Consent management platform (CMP) vendors are largely overpromising what their solutions can do out of the box, earning them an unflattering spot in Gartner’s most recent Hype Cycle report.
The report, released Monday, is Gartner’s first Hype Cycle study focused solely on digital advertising.
In Gartner’s view, CMPs are just about to reach the “peak of inflated expectations,” a phase of the technology hype cycle characterized by overenthusiasm, unrealistic projects and a handful of well-publicized success stories. Unfortunately, the reality is more like widespread failure as the technology is “pushed to its limits.”
With privacy regulations coming into force around the world, including the now 2-year-old General Data Protection Regulation in Europe and the California Consumer Privacy Act, businesses are casting about for help meeting complex consent compliance requirements that differ by geographical region.
A mini gold rush kicked off among privacy tech vendors to meet the growing demand for compliance services as businesses scramble to at least tick the necessary boxes.
But even when the technology is sound, most businesses don’t have the time or expertise to properly vet their consent and preference management platform partners.
“Data governance and integration requirements are seldom fully understood at the outset, so companies often wind up over budget, yet still lacking critical capabilities,” said Andrew Frank, a VP of research at Gartner.
There are also “strong incentives to implement Band-Aid solutions, which many vendors are happy to supply,” Frank said. “But the problem runs deep and the ultimate rules of governance are unsettled, fragmented and hard to predict.”
Implementation of a CMP also requires businesses to strike what Frank calls an “elusive balance.”
Giving consumers too many privacy choices, for example, can degrade the user experience and lead to high opt-out and abandonment rates, Frank noted. On the other hand, offering too few choices can limit a business’s ability to legally process the data they need to understand customer behavior and offer tailored experiences – or, worse, draw the attention of regulators if data is processed without clear consent.
CMPs generally leave clients to take care of the front-end design work of how to present consent options. And so many marketers give in to “‘dark patterns’ that attempt to trick or frustrate a user into opting in,” the report said.
Which doesn’t bode well, considering CMPs are a key component part of IAB Europe’s Transparency and Consent Framework, which is the industry’s primary attempt to create a compliance mechanism to enable consented data flows for real-time bidding.
So, what’s the upshot for marketing leaders who are still responsible for standing up compliance regimes regardless of the challenges?
Gartner advises allocating sufficient resources from across the organization to evaluate potential CMP solutions; implementing a formal review process for consent flow designs that take the customer experience into account; and testing and optimizing the trade-offs and quantifying the cost of different consent flow options, such as user abandonment and consent decline rates.
But companies also need to realize that consent management does not a complete privacy compliance regime make. Broadly, privacy technology needs to branch out into “more innovative concepts of digital identity management,” such as self-sovereign identity and proxy agents, Frank said.
“The notion that granular consumer consent collection is a sufficient basis on which to build a new data ecosystem is deeply flawed,” he said. “Consumers need more than the choice to opt in and out of hundreds of complex schemes – they need fair representation in the ecosystem, which in my view requires a new kind of entity.”