Make a fortune with cookie consent from Privacy Bee

Converting Cookie Consent from an Expense to a Profit Center

There is growing awareness and alarm among consumers surrounding data privacy threats facing individuals and organizations.  For individuals, instances of identity theft, phishing scams and the whole host of other threats have become a pervasive danger online.  For businesses and other organizations, there is an outsized imperative to foster trust among consumers and other website users by fielding robust privacy practices which help protect reputation and profitability.  

Governments and regulatory bodies – often lagging behind the pace of technological advancement – have been catching up to the threats posed by cyber crime and the duty website owners/operators have to ensure they’re fairly and securely handling visitors’ data privacy. This has led to increasing volumes of new laws, regulations and enforcement mechanisms enacted by regulatory bodies to ensure compliance.  One of the most visible consequences of the new regulatory demands (and organizations’ response to them) is the suddenly ubiquitous “cookie consent” pop-up that now seems to appear on nearly every website.

What if cookie consent management – a necessary data privacy and security practice – could be monetized and actually drive revenue for an organization?   

If you’re the CIO, CISO, webmaster, web developer or site administrator for your organization, then you’re probably already mostly aware of the reasons why cookie consent is necessary.  You’re probably also the person who is tasked with finding (and funding) a way to comply with both the regulatory requirements in your area as well as the business rules/governance your executives, board of directors, investors or other leadership have established for your online equities.  You may even already have a cookie consent practice or solution deployed on your public facing web sites.  Nevertheless, this Privacy Bee white paper is written to illustrate how Privacy Bee upends the conventional wisdom regarding vendor and cookie consent.

This document will review the basics on what cookie management is, why it’s necessary and how the current marketplace for solutions operates.  Then it will reveal how Privacy Bee is revolutionizing the industry with its cookie consent solutions that drive revenue for those who use it, as opposed to having to pay for said solutions.

Cookie consent is the interaction occurring between a website visitor and a consent management function, platform or solution, enabling the visitor to decide what kind of personal data (if any) they will permit cookies to capture while visiting the website.

Not all cookies represent a privacy risk.  So-called “essential” cookies are simply used to ensure the proper functioning of a website.  They don’t contain any information that would be useful as a personal identifier, and these don’t typically require user consent.  Some examples of essential cookies include:

  • Session cookies to help remember your activities on the site
  • Authentication cookies – trackers that confirm user login/identities and remember your account information
  • Session ID cookies used to remember the answers you input into a form for quick re-population on return visits
  • User security cookies – to keep track of how many times a user incorrectly inputs login credentials for example and locks out suspicious logins
  • Load balancing cookies to help connect info between the users’ web server and the site web server for quicker page loads 

“Non-essential” cookies are the ones that typically represent a higher privacy risk for users because the information they capture is useful in providing the context clues cyber criminals can use to craft phishing and other social engineering attacks.  Non-essential cookies are the ones from which most privacy-minded users will want to withhold their consent.  Some examples of non-essential cookies include:

  • Advertising cookies which a website may use to customize the visitors’ on site experience and their advertising preferences based on the browsing history of the user
  • Social networking and other tracking cookies which allow users to share content across social platforms and often link to third-party sharing platforms
  • Analytics cookies which track users’ browser activity and allow website owners to see how their sites are used by visitors.

Feature-led consent cookies are those that are governed by a user’s preferences for a site they visit.  These are the cookies that help a website remember what a visitor did on site in their last visit or otherwise personalize their experience for future visits and so may also provide context clues to bad actors.  Some examples of feature-led cookies include:

  • User Interface customization cookies that record a user’s site preferences, language, time zone, etc.
  • Multimedia session or “flash” cookies store technical data about the visitor’s computer to improve video playback, image quality and other performance related things

How often are different types of cookies deployed?  Deloitte’s 2020 Cookie Benchmark Study conducted research using a sample of 167 websites across a dozen countries in Europe to determine how different industries utilized cookies in their respective operations.   Deloitte found that more than one in four cookies deployed across the websites included in their study were tracking and advertising cookies.  Their report also provided good data to understand which industries rely more heavily on each different type of cookie as illustrated in the graphic below. 

Chart from Deloitte 2020 Cookie Benchmark Study

As becomes evident, advertising and performance cookies (being non-essential and feature-led cookies) were deployed by roughly a two to one margin in every industry studied. 

Nonessential and feature-led cookies are the ones representing the highest data privacy risks and this explains why data privacy laws and regulations like GDPR in Europe, CCPA and CPRA in California and similar laws being passed across many other nations and individual US states mandate the use of cookie consent on websites. 

