Consent_Management.jpgMark Lizar is executive director of the Open Consent Group, a London-based company that specializes in consent engineering and management. He is also founder of the Open Notice initiative, chair of the Consent & Information Sharing Work Group at the Kantara Initiative, chair of the Consent Work Group for Digital Catapult’s Personal Data & Trust Network and the creator of the Consent Receipt.

UnboundID: How did the consent management field begin and what does it entail?

Lizar: The concept goes back quite a while. It started up in the modern age and it’s usually done by large enterprises and governments. Now, we are seeing a massive shift as people can manage their own consent and have better experiences. Consent management is merging into identity management. But the difference is that consent management is people-enabled management of consent, not enterprise enabled. It allows people to approve and withdraw consent and then create personal experiences from that. Identity management has traditionally been more focused on data protection than granting individuals control.

Some of the new laws are pushing industry toward the adoption of consent management, such as Europe’s General Data Protection Regulation that goes into effect in May 2018. The ideal state is that people can manage their consent on the aggregate, so by pushing one button they can manage consent on a bunch of different actions at once. Meeco and Digi.me are two of the life management platforms fighting for this new market available today. These services allow you to collect your personal data from across the web, and share bits of it to brands and organizations in exchange for some type of service or benefit.

UnboundID: What’s difficult about consent management today for most consumers?

Lizar: If you look at the experience that most people go through, such as entering in passwords or resetting passwords, the uncertainty about where your data is going and how it is being used, it is not a friendly process. People are stuck in a situation where they have to give consent to complete an action online but there is no transparency. As a result, people feel isolated, forced to lie and agree to terms not read, and are not empowered. Each organization’s policies are a closed, bespoke, policy framework, where you are more often than not, agreeing to consent forever.

UnboundID: So what’s happening to make things better?

Lizar: The Open Consent framework based upon the Kantara Initiatives Consent Receipt’ standard candidate will open that up, where people can manage consent outside of enrollment. Brands will be able to generate much better experiences as a result. Right now, at sites like Facebook, you are clicking on a privacy and terms of use consent button at the same time. You really don’t know what you are agreeing to and it’s actually not compliant with existing regulations in Europe. We want to remove the need for people to read privacy policies and increase that experience first. We’re close to doing this and it could look something like this: you hover over a button and you will see a short summary of what you are agreeing to, and then you can push a button and receive a consent receipt, which enables you to withdraw or modify your consent in context.

UnboundID: Is this framework being used anywhere yet?

Lizar: In London, there are now 700 organizations which have joined the Digital Catapult Personal Data & Trust Network, where 1200 people a month are going to be testing out the consent receipt this August, and they will all have access to Open Consent Framework first this fall. The government of Finland is also putting together the MyData project with the consent receipt standard at its core for the whole country. I have spent the last three years developing the standard for this framework. It can be really hard for companies to show how compliant they are, so the primary benefit of Open Consent is to provide people with a record of consent, to be more transparent to consumers and enable empowered customers. It will help consumers but it will also help brands by reducing that friction and lack of trust with their customers, and increase customer retention with rock star consent experiences.

There have been many studies showing how trust affects the way that people communicate and interact online. In 18 months, I think we’ll see a lot of changes in Europe. There will be a push toward granular attribute management. That means for instance, I can share my favorite song at the venue that I’m at right now. It’s very specific and it’s currently not available in platforms like Facebook or Google. Our goal is to bring that to industry so that vendors can incorporate the experiential capabilities that consent tech promises into their products and services.

UnboundID: As a consumer yourself, which companies do you think do a great job in delivering a valuable, trusted experience?

Lizar: I am really impressed with Apple’s commitment to trust. Uber is also making a big effort, after its early issues with privacy. Getting into a stranger’s car should be scary for people, but it’s not. Amazon also has a good approach to experiential engagement with customers. The big benefits will be for those large international brands like Unilever and Procter & Gamble which are committed to solving these issues. All of these companies give consumers notices across the user experience for consent. Apple has parental notices for when kids are trying to buy something and the company has developed an ecosystem for sharing apps within a family. In the United States, healthcare is bleeding edge; HIPAA notice and consent requirements are very defined because people die if consent is not sufficiently informed.

EXECUTIVE BRIEF: Top 3 CMO Challenges Only IAM Pros Can Solve

Discover three critical challenges CMOs face and how Identity and Access Management (IAM) teams can resolve them.