20% of ad clicks on average are frauds

Don't pay for clicks generated by bots, competitors
or uninterested clickers

User consents - why are they so important and how to collect them?

TrafficWatchdog team

08.06.2022 r.

consents, users, information

User consents - why are they so important and how to collect them?

source: own elaboration

A few years ago, there was a lot of hype around the General Data Protection Regulation known as the GDPR. Today, although many of it’s recommendations are widely known, still not everyone understands the purpose of this and other EU initiatives on the collection, processing and protection of personal data (including in particular the Directive on privacy and electronic communications). One of the most important assumptions of these provisions is the obligation to inform data subjects about what information is collected and processed about them, by whom and for what purpose. In addition, in many cases, it is required to obtain binding, i.e. free, express, informed and unambiguous consent of the user to the processing of his data. What is the purpose of this and how publishers of digital content should collect such consent - we will try to explain in the text below.

What is the purpose of collecting users’ consents?

Bold pop-ups at the entrance to the website have become our everyday life. They invariably irritate, but users have learned to live with them - most often by blindly clicking the „Accept” or „I Agree” button or by mindlessly checking out the boxes necessary to continue browsing the site. Few people realize that by doing this, they are making important decisions about their privacy - allowing third parties to collect and process a lot of data about themselves. Theoretically, they are supposed to inform the user and persuade him to consciously use a given website or application. In practice, unfortunately, information about data processing is read only by few, mainly because it is poorly designed. It is a pity, because they are actually intended to serve both users and owners of websites and applications. For the former, by informing about how a given website or application protects their data, and for the latter it helps to avoid many unpleasant situations, including legal consequences, both on the part of users and business partners.

What should properly collected consent look like?

How the message with a request for consent to use data displayed on a website or application should look like depends on how personal data is used and what the specific website or program earns on. It is also important who the owner of the website works with and the external companies whose services he uses. Therefore, we aren’t able to present an example of universal consent that can be used in every case. However, we can give some pointers on how such consent should be built:

  1. It must be up-to-date and relevant
  2. Digital content publishers, i.e. owners of websites and applications, should keep records of user consents. They must at least contain the content of the consent as well as the date and time of its expression. It is on the basis of such archived confirmations that they can collect and process data about their users. The message containing the consent must therefore be up-to-date first of all - it should list all entities to which the data will be made available and explain why this is happening. In addition, it must provide information on to what extent and how the data will be collected (whether via cookies, mobile advertising identifiers or other forms of local data storage). It is therefore necessary to update the window that will appear to the user, each time a new partner is acquired to whom data will be transferred, when the scope of services provided changes, and sometimes even when the publisher of digital content decides to use other tools than those used so far.

  3. The message itself should be as short, understandable and legible as possible
  4. The most difficult thing when creating a consent message is to build it so that it is both up-to-date, comprehensive and ... as short as possible. And this is very important because, as research shows, in the case of long information about data processing, users are definitely more likely to leave a given page or check the box with consent without reading its content. So, you can either lose a potential customer or gain one who won’t be aware of what will happen with the data about him. When creating the content of a given consent, we encourage you to list and clearly explain the most important information - such as why, what data and how are collected and processed, while the rest, such as the list of entities to whom the data will be made available, or the address and seat of the relevant data protection officer in the expansion or under the link provided in the consent. This may also make it easier to apply changes in the future.

    We should also remember that a given website or application can be used by different people, and there is only one consent message. Therefore, we recommend that it is understandable and legible, and possibly, if the content is published in several languages, that it also has its equivalents in them. The user’s express consent should prove that they understand what will happen with the data concerning them.

  5. Giving consent should require the activity on the part of the user
  6. The collected consent should be binding, i.e. free, explicit, informed and unambiguous. So, it’s best if the user expresses it himself - for example by selecting specific boxes or possibly by clicking on the appropriate button. We recommend breaking the consent into several smaller ones with different scope - for example, separate consent for personalized and non-personalized ads. Thanks to this, we increase the chances that the user will read specific content before giving consent.

  7. It should also take into account your partners and external companies whose services you use
  8. As a responsible publisher of digital content, you should know not only what you do with your user’s data, but also how your partners and external companies with whom you work use them. For example, you can put links to their privacy policies somewhere in the content or explain exactly how they will process your user’s data.

  9. Must contain information on what to do to withdraw consent
  10. Pursuant to the provisions of the law, withdrawal of consent must be as simple for the user as expressing it. So, make sure that the content of your consent includes information on how to change its scope or withdraw it.

Why is proper consent collection important?

Contrary to appearances, the consents of the users of a given website or application aren’t collected only for marketing purposes, they are also used for statistical purposes, and when properly used, they can significantly improve the operation of a given website or program. After all, they help prevent fraud and abuse. However, all this should take place with the informed consent of users, who are therefore more involved in the operation of the website or application, and which can be very important in the event of unforeseen situations - much less demanding. In extreme cases, when, for example, a case of misuse of data goes to court, properly collected consent can be an extremely strong argument in favor of you and your partners. It is therefore worth spending some time refining the message on the collection and processing of personal data and consents collected on the website or in the application.

Contact us

in order to present me a product offer and for marketing purposes. Spark DigitUP Sp. z o.o. as the Administrator, observing the provisions on the protection of personal data, has informed me of my right to access, delete, forget and transfer information, as well as rectify, supplement and limit the processing of my data in the manner arising from [Privacy Policy].

within the meaning of art. 10 paragraph 2 of the Act of July 18, 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204) to the provided e-mail address and telephone number. Spark DigitUP Sp. z o.o. as the Administrator, observing the provisions on the protection of personal data, has informed me of my right to access, delete, forget and transfer informations, as well as rectify, supplement and limit the processing of my data in the manner arising from [Privacy Policy].

in relation to the phone number and email address I have provided for direct marketing purposes by Spark DigitUP Sp. z o.o., owner of the TrafficWatchdog.pl