In the Summer of 2017 Evidon announced the beta version of its Universal Consent Platform. Having been aquired by Crownpeak a short while after, Evidon’s solution combines PIPEDA, ePrivacy and GDPR consent management with its Site Notice and Ad Notice for AdChoices. An overview with a focus on Evidon GDPR and ePrivacy consent management.
We’re excited to offer companies not only a solution to a problem, but a way to turn compliance into a competitive advantage (Scott Meyer, CEO & Co-Founder of Evidon)
How do you manage consent under the GDPR and in line with the current EU ePrivacy Directive (which is poised to be replaced by the ePrivacy Regulation)? With consent being one of the legal grounds for lawfully processing consumers’ personal data under the GDPR and data subjects having the right to withdraw consent on top of other data subject rights it isn’t that easy. The fact that the ePrivacy Regulation isn’t ready yet adds to the challenges for site owners, publishers and marketers.
Under the GDPR, a consent management approach needs to take into account the duties of the data controller such as the ability to demonstrate consent is valid, which means that an audit trail must be available and that, in order to demonstrate GDPR compliance and avoid GDPR fines, controllers (companies) need to be able to manage the consent lifecycle and prove that consent was freely given, specific, informed, unambiguous and so forth.
Consent management solutions: Evidon and the digital customer experience
Simply said: when consent is used as a legal basis for a data processing activity (whereby the data processing principles need to be considered) you need to be able to show by whom, when, for which purpose and more consent was given.
There are ample consent management solutions within broader platforms or as features in other applications (e.g. master data management or compliance solutions). Also specific marketing solutions have added consent management to their platform. By acquiring Evidon in August 2017, Crownpeak, a provider of ‘digital experience management solutions’, (DXM and DQM) for instance, also has one such solution (and a site notice and ad notice solution).
Consent management offerings within data privacy management and/or other applications (e.g. identity management) can be a great better fit for many organizations as they integrate with other desired features and several marketing platforms.
Evidon’s focus and collaborative approach in designing the Universal Consent Platform is the sort of innovation the adtech industry counts on (Andy Dale, VP Legal and Data Protection Officer at DataXu)
Examples of such providers/solutions include OneTrust’s consent management tool for marketers (which can be used with its other integrated solutions such as its cookie tool, data inventory and mapping, data subject access request portal and more), TrustArc (previously TRUSTe) with a more or less similar approach as OneTrust, Janrain’s Consent Lifecycle Management and platforms which offer the consent management tools for the more tech-savvy among us such as ConsentCheq, Consentua and more.
Evidon Universal Consent Platform: a different approach
Evidon has tackled the issue differently with its Evidon Universal Consent Platform. Evidon’s consent management solution was announced in the Summer of 2017 and is an industry-grade platform for, among others, GDPR and ePrivacy consent management, site notice and ad notice.
RELEASE: Evidon Debuts Industry’s First #GDPR and Cookie Law Universal Consent Platform https://t.co/wo8Dmi4JyP pic.twitter.com/JsIJurzMEB
— Evidon, Inc. (@evidon) 18 juli 2017
On top of being touted as the industry’s first Universal Content Platform for GDPR and ePrivacy Regulation compliance (the latter of course still can evolve as the ePrivacy Regulation is not published yet), the Evidon GDPR (and beyond) consent management platform focuses on the user (digital customer experience indeed, making the acquisition by Crownpeak all the more relevant, especially given the fact that all in all that digital customer experience still sucks and GDPR/ePrivacy are an opportunity to make it unsuck, just as it’s an opportunity to remove those darn information silos as you can learn in our article on GDPR, records management, classification and EIM overall).
The Universal Consent Platform is a unified single-tag solution with a front end which is accessible across desktop, mobile web and in mobile apps. It seems that even other channels and devices are being looked at since the ePrivacy Regulation also covers the ‘more modern’ digital devices for which one may need to give consent. You can think about IoT (the Internet of Things), artificial intelligence and their various consumer-oriented applications, for example in smart homes and beyond, indeed.
In the scope of GDPR the Evidon consent management solution also comes with ‘a simple’ solution for data subjects to exercise their rights such as the right to be forgotten, as the announcement stated.
