Evidon launches ‘first commercial-grade’ GDPR solution

Replacing its previous compliance platform for the EU Cookie Law, the new version offers single-click or drill-down consents for users of sites and apps.

Chat with MarTechBot

Check Mark Final Sgpmci

Less than a year from now, the General Data Protection Regulation (GDPR) goes into effect.

This week, New York City-based Evidon launched a beta version of which it says is “the first practical, commercial-grade solution” to collect user permissions in compliance with GDPR.

Called the Universal Consent Platform, it updates the company’s previous Site Notice Platform, which facilitated user consent for the GDPR’s predecessor, the European Union’s ePrivacy Regulation (“Cookie Law”).

Although this new platform is intended for publishers of mobile apps and desktop/mobile web sites, CEO and co-founder Scott Meyer told me that his company is also looking at applying the platform to other devices, such as voice-based agents like Amazon’s Alexa or smart car dashboards.

Under GDPR, companies with EU visitors need to obtain consent for collection and use of their personal data, which includes browsing behavior. Meyer noted that companies doing business in EU countries should take steps to comply because of the possible heavy fines. This includes, he pointed out, US-based brands with a European presence.

U.S. companies without much business in the EU will technically be in violation if they don’t comply, because GDPR covers any EU citizen wherever they are. But, practically, Meyer said there will likely be little legal exposure for those US-only firms, since “EU regulators don’t have some huge army.”

To employ the Consent Platform, publishers need to add a line of JavaScript to their properties, and then they — or Evidon acting on their behalf — can use the self-service online dashboard to customize the tags or cookies that are dispensed in response to users’ granting or denial of consent. Evidon provides a template for the consents page, where publishers can add a logo or customize the existing text.

The platform has been designed so that a user can click a single “Accept” button if they choose to give consent across the board, or they can drill down into providing specific consents in a variety of categories. Once granted for a site or app, the user doesn’t need to grant permission again on subsequent visits, but can change consents at any time via an “Options” button. Here’s the single acceptance screen:

Evidon's platform as used on an example site

Evidon’s platform as used on an example site

And here is a drilldown screen with individual consents:

E 03 GDPR Stewey Cookies 2x Golmmy

Meyer noted that “GDPR is not trying to break the Internet,” in that it provides for some implied consents.

One type of data collection, he pointed out, involves info that is essential to the functioning of the site/app, such as determining what fonts your browser can display so a site can present itself properly. No explicit user consent is needed for this.

A second type, he said, relates to data collection that is needed for the publisher to respond to users’ actions, such as obtaining an address from the user to ship a purchased product. In supplying the address, the user implicitly grants permission.

The third bucket is the one most associated with GDPR. It covers data collection not essential to run the site or fulfill a user’s request, such as data relating to ad targeting, and it is the primary focus of the various consents in Evidon’s Consent Platform.

Evidon says that over 10,000 commercial sites and apps from about 250 brands have used the previous Site Notice Platform. About 20 firms, representing several hundred domains, have signed up to begin using the new Consent Platform.

Meyer told me that, while some qualitative user testing has been conducted on usability for the new platform, his company will now spend the next ten months before GDPR goes into effect to test how this platform can best obtain consent without discouraging user traffic.

Competitors TrustArc and OneTrust also have GDPR offerings, Meyer noted, adding that his company has about 90 percent of market share for solutions offering compliance with the Cookie Law. He described a GDPR solution recently offered by Janrain as “complementary” because Janrain is primarily focused on identity management.

[newsletter-form id=’6379′ text=’Get your martech news delivered daily. Sign up below for the MarTech Today Newsletter!’]


Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.


About the author

Barry Levine
Contributor
Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.

Get the must-read newsletter for marketers.