Privacy Barometer 2020: the gulf widens between brands in terms of GDPR compliance
Although the explicit consent rate is generally rising, many companies are still lagging far behind when it comes to complying with the GDPR, with only a few months remaining until the transition period granted by CNIL expires.
Paris, 4 June 2020 – Commanders Act, the European leader in SaaS-based Customer Data Platforms (CDP), is publishing the 2020 edition of its Privacy Barometer, which measures the performance of the mechanisms that organisations have implemented to collect strictly explicit consent in accordance with the GDPR (General Data Protection Regulation). With companies only having a few months left until the transition period granted by France’s data protection authority CNIL expires, the Privacy Barometer 2020 offers insights into the current situation regarding consent collection and identifies a number of trends about the preferred strategy that organisations are pursuing to comply with the regulation’s requirements.
To produce its review, Commanders Act used data on the behaviour of 13 million people using websites equipped with TrustCommander, its consent management platform (CMP). Data were collected between 2 and 15 March 2020. Unlike the previous editions, this year’s Privacy Barometer focuses on explicit opt-in mechanisms, i.e. those that require a positive action from the user to confirm their consent (such as an “Accept” button).
A clear change in attitude among brands
First of all, this new edition of the Privacy Barometer reveals an increase in the strict consent rate: 53% of the people using the websites analysed explicitly agreed for their data to be collected and processed, compared to 37% in 2019.
This rise can partly be explained by the change in attitude among certain brands, which are currently looking to improve their consent collection systems in an effort to increase their opt-in rate. “Until recently, most companies simply made do with implementing the bare minimum required by CNIL. In recent months, it would seem that several brands have given the issue a lot more thought in attempting to find the most suitable method for getting users to opt in, especially in terms of format and design,” explains Michael Froment, CEO and Co-Founder of Commanders Act. Many more companies are carrying out A/B testing, where they play different formats and designs against each other to determine which one obtains the best consent rate.
For example, 68% of websites currently prefer a pop-in format, which produces a higher opt-in rate than other formats, whether on smartphones or desktops. Similarly, displaying a single “Accept” button with a link to a second configuration stage appears to be the most widely used design with an opt-in rate between 70 and 94%.
“It can be seen that the most popular designs are not necessarily those offering the highest level of compliance with the requirements issued by CNIL, which tends to advocate a balanced choice,” advises Michael Froment. “But brands are continuing to look for the most effective formats that fulfil the criteria laid down by the GDPR while delivering high marketing performance. It is a constant learning process that is changing at the same time as user behaviour.“
Disparities in maturity
Although brands generally seem to be heading in the right direction, the gap between the top and bottom performers is widening. The opt-in rate varies tremendously from one sector to the next, but also within the same sector in some cases.
The difference in maturity can also be seen on smartphones. Whereas some brands have thought carefully about optimising the design for small screens, most companies have made little effort to improve the look & feel and the consent process, especially for mobile apps. This may seem paradoxical, since the amount of smartphone traffic is constantly rising and because the data collected on mobile devices are of extremely high quality.
“Most companies are busy upgrading their privacy processes in response to the different recommendations and observations, and improving their consent mechanisms. However, some companies are still lagging far behind and therefore walking on thin ice with regard to CNIL and especially their customers and consumer protection associations,” explains Michael Froment.
The consent rate as a digital marketing metric in its own right
Companies only have a few months left to align with the GDPR, in accordance with the requirements that CNIL laid down back in January. “As the deadline draws closer, all those brands that have yet to take appropriate measures will be caught out,” says Michael Froment. It is not so much the fear of being fined that should prompt organisations into action as the potential impact on their business and brand image.“
Consent is on its way to becoming a major issue in our digitised societies, so it deserves to be considered as a permanent fixture in the digital marketing landscape. As such, the consent rate should be turned into a marketing metric in its own right and given the same level of efforts to improve performance. “All the best practices that are used to raise the performance bar on the other marketing indicators – A/B testing, look & feel, UX, etc. – should be applied to consent in a bid to improve the opt-in rate, which is a fundamental part of current and future marketing strategies,” believes Michael Froment.