with the rest of your tech stack. In particular, they need to work with a tag manager if you use one.
Here’s an example of the technical architecture of a website with a CMP in place:
And here’s how that picture changes if a tag management system (like Google Tag Manager) is in use:
There’s a LOT of complexity here! And only a tiny part of that is the visible “cookie bar”.
With all this complexity, there is a lot that can go wrong. Even the best CMP does not guarantee compliance. So it is crucial to use the auditing features of your CMP to check for compliance. And even once you have a compliant site, you should still plan to repeat this audit process regularly – it’s easy for non-compliant technologies to creep in via apparently harmless site updates.
I’ve gone into a bit more detail about the architecture of a CMP and how it fits with your website in this video.
Choosing a CMP
If you don’t have a CMP in place yet, it’s really time to choose one and get it in place. The regulatory iceberg is on the move and the level of legal jeopardy associated with non-compliance is rising.
There are many good CMPs on the market. At Sharp Ahead we have good experiences with Cookiebot, which is a strong entry-level CMP that covers the basics well for relatively simple organisations. If you’re a more complex business (for instance with multiple business units) you may need to instead look for a system with more enterprise-level features. You’ll also want to look at compatibility with your current and future tech stack, in particular for support for any CMS and tag management platforms that you use.
If you’d like help choosing, implementing or updating your CMP setup, please get in touch with us!