This is important when you start comparing various platforms and also their pricing. For example: as mentioned, OneTrust has a full-fledged data subject access request solution besides its consent and consent preference management solution.
On the website of Evidon’s Universal Consent Platform, for now Articles 7, 12, 13, 14 and 21 are mentioned in the scope of the Evidon GDPR solution perspective.
As you can see on our GDPR Articles page from a data subject rights’ perspective this covers the data subject’s right to withdraw consent of GDPR Article 7 (on consent) itself, the general rules on transparency and the exercise of the rights of the data subject of GDPR Article 12, the rules on the information to provide at the time of personal data collection (GDPR Article 13), the information to provide when personal data haven’t been obtained from the data subject (GDPR Article 14) and the right to object (to processing). In other words: other data subject rights such as the mentioned right to erasure, right to restriction of processing, right of access, right to rectification and right to data portability(another ball game) aren’t mentioned. So, do inquire when considering the Evidon consent management solution.
Combining PIPEDA, ePrivacy and GDPR consent management with AdChoices
At the time of the announcement Evidon said that the platform was in beta, or more precisely, that beta code would be available in Q3 of 2017 with production code available in January 2018.
We’re not sure if this is the case yet as Evidon hasn’t officially communicated on that yet, nor has new owner Crownpeak. Competitor OneTrust’s Universal Consent Management and Preference Management is out of its beta version since early March 2018.
Evidon Universal Consent Platform builds upon its widely used Site Notice Platform, which at the time of the announcement was used on over 10,000 commercial sites across the globe. Of course customers can customize their consent notice or chose from templates as is possible with its Site Notice solution, depending on the regulatory program.
The Universal Consent Platform is suited for the GDPR and to be replaced EU ePrivacy Directive, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA or the PIPED Act) and the self-regulatory AdChoices program of the Digital Advertising Alliance (DAA) enabling consumers to control their interest-based advertising settings following the DAA principles (where Evidon’s Ad Notice, part of the solution also comes in).
Evidon Universal Consent Platform enables users to choose between top-level and deep-dive information on how data is collected and used across various layers. On top of the data that is typically needed for a site to function, there is data collection in the scope of needed actions (e.g. for ecommerce transactions) and next comes the data collection in the typical marketing context of GDPR: for communications, advertising and so forth.
The unified Evidon GDPR and ePrivacy granular consent approach
From the point of view of the visitor consent can be set in a more general way and on a granular level as the GDPR requires.
As is the case with similar platforms there is a central consent database with consent controls and tracking technology (Evidon’s proprietary Regex Company Database and patented Monitoring & Consent solutions) and there are ample integrations (via middleware API’s and first-party datasets).
The Crownpeak/Evidon GDPR consent solution informs users regarding the first and third-party data collection activity on their websites with opt-in and opt-out controls on a granular consent level
Evidon Universal Consent Platform also offers insight into an organization’s digital supply chain, as the announcement mentioned, reminding that this is essential for effective Privacy Impact Assessments and Vendor Governance.
The Evidon Universal Consent Platform was developed with input from Evidon’s Design Partner Program which consists of privacy officers, technologists, academics, attorneys and data protection authorities such as Andy Dale, VP Legal and Data Protection Officer at DataXu and Bonnie Yeomans, VP, Assistant General Counsel & Privacy Officer at CA Technologies, both quoted in the announcement (see quotes).
The Evidon GDPR and ePrivacy consent management solution comes with single-tag implementation and supports over 50 languages
You can learn more in the press release, on the landing page of Evidon Universal Consent Platform and on Crownpeak’s pages on Site Notice, Ad Notice and the unified solution for consent under the GDPR where the name Universal Consent Platform seems to be dropped from the Evidon GDPR and ePrivacy consent solution although the notion of ‘unified’ is still there and the name is still used in a retail case study as you can check out here.
Last but not least below is a video from an Evidon webinar (before it was acquired by CrownPeak) on site compliance with the GDPR and ePrivacy Directive at the occasion of the announcement of its Universal Consent Platform, of course also with a focus on the Evidon GDPR and ePrivacy consent management features.