In the United States, many organizations adhere to the guidelines set forth in the California Consumer Privacy Act or CCPA.  Whether or not they’re located or operating in California and thus subject to enforcement actions, many organizations nevertheless look to CCPA (among other regulatory structures) for best practices they can deploy to demonstrate to worried consumers and prudent investors that they take online privacy and trust seriously.  

The CCPA requirements for cookie consent include the following:

  • Notice at Collection – a clear and conspicuous disclosure at or before personal data is collected informing the user about the kind and categories of personal data being captured and the purpose of collecting such information
  • Opt-out Rights – informing the user that they have the right to opt-out of the collection and sale of their personal data.  If an organization uses cookies for targeted advertising or related activities, the CCPA requires a conspicuous “Do Not Sell My Information” button users can select to opt out of these cookies being applied
  • Privacy Policy – A current privacy policy articulating the type, category and purpose of all data collected and any third parties with which collected data is shared must be published on the website
  • Non-Discrimination – Validation that the website will not discriminate in any way against those users who exercise the right to opt out of the sale of their personally identifiable information collected through the use of cookies

For companies in California, there are significant penalties for non-compliance with this California state law.  However, organizations in all fifty states are aware of the costly consequences – both in terms of loss, litigation and reputational damage – associated with failure to protect consumer data privacy.  For this reason, most cookie consent actions are being undertaken voluntarily.  This is why cookie consent is now a feature found on most websites, online services, businesses and organizations, third-party service providers, eCommerce sites and online advertising networks.

Cookie consent is one facet of the broader and burgeoning online data privacy management industry.  The overwhelming trend among organizations public and private now points toward addressing the increased awareness among consumers of the need for enhanced privacy practices.  Those organizations demonstrating effort in this area are being richly rewarded while those exhibiting deficiencies are more quickly falling out of favor.  For this reason, and to satisfy the galloping demand for cookie consent services, myriad services and providers have emerged to deliver cookie consent functionality to organizations anxious to demonstrate their privacy and trust bona fides in this highly visible way.

Market research firm, Emergen Research published a detailed report on the consent management marketplace illustrating current market synopses and growth projections through 2030.  Emergen Research shows the size of the global market for consent management was $321 million as of the close of 2021.  CAGR revenue growth of the market was pegged at 21.2% during the forecast period reaching a projected total industry revenue of nearly $1.8 billion by 2030.  Of that global revenue, 28% is accounted for by North American organizations – the largest revenue segment over the forecast period.

The detailed Emergen report is available for purchase and download, though, the information found later in this paper probably renders the growth of the Cookie Consent Management marketplace moot.  Before addressing the Privacy Bee innovation promising to upend the industry, it will be instructive to review the range of costs associated with engaging a Cookie Consent Management service or software solution.

The Costs of Cookie Consent Management Solutions

For this paper, Privacy Bee researchers performed a non-exhaustive review of cookie consent management software, service offerings and associated pricing.  Using the side-by-side comparison tools available at prominent software review and selection sites, Capterra, G2 Software and Software Advice, the following range of potential costs was derived.  The ratings of each provider are crowdsourced – derived from the user feedback gathered on each offering by these selection sites.

Top Rated Solution “A”

One of the top rated and most popular providers of cookie consent management offers a monthly subscription at $199.99 per month, which covers only two users, three domains and no more than 30,000 monthly site visitors.  The same company’s program for larger businesses and enterprise organizations begins at $549.99 per month with unlimited users, domains and variable monthly site visitors (which probably includes higher rates for greater site traffic/volume).

Top Rated Solution “B”

Monthly subscription for this provider came in at $120 per month for an organization with fewer than 10 employees.  Their business level offering – defined as organizations between 10 and 100 employees – required a specialized price quote. 

In general, most cookie consent management offerings fall into a range of monthly costs anywhere from $9.99 for small businesses to between $120 and $500 per month for mid-sized businesses and well into the thousands, even tens or hundreds of thousands, for large organizations or enterprise businesses.  Pricing for most seems to be generally tied to site traffic volume.  Websites with higher traffic volumes can expect to pay more for software and services addressing cookie consent and opt-out functions.   With literally hundreds of providers in the marketplace, and more new ones entering the field every month, buyers can expect to encounter a wide range of costs and pricing models when they go to market to select and implement a cookie consent management solution.

But what if cookie consent management was not something for which an organization had to pay?  What if cookie consent management – a necessary data privacy and security practice – could be monetized and actually drive revenue for an organization?   

