With the massive new requirements for user consent in the GeneralData Privacy Regulation (GDPR) and the new California privacy law, you’d think the recently emerged consent management platforms would have landed in every sizable company’s toolbox.
Not so, says “How Privacy Tech Is Bought and Deployed” (free, registration required), a new report on the adoption of privacy technologies from data privacy management firm TrustArc and the International Association of Privacy Professionals.
It found that consent management platforms — which have emerged to handle the capture, management and transfer of user consent for personal data use — were found to be the least adopted tech among 10 categories of privacy tech.
Fewer than 20 percent of surveyed organization are currently deploying consent management platforms, although another 20 percent are intending to buy one. One reason, the report says, is that consent is “the nexus where there are the most cooks in the kitchen,” which might result in some confusion as to who should manage that sphere.
“There is an indication that the market doesn’t find consent management as difficult or important as conventional wisdom would have you believe,” the report says. “Almost 60 percent of companies have no plans to invest in consent management tools.”
The study, which the organizations say is the first-ever benchmarking of privacy tech adoption, is based on a survey of 328 privacy professionals worldwide, conducted in May. The IAPP has also issued a Privacy Tech Vendor Report, which offers the technology categories.
The most popular adopted new privacy technologies, based on whether companies have purchased or intend to purchase them, include Privacy Program Assessment/Management (61 percent), Data Mapping and Flow (57 percent), Personal Data Discovery (54 percent) and Privacy Information Management (52 percent) technologies.
The survey also found that larger companies are not worrying too much about budgetary issues when it comes to new privacy tools, although budget is a concern at smaller companies. One reason might be that larger companies know that if lawsuits or governmental actions start flying, the bigger fish will be the first targets.
US-based firms are more likely to have already implemented enterprise-wide privacy management solutions, which include privacy components. EU/UK firms are more likely to already have privacy management tools, given that they’ve been living with stricter online privacy requirements for some time.