Jon Fletcher 2020-08-03

What is a CMP — and should I be using one?

Screenshot_2020_08_03_at_11.32.05.png
The intentions behind data regulation are unquestionably good. No user should be unaware of what they are sharing just by accessing a website. But, no reader wants to read through a dense data protection and T&C document. They want a simple, understandable, fast interface to make the process intuitive. 

And with CCPA, GDPR, and now LGPD, more and more countries are handing users back control over their data, the side effect of this has been that means publishers have had to find a way to open up their data collection processes and store their users. 'preferences. 

And regulators just make the rules, they don't offer much to help you comply with them. This meant the burden of finding a way to give and store data preferences fell to the digital industries. 

Welcome to the age of the CMP - the consent management platform


What is a CMP? 

CMP stands for Consent Management Platform. It is used to give users on websites access to and control over the data they give. A CMP is used for these main functions: 

  • For requesting, receiving, and storing users' consent. 
  • For storing the list of preferred vendors along with why they've been collecting the users' information. 
  • For updating the collected consents (if a user-triggered the action).

Any internet user will have used a CMP to give consent or modify their preferences in a pop-up, but a CMP is normally composed of two main parts: 

  • A user banner - consisting of toggles that allow users to opt-in / out of GDPR Purpose Consents and GDPR Vendor Consents.

  • And then, a JavaScript API that allows in-page adverts to determine whether a vendor (or purpose) is in the consented list.



As per GDPR guidelines, publishers have to "unambiguously" get the users' consent for collecting, processing and using their data but a CMP has to also give user options to control their data. 

Other rules for websites collecting data demand that you provide:

  • The right to confirmation of the existence of the processing;
  • The right to access the data; 
  • The right to correct incomplete, inaccurate or out-of-date data; 
  • The right to anonymize, block, or delete unnecessary data or data that is not being processed in compliance with the LGPD; 
  • The right to the portability of data to another service or product provider, by means of an express request 
  • The right to delete personal data processed with the consent of the data subject; 
  • The right to information about public and private entities with which the controller has shared data; 
  • The right to information about the possibility of denying consent and the consequences of such denial the right to revoke consent.

Any worthwhile CPM will give you the ability to give your users these rights. You can see here that the number of publishers using a CMP to comply with regulations has been rising steadily since the introduction of GDPR.

Do I have to use a CMP?

Not always. You don't need to have a CMP to comply with data regulations, it's often just the simplest way for publishers to comply as they want to capture user data. 


No data, no problem 

If you're not collecting the user data, you don't have to ask permission to use it. Not all websites store data or personal information. 

If your website does not collect any personal data via cookies, such as IP addresses, and you do not have sign up, contact, or newsletter forms, you don't need to ask for any user consent, so don't need a CMP . 

Walled Gardens 

The second scenario where you don't need a CMP is when you operate a membership model for your content. Platforms like Facebook, or paywalled news sites like the Wall Street Journal, don't need CMPs because they get user permission in their terms and conditions. 

By signing up to join sites like this, you're giving them explicit use and store your personal data. As long as you offer all the same rights over their data as listed above, you don't have to use a CMP to ask twice. 

Every data regulation also has a series of legal basis that mean you can access user data and still comply with the regulation — getting user consent is only ever one way to comply. 

You can see the full list of ways to comply with GDPR without having to get user consent here

However, the majority of these exemptions are special circumstances, that publishers can't guarantee. User consent has prevailed as the best way for publishers to comply for a good reason.


Why should I use a CMP?

If you've decided that a CMP is the best solution for your publication, you can expect to gain two main advantages. 

You will stay on the right side of the law

Primarily, CMP's function is to give the user easy access to their rights and information mentioned above. 

But, it also makes you compliant with data regulation laws such as GDPR, CCPA, and LGPD. By using a CPM, you can also adapt the rights depending on the location of your traffic. Your CMP may use geo-tagging to determine which regulations apply to this user and return the appropriate rights, in accordance with TCF (The IAB's consent Framework) Policy. 

A good CMP will also update to include new regulations, updates to existing ones, and mean you can have peace of mind with traffic from any location. 

You can put your user data to work

As well as just ticking boxes and staying on the right side of the law, GDPR and CMPs fulfill a purpose for your monetization needs.

By giving users control over their data, it means users are able to give you free, unrestricted, and legally protected access to their data.The more data, the higher CPM publishers can expect from their advertising. 

And, CMPs really do work. When it's easy to do, users will give publishers they trust consent to use their data for more relevant advertising. Measuring on Quantcast, over 90% of the consumers gave consent to advertising purposes. A good, easy to use and simple CPM can bring an extraordinary amount of value.


How do I know if my CMP complies with data regulation rules?


One of the first companies to receive a major fine from the GDPR rule was Vectaury, a French advertising platform. 

They actually used a CMP to obtain user consent, but GDPR determined it didn't comply with their regulations and fined them anyway. This means to rest assured, you need to make sure that your CMP complies with all the regulations that cover your traffic. 

You can check that the CMP you use is valid by using the IAB's compliance checker to validate it.

What to look for in CMP?

As you will have seen, not all CMPs are created equally and there are a number of companies that offer various different types of CMP. 

For the best results you should make sure that the CMP you choose provides the following features: 
  • TCFv2 compliant
  • CCPA compliant 
  • LGPD compliant Google compliant 
  • Optimized UX for high acceptance rates 
  • Available in AMP 
  • Collecting and storing granular consent information 
  • Support of multiple languages 
  • Light and fast to prevent page slowdown 

A good CMP will give your users full control and visibility over their data, without downgrading their experience. 

For full disclosure, Marfeel currently offers a free-to-use CMP for our publishers. We offer all the features listed above and thanks to our close collaboration with the AMP project, is fully compatible with AMP and AMP monetization.

If you'd like to learn more about Marfeel and our CMP, click here to schedule a free demo.



Latest Articles

‹ Back to Blog Home

Get the headlines

Sign up to get the best headlines direct to your inbox

Your name
Your email