Decentralised vs Centralised Consent: The Dangers and Benefits
Dangers of Decentralised Consent
- Data Privacy Regulators require a single, auditable record of consents and permissions belonging to a data subject across the organisation and its data processors.
- Can you answer the following: What consents and permissions do you hold on your customers across all uses of personal data; are these choices respected across the organisation’s entire ecosystem? Can these records of Consent be easily audited? If the answer is no, organisations are likely already in breach and require a central, scalable and verifiable consents & permissions solution.
- Multiple statuses of Consent increase risk. If one system states consent has been captured, and another states you don’t, which statement wins? Decentralised records of Consent lead to confusion, data misuses and a breach of trust and transparency, presenting operational challenges for marketing, compliance and the organisation as a whole.
- The entropy which settles in due to out-of-sync records leads to the potential of processing data without the correct consent and permissions. An organisation risks being undone by a single complaint and / or DSR Request that exposes the internal confusion and erodes the trust brands have worked to cultivate with their customer base.
- With personal data rapidly becoming the largest liability an organisation holds, it is paramount that businesses treat consent & permissions as first-class citizens with respect to the correct and compliant handling of personal data. A decentralised solution leads to inevitable inconsistencies across the ecosystem, and an opportunity missed to convert a potential liability into a commercial advantage.
- The increasing number of extraterritorial privacy regulations demands that businesses be compliant with multiple data privacy regulations across the world. Decentralised consent frustrates the ability to easily audit records of processing, leading to inconsistences and non-quantifiable records of various consents held across the organisation.
Benefits of Centralised Consent
- An independent central source of truth for consents & permissions creates a trusted standard of consents & permissions across the organisation and its data processors. A decentralised consent system invariably leads to a non-standard landscape of consent, which itself results in the confused interpretation of consents held across the ecosystem.
- A key, underlying principle of Data Privacy Regulation is the spirit of Data Minimisation. A single, centralised Privacy Solution, that does not require access to the raw PII, is the safest, most secure way of reducing the risk of data breaches and attack surfaces, whilst achieving compliance across the entire ecosystem.
- Decentralised consent solutions are typically a bolt-on to existing, non-purpose-built systems such-as CRMs, IAM, and MDM solutions. Non-purpose-built consent ‘solutions’ often treat Consent & Privacy as second-class citizens due to the fact that their core value lies away from privacy. Organisations would not entrust KYC to a billing system, and vice versa. Consent & Permissions need are so fundamental as to how an organisation is able to use its data effectively and compliantly that they require a dedicated, purpose-built solution. This is discussed further in our MDM blog.