From consent-management-skills
Evaluates Consent Management Platforms (CMPs) for TCF v2.2 certification, GDPR/CCPA/LGPD/GPC compliance, API/tag manager integrations, A/B testing, performance, and vendor comparison.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin consent-management-skillsThis skill uses the workspace's default tool permissions.
A Consent Management Platform (CMP) is the technology layer that handles cookie consent collection, preference management, consent record storage, and signal propagation to downstream systems. Selecting the right CMP is critical for compliance with GDPR, ePrivacy, CCPA/CPRA, LGPD, and other regulations. The IAB Transparency and Consent Framework (TCF) v2.2 certification is a key differentiator ...
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.
A Consent Management Platform (CMP) is the technology layer that handles cookie consent collection, preference management, consent record storage, and signal propagation to downstream systems. Selecting the right CMP is critical for compliance with GDPR, ePrivacy, CCPA/CPRA, LGPD, and other regulations. The IAB Transparency and Consent Framework (TCF) v2.2 certification is a key differentiator for CMPs operating in the EU advertising ecosystem.
| Criterion | Description | Scoring |
|---|---|---|
| TCF v2.2 Certification | CMP is registered with IAB Europe and passes compliance audits | Required for EU advertising |
| GDPR Compliance | Supports Art. 7 consent requirements, Art. 7(3) withdrawal, Art. 7(1) records | Mandatory for EU operations |
| CCPA/CPRA Support | Supports "Do Not Sell" opt-out, GPC signal detection, CPRA requirements | Required for US operations |
| LGPD Support | Brazilian data protection law consent requirements | Required for Brazil operations |
| GPC Support | Detects and honors Global Privacy Control (Sec-GPC: 1) signal | Required for CA, CO, CT, MT, TX, OR |
| CNIL Compliance | Equal prominence accept/reject, 6-month reconsent, no cookie walls | Required for French operations |
| Multi-Jurisdiction | Ability to apply different consent rules based on user location | Critical for global operations |
| Cookie Scanning | Automated scanning to detect and classify all cookies on the site | Important for completeness |
| Criterion | Description | Scoring |
|---|---|---|
| API Integration | RESTful API for consent state queries from backend systems | Critical for server-side enforcement |
| Tag Manager Integration | Native integration with Google Tag Manager, Tealium, Segment | Reduces implementation effort |
| SDK Availability | Mobile SDKs (iOS, Android) and server-side SDKs | Required for mobile apps |
| Performance | Page load impact (target: <100ms additional latency) | Critical for UX |
| Customization | UI customization (colors, layout, language, button text) | Important for brand consistency |
| A/B Testing | Built-in consent banner experimentation (within compliance boundaries) | Important for optimization |
| Geolocation | Accurate user location detection for jurisdiction-specific rules | Critical for multi-region |
| TC String Generation | Generates IAB TC String for ad tech ecosystem integration | Required for advertising |
| Criterion | Description | Scoring |
|---|---|---|
| Consent Receipts | Generates audit-ready consent receipts per Art. 7(1) | Critical for compliance |
| Version Control | Tracks consent text versions with change history | Important for audit trail |
| Consent History | Full history per user (grants, withdrawals, re-consents) | Critical for DSAR support |
| Data Export | Export consent records in standard formats (JSON, CSV) | Important for portability |
| Retention Controls | Configurable consent record retention periods | Important for data minimization |
| Search and Query | Search consent records by user, purpose, date range | Important for DPA inquiries |
| Proof of Consent | Can generate evidence packages for regulatory inquiries | Critical for enforcement defense |
| Criterion | Description | Scoring |
|---|---|---|
| Consent Rate Dashboard | Real-time consent/opt-out rates by purpose and region | Important for monitoring |
| Trend Analysis | Historical consent rate trends over time | Important for strategy |
| Compliance Reporting | Pre-built reports aligned with GDPR, CCPA requirements | Important for DPO |
| Custom Reports | Ability to create custom reports and dashboards | Nice to have |
| Alerting | Alerts for anomalous consent patterns (sudden drops, spikes) | Important for incident detection |
| GPC Reporting | Reports on GPC signal detection rates and actions taken | Required for CPRA compliance |
| Criterion | Description | Scoring |
|---|---|---|
| Data Processing Agreement | GDPR-compliant DPA available | Mandatory |
| Data Residency | EU data hosting available (for consent records) | Required for EU operations |
| Sub-Processors | Transparent sub-processor list | Required per Art. 28 |
| SLA | Uptime SLA (target: 99.9%+) | Critical for availability |
| Support | Dedicated support, privacy expertise, implementation guidance | Important |
| Pricing Model | Transparent pricing (per pageview, per domain, flat rate) | Important for budgeting |
| Feature | OneTrust | Cookiebot | Usercentrics | Didomi | Quantcast Choice |
|---|---|---|---|---|---|
| TCF v2.2 Certified | Yes | Yes | Yes | Yes | Yes |
| GDPR Compliance | Full | Full | Full | Full | Full |
| CCPA/CPRA Support | Yes | Yes | Yes | Yes | Yes |
| GPC Detection | Yes | Yes | Yes | Yes | Yes |
| LGPD Support | Yes | Limited | Yes | Yes | Limited |
| CNIL Compliance | Yes | Yes | Yes | Yes | Yes |
| Multi-Jurisdiction | 100+ countries | 50+ countries | 50+ countries | 40+ countries | 30+ countries |
| Cookie Scanner | Automated | Automated | Automated | Automated | Automated |
| API | REST + GraphQL | REST | REST | REST + GraphQL | REST |
| Mobile SDKs | iOS + Android | Limited | iOS + Android | iOS + Android | Limited |
| GTM Integration | Native | Native | Native | Native | Native |
| A/B Testing | Built-in | Via API | Built-in | Built-in | Limited |
| Performance | ~80ms | ~60ms | ~70ms | ~75ms | ~50ms |
| Consent Receipts | Kantara-aligned | Basic | Detailed | Detailed | Basic |
| Version Control | Yes | Yes | Yes | Yes | Yes |
| Data Export | JSON, CSV, API | CSV | JSON, CSV, API | JSON, CSV | CSV |
| Consent Dashboard | Advanced | Basic | Advanced | Advanced | Basic |
| EU Data Hosting | Yes (Frankfurt) | Yes (Copenhagen) | Yes (Munich) | Yes (Paris) | Yes (Amsterdam) |
| DPA Available | Standard | Standard | Standard | Standard | Standard |
| SLA | 99.99% | 99.9% | 99.95% | 99.9% | 99.9% |
| Pricing Model | Per session | Per domain | Per session | Per pageview | Free (basic) |
| Starting Price | ~EUR 300/month | ~EUR 9/month | ~EUR 50/month | ~EUR 50/month | Free tier |
Identify must-have requirements based on:
Apply mandatory criteria as filters:
For each shortlisted vendor:
Score each vendor against the weighted criteria. Calculate weighted total score. Select the vendor with the highest score that meets all mandatory requirements.
After evaluating five vendors, CloudVault SaaS Inc. selected Usercentrics based on: