Schedule a demo
Login to console

Client case study: How Rakuten ensures GDPR compliance thanks to Didomi

February 19, 2021 by Amy Arnell

In a time when the GDPR, the E-privacy Directive and the CNIL are prioritising user choice and consent, companies are now faced with a strong legal constraint. How can they become compliant? By equipping themselves with tools such as a CMP (Consent Management Platform), enabling them to collect users' consent and process their personal data. This is the choice that Rakuten made to increase efficiency and performance, whilst ensuring full compliance with GDPR legislation.  

 

Summary: 

 

 


 

Ensuring compliance with the GDPR: the rules to follow 

 

Coming into force on the 25th of May 2018, GDPR obliges - among other things - website publishers to obtain the consent of their users before using cookies. Why? Because with these cookies, they collect personal data.

 

Very useful for e-retailers in particular, cookies come in two forms: 

 

  • First-party cookies managed by the site publisher (you) which allow for the remembering of a password or a shopping basket.

  • Third-party cookies, managed by third parties (your partners), which allow for example, the retargeting of the end user according to the actions he/she has taken on the site.

 

To use these cookies, and in particular third-party cookies, you must obtain the consent of your users. In order to be valid, the consent must have been given

 

  • Freely, without constraint or force.

  • For a precise and clearly explained purpose.

  • In an informed manner, so that the user understands what he/she is consenting to.

  • Without ambiguity: a clear action affirmative action must take place for consent to be valid. 

 

The media websites which are primarily concerned by targeted advertising have reacted quickly by equipping themselves with a Consent Management Platform (CMP). Today, 63% of the media websites in the Top 100 in France have opted for Didomi's CMP.

 

For their part, e-retailers are slowly starting to install banners on their websites. World leader Rakuten acted as a pioneer in this field, as one of the first to do so. 

 

Discover Didomi for E-commerce

 

Latest CNIL guidelines

 

Recently, the CNIL published its latest guidelines, giving all publishers 6 months to adapt to them (before the end of March). In order to be compliant, it will be necessary to: 

 

  • Present a symmetry of choices by offering, for example, an accept/refuse button on the first level. 

  • Be able to prove at any time that the users' consent has been given for each purpose and partner. 

  • No longer accept scrolling as a valid form of consent, requiring users to give their consent through a specific positive action.

  • List exhaustively all the trackers used by the company so that users can easily access this information. 

 

The CNIL recommends that your cookie banner has a "accept" and "refuse" option on the first level of the banner

 

For those, such as Rakuten, who have already adopted consent management tools, all that is now required is to adapt. For others, on the other hand, the task is more difficult. 

 

A case study: Rakuten

 

Who is Rakuten? 

Rakuten is one of the main e-commerce websites in France (and worldwide). The company has a website and a mobile app and acts as an intermediary between sellers and buyers. Like many web players, it uses trackers in the form of cookies or pixel tags.

 

These enable Rakuten to collect personal data from its users in order, for example, to understand how they use its platform, find out their browsing habits, or carry out targeted advertising. To do this, Rakuten knows that consent is essential.

 

The problem encountered by Rakuten

Two and a half years ago, Rakuten was faced with these stricter GDPR regulations, and understood quickly that it was necessary to obtain the consent of users before using their data to avoid significant financial and ethical consequences. 

 

Another problem? The company has data partners who monetise its data and are subject to the same regulations. In order not to lose its key partners, Rakuten had to comply without delay.  

 

At the time, the company had designed an in-house CMP which was integrated into the 'privacy policy' tab of its platform. A common solution at the time, which nonetheless proved to be both cumbersome and time-consuming, as the company had to modify this document with each new partnership.

 

The solution to every problem!

In order to bring more clarity to its users and reduce the amount of time wasted on updating documents, Rakuten looked for a complete solution, capable of collecting the consents of its users and transmitting them to its partners. It is with this requirement that the company turned to Didomi's CMP, believing that our solution perfectly met their needs. 

 

Discover our CMP

 

In addition to a time saving, Rakuten can then choose a consent banner that is both compliant and optimises user consent rate. They thus opted for a low banner that meets current legal requirements. In particular, the banner includes a link to another level from which the user can choose purpose by purpose what it allows the company to do with its data. 

 

Here is an example of an implementation, allowing users to freely choose whether or not they want to consent to the use of tracers by Rakuten:

 

 

The result of our collaboration

Thanks to our CMP, Rakuten can now add its partners and their purposes very easily. If Rakuten's partners are members of the Transparency & Consent Framework (TCF) advertising standard, the consent management platform automatically distributes consent signals.

 

For Rakuten, the only "manual" part is to contact partners who are not members of the TCF, ask them for their purposes, and add them to the CMP to inform users. All the company has to do now is to transmit this data to the technical teams in charge of integration.  

 

This is how Rakuten was able to integrate Didomi into its platform and tools, ensuring full GPDR compliance without compromising its performance. 

 

Are you an e-commerce publisher in need of a similar solution? Contact us to find out more!

 

Schedule a demo

 

The impact of the GDPR on e-commerce websites and the benefits of a CMP

 

With tougher legislation worldwide, you should expect to see your consent rate drop. However, even if this rate decreases, the data you will gather will have a much higher value since it will have been given to you voluntarily. Thus, this data will be both more relevant and more qualitative for your website. 

 

Ultimately, in this new digital era, the value is in data quality, and not in data quantity. 

 

Although GDPR has been in effect for two and a half years, some companies have put off complying for as long as possible. And yet, while compliance does have a short-term cost, it is a real opportunity that can bring real value to your company. 

 

And remember, everyone is in the same boat, both you and your competitors. By ensuring your compliance with GDPR, you can create a real relationship of trust with your users and improve your brand reputation. 

 

You will no longer be able to track your users in the same way, that's a fact. Nevertheless, you can play the optimization card! By testing in terms of design and user journey, you can find the best possible implementation to achieve maximum conversion. 

 

 

INFO __ RECTANGLE - BLOG IMAGES - ASSETS  (13) (1)-png

 

At Didomi, we redesigned our consent notice and managed to quadruple our consent rate in under a month. Want to find out how? Check out our article here

 

Don't wait until March 2021 to get a CMP and deploy your banner! According to GDPR legislation, a failure to comply would incur fines amounting to 4% of your annual worldwide turnover or €20 million.

 

The lesson to take from this article? It's best to start this work now if you haven't already included it in your roadmap.

 

How to implement the Didomi CMP on an e-commerce website?

 

So, have we convinced you of the benefits of a CMP? Good news! The integration of the Didomi's solution to your website and/or your application can be done in just a few steps: 

 

  1. We go through a Compliance Report together to detect the cookies and tracers used.

  2. You choose your consent banner and its format within the Didomi Console.

  3. You activate the languages, texts, legal bases and the method of collecting consent. 

  4. You organise all your tags with the tags tool so that they are triggered at the right time for each of your partners.

  5. You have access to a Console in which you can set up your consent management banners, perform A/B testing to validate their UX and monitor the consent rate of your users.

 

Deployed on more than 160,000 sites and applications in 17 countries around the world, our solution helps our customers to collect consent, store it and manage opt-in on their tools. Thanks to our solution, end-users can manage their consent and preferences in one place. 

 

Specialised in consent management, Didomi offers you a turnkey solution and premium support. We are at your disposal to see how our solution can transform your company: do not hesitate to contact us!  

 

Schedule a demo