consent-management-skills

Implementation guide for CNIL cookie guidelines compliance. References the EUR 150M Google fine and EUR 60M Meta fine. Covers equal prominence accept/reject buttons, cookie wall prohibition, 6-month reconsent intervals, essential cookies exemption, and detailed CNIL Deliberation No. 2020-091 requirements.

Guide for obtaining explicit consent for international data transfers under GDPR Article 49(1)(a). Covers informed consent requirements including risks of transfers without adequacy decisions or appropriate safeguards, specific destination country disclosure, and the narrow scope of derogation-based transfers.

Framework for evaluating and selecting Consent Management Platforms (CMPs). Covers TCF v2.2 certification requirements, Global Privacy Control support, multi-regulation compliance (GDPR, CCPA, LGPD), A/B testing capabilities, API integration options, reporting features, and a structured vendor comparison methodology.

Technical architecture guide for building a multi-purpose consent preference center. Covers per-purpose granularity, easy withdrawal under Article 7(3), version history, audit trails, and IAB Transparency and Consent Framework v2.2 integration. Includes database schema, API design, and UI component specifications.

Guide for building a consent record-keeping system to demonstrate valid consent per GDPR Article 7(1). Covers required fields including timestamp, version, purpose, mechanism, and identity. Implements audit-ready consent receipts per the Kantara Initiative Consent Receipt Specification and supervisory authority expectations.

Implementation guide for GDPR Article 7(3) consent withdrawal mechanisms. Covers the equal ease requirement ensuring withdrawal is as easy as giving consent, one-click withdrawal implementation, cascading effects on downstream processing, third-party notification workflows, and technical architecture for real-time consent revocation.

Methodology for auditing A/B testing of consent banners to ensure compliance with equal ease of acceptance and rejection. Covers CNIL enforcement patterns including the EUR 150M Google fine, dark pattern detection methodology, manipulative design identification, and regulatory-compliant experimentation boundaries.

Implementation guide for ePrivacy Directive compliant double opt-in email consent. Covers confirmation email workflow design, token expiration handling, record-keeping requirements, suppression list management, and integration with CAN-SPAM Act and CASL requirements for multi-jurisdiction compliance.

Guide for implementing GDPR-valid consent under Article 7 conditions and Article 4(11) definition. Covers five core requirements: freely given, specific, informed, unambiguous, and clear affirmative action. Includes pre-ticked boxes prohibition per Planet49 CJEU C-673/17, consent form audit checklist, and practical implementation patterns.

Implementation guide for Global Privacy Control (GPC) automated opt-out signal per CPRA Section 1798.135(e). Covers Sec-GPC HTTP header detection, JavaScript navigator.globalPrivacyControl API, and state-specific requirements for CA, CO, CT, MT, TX, and OR. Includes server-side detection code and compliance mapping.

Decision framework for choosing between consent and legitimate interest as the lawful basis for processing. Covers power imbalance indicators, conditionality prohibition under Article 7(4), granularity requirements, the three-part LIA test (purpose, necessity, balancing), and practical decision trees for common scenarios.

Guide for managing consent for children's personal data under GDPR Article 8 and COPPA. Covers parental consent mechanisms, age verification methods, country-specific age thresholds (ranging from 13 to 16), parental authorization workflows, and age-appropriate design per the UK ICO Children's Code.

Guide for managing consent for scientific research under GDPR Article 89 and Recital 33 broad consent provisions. Covers ethical review board coordination, purpose evolution management, appropriate safeguards including pseudonymization, and the interplay between consent and other lawful bases for research processing.

Guide for mobile-specific consent management covering Apple ATT framework for iOS, Android permission model, in-app consent flows, SDK consent propagation to third-party libraries, and IDFA/GAID handling. Addresses platform-specific requirements alongside GDPR and ePrivacy compliance for mobile applications.