As you may well know, gathering consent is a big deal now, especially with the EU General Data Protection Regulation implementation date in the rear view mirror.
OneTrust Vice President of Products Blake Brannon knows it too, as his company’s customers have been pressing for a holistic way to capture consent and please regulators in the name of compliance, including from internet-of-things devices, phone support and even printers. That's why OneTrust decided it was time to plant their flag in mobile with its Mobile App Consent solution, a tool designed to help companies obtain user consent across mobile apps. Tracking mobile consent could go a long way in helping organizations comply with the GDPR, ePrivacy Directive and the California Consumer Privacy Act of 2018.
One of the ways OneTrust Mobile App Consent receives user opt-in is by embedding an option allowing users to give their consent when they first open an app.
The solution can also get consent on a contextual basis depending on what features users are accessing. The tool can offer prompts for opt-in when a person uses a feature specifically requiring location data, contacts or any other form of information. By giving users these precise options, Brannon said consumers will more likely give their blessing to move forward.
Of course, a user may not want an app to use their information forever, or may even decide to delete the application altogether, which prompted OneTrust to develop a way for users to keep track of all of their opt-ins.
“One of the things we provide is a preference center that you can either put into the mobile application itself where you can see all of the things you consented to and opt out of that with a simple toggle, or you can get access to that off the mobile device and withdraw that consent through a web browser,” said Brannon.
The tool produces consent receipts, which are stored in a centralized database for future disclosure to regulators. It also provides companies with an analytics dashboard to see what users are consenting to, who those data subjects are and where they are located.
Development of the product took nine months, and in that time, the privacy legislation landscape evolved.
Brannon said OneTrust is constantly tracking the latest developments in privacy law to help improve its products.
“There is a lot that our team does internally to track and follow the regulation,” said Brannon. “There is a lot that we have modified and changed in our consent solution with new guidance that has come out and with the some of the enforcement the CNIL has already done, to various interpretations that our user community and install-base are providing feedback on.”
When examining the marketplace, OneTrust saw most consent solutions were built using technologies from what he referred to as the "Do-Not-Call" era. Brannon, for example, believes OneTrust’s product is the only mobile consent tool on the market supporting the IAB’s new consent framework.
When asked why other mobile consent products had not popped up earlier, Brannon's answer reflected what other privacy tech vendors have said: mainly that other areas of compliance needed to be solved first. “When you have all these other projects you have to tackle to get compliant from a privacy standpoint, mobile is probably not the first thing on the list that becomes a priority,” said Brannon. “Most of the market had been focusing on records of processing, data flows, DPIAs and things like that.”
CaCPA also raced into passage as OneTrust Mobile App Consent took form. Brannon said his company hopes to be on the forefront of the Golden State’s big privacy law.
“We designed the tool to be able to import new guidance in a very flexible way. As soon as that was announced, I think the following Monday we pushed out a press release on a new assessment to help organizations assess their readiness for the current guidance in the California privacy act, and what that could mean for assessing existing business processes and identifying new risks from a consent standpoint,” said Brannon.
OneTrust generally updates its platform every three weeks, and a major update for Mobile App Consent in August will focus on Android system functionality. Brannon hopes the product can be used for other devices where consent is becoming increasingly important, such as smart TVs, meaning consent will be a focal point for the company in the months to come.
“Going forward you will see a lot of investment from our side into making that end-to-end process of taking a captured consent from a user through whatever end point it is and sharing that consent information with that all these different back-end system and apps and tools so they will what they are going to do from an operational standpoint of cascading that across the business,” Brannon said.
If you want to comment on this post, you need to login.