Here are two novel ways to drive net-new revenue for a web publisher.  Privacy Bee for Business upends the historical model wherein publishers have to license cookie consent banners, like the ones found on Capterra, G2 and others.  Privacy Bee for Business customers are already earning revenues using the inverted model for Vendor & Cookie Consent.  Here’s how it works.

First, when site visitors land at a Privacy Bee-protected website, they are shown the cookie consent banner and prompted to respond.  This ensures compliance with current privacy laws and regulations.  It also clearly demonstrates the site was built to protect consumer data privacy. 

Next, as they’re making their cookie consent selections, users are offered the option to create a free Privacy Bee account.  Doing so delivers clear and immediate benefits to the user including:

  • The saving of privacy preferences, eliminating the need to re-declare preferences on subsequent visits
  • The application of preferences automatically applied to all other sites using Privacy Bee’s Vendor & Cookie Consent
  • Immediate improvement of online data privacy for the site visitor/user who receives 100% free scans for privacy exposures across the internet

Offering the free Privacy Bee account while the user is focused on privacy selections helps drive home the importance of taking control of one’s own online data privacy.  Accepting a free account also promises to reduce the number of times the user is pestered with consent popups as they move around the internet – an attractive proposition for consumers fatigued with having to deal with cookie consent every time they visit any website.  The more sites that use Vendor & Cookie Consent, the fewer popups the visitor will see, delivering a better experience across the internet.  This strategy also conveys a value add to the site visitor by offering something of intrinsic value to them in exchange for simply executing the consent process they must complete anyway.  Turning what is largely viewed as a nuisance into an affirmative activity. 

But how does all this drive revenue for the publisher? 

Whenever a customer agrees to a free Privacy Bee account, the free scan and privacy assessments reveal the risks and threats to which the user is vulnerable – in real time.  When the user later decides to upgrade beyond the free version of Privacy Bee for help in mitigating their personal exposures, the publisher earns a percentage of the revenue as a commission for that upsell! 

In this model, a publisher’s cookie banner actually EARNS the organization recurring revenue instead of costing money.  At the same time, it provides a positive feeling to site visitors who feel as though they’ve received a valuable benefit for simply spending time at your website.  And it strengthens their trust in your stewardship of their privacy, which burnishes overall credibility in the markets in which you operate.

Privacy Bee offers another means for monetizing privacy management activities.   Many organizations – especially eCommerce companies – utilize Trust Badges on their sites.  The Trust Badge is intended to demonstrate to customers that an online retail store is legitimate and that the data a consumer shares (like credit card info and other personal information) is collected and stewarded via secure channels.  The data security Trust Badge is proven to increase online sales close rates.  People are more likely to check-out with an e-commerce store, giving out their sensitive information, if they’re confident that they can simply opt-out via Privacy Bee should they begin to receive spam following their purchase, and that the store/seller will honor the deletion request.  This creates up to a 27% boost in conversions, and the Privacy Trust Badge solution from Privacy Bee for Business is totally free. 

Additionally, if anyone clicks on the Privacy Badge to confirm authenticity, then later signs up for a paid Privacy Bee subscription, the publisher earns commission from that sale too! The Privacy Trust Badge solution helps sellers drive new revenue from the boost in conversions when displaying the badge during checkout, plus additional commissions from the referrals as they occur.

What kind of revenue potential does this strategy promise?

The following estimates help to illustrate the potential for significant NET-NEW revenue growth.  Assumptions as follows:

Conversion Rate of “Free Account” Signups for the “Free Privacy Bee Account” offered on the cookie consent pop-up – 0.75%

Conversion Rate of “Pro Account” Upsells to paid subscription among those accepting the fee account offer – 2.0%

Cost of Pro Level Subscription – $197

Commission Rate to Affiliate – 10% ($19.70 per each upsell)

Calculations based on these assumptions are applied in the table below to a sampling of different published websites across numerous industries.  The volume figures are based on actual web traffic metrics of real sites, though the names of the actual organizations have been anonymized for discretion.

The 10% commission “Site Earnings” delivered to publishers on “Upsells” is shown in monthly and yearly aggregate in the two, rightmost columns.  For sites with high traffic volume, the earnings can quickly begin to add up by deploying this innovative and industry disruptive solution.  And all for simply choosing the right solution to fulfill a site function which a publisher must implement anyway. 

Of course, these calculations are based on the assumptions provided. In practice actual results may vary.  However, even using assumptive figures of one tenth of the values used in the above example, the Cookie Consent solution from Privacy Bee for Business still drives significant revenue for a publisher.  And it does so in lieu of a publisher having to pay for licensing a cookie consent and/or trust badge solution.

Trusted by thousands of companies.

Instant access to the world's leading business privacy platform. Dive into your account: