8 min.
Earn the consent and trust of your users
1L’art de la gestion de projet2Un projet à succès commence par une bonne gouvernance3Cascade, agilité, demandes de changement?

Earn the consent and trust of your users


The collection of personal data is a constant challenge, which often takes the form of a balancing act between seemingly irreconcilable perceptions. From the point of view of individuals, data is valuable and sensitive information, from the domain of privacy, while, from the point of view of companies, it is essential to familiarize itself with its users and their needs. 

In addition, this data is now gaining more and more value and is traded as currency. In 2022, a company therefore has a duty to control all communication related to the collection, storage and use of this data proactively, with transparency and simplicity. In addition, the guarantee that the data is safe becomes paramount.

Provincial, federal and international laws have further consolidated the protection of personal data on the Web. The wise eye can already recognize the acronym GDPR (or RGPD) in an article such as this one, because these now famous legal texts go beyond the borders of its jurisdiction (the European Union). At the legislative level, Quebec is not to be outdone, with Bill 64, adopted a few months ago. The entry into force of this law will take place in two parts, the first in September 2022 and the second in September 2023. 

Time is running out: the countdown is already well underway! 

However, beyond the simple legal compliance of the collection of primary data from its users (customers or not), all organizations wishing to engage in this activity must ask themselves two essential questions: 

1. Does the use of this data benefit my users? 

2. Am I building or damaging their trust?

In the following article, I will help you answer them and optimize your practices.


Over the past few years, we've all heard the horror stories of a few companies losing control of their customers' sensitive data. The direct victims are the end users whose information is lost (forever?).

But who owns this data? To individuals, of course, and they only lend them to the companies they do business with. They lend them to receive the best possible service. Users want to be offered the most personalized experience possible, while refusing the sharing of personal information to ensure that their privacy is adequately protected. Some would say it's a paradox, but I believe that there is a point of balance, however fragile and difficult to find.

In my opinion, in the moral contract between a company and its users, there should be a limit on the collection and use of personal data. This should be clear and adjustable according to user preferences.


A few years ago, it was easy to get to know the visitors of its website better in order to segment them and send them an advertising message appropriate to their profile. It was even possible to buy information about prospects, that is to say users with whom we had not yet had contact. 

It was a very practical mode of operation, thanks to the abundance of third-party cookies managed by DMPs and purchased on ad exchanges .). The underlying problem: users weren't really aware of the monetization of their credentials and that they were paying the price. Here we are not talking about personal data (PII) that can be read and understood by anyone (an e-mail address, a postal address, a telephone number, a name, etc.), but rather pseudonymous personal data. , such as a cookie ID, which are understood by some players who can sell this information to the highest bidders. These include the giants Facebook and Google, which cover the majority of the global advertising market in 2022 with 24.5% and 28% respectively.  ( source: eMarketer March 2021 ). 

That was until Apple, their nice neighbor in Silicon Valley with no money to make in this industry, came to spoil the party by delivering its new versions of the Safari browser, designed expressly to protect this kind of data.

Have you ever seen this logo in Apple's TV ads?

To make a long story short, on Safari, third-party cookies no longer exist, and primary cookies are severely restricted. Firefox as well as other marginal browsers (Opera, Brave…) have followed suit. Finally, in 2020, Google Chrome announced that third-party cookies would disappear in 2022… Uh, no wait! In 2023.

In order to fill this information void, companies that want to know more about their users will now have to explicitly ask users to identify themselves in order to collect personal data (PII). 


It is proven that individuals do not act rationally with regard to the protection of their personal data. This is  the privacy paradox  the gap between users' intention to protect their privacy (the attitude) and their actions online, which run counter to that intention (the behavior). This discrepancy partly explains why certain behaviors are so unpredictable and sometimes seem illogical to us.

Let's take two examples. To protect his privacy, an average user refuses the installation of advertising cookies on the browser of his computer, but later accepts it on another device in order to access the desired content more quickly. As for her, another user, systematically refuses the collection of cookie data, but nevertheless has no reluctance to provide her personal information (and therefore more precious) to obtain a service or an ephemeral value (think of the sending of the postal code to geolocate the nearest business or sending an email address to receive a 10% discount coupon).

This paradox is a bias inherent in the functioning of human beings. A bias that harms him since he can be exploited by a third party to obtain information against his will. This is why it is a subject of study in the field of neuroscience.



Is consent a  buzzword  in your company? If it is not yet, it is likely to be by the end of 2022.

During any collection of data  belonging  to users, a company has a moral obligation – and soon legally (cf. GDPR, CCPA, PIPEDA, Act respecting the protection of personal information in the private sector in Quebec) – to ask for the agreement, what am I saying… to obtain their  explicit consent  by explaining what uses will be made with this data, when there is an  identification ,  localization  or  profiling objective . We will not dwell in more detail on these laws, but it is the guidelines that interest us in this article. 

Also, to look further into the matter, we invite you to consult your legal department or lawyers specialized in this field.


There are technologies that facilitate the management of consent for the collection of cookies. In the jargon, we use the English term  Consent Management Platform (CMP)  of which OneTrust is possibly the most famous provider. However, we believe that the establishment of a consent system should be more comprehensive and apply to both pseudonymous data (cookies) and personal data (PII), with a clear explanation of the value received in exchange for consent. and therefore collection. 

How do you expect a new user to trust you by sharing their data when they don't know you yet? How can he measure the impact of a personalized experience without having lived it?

Bearing this in mind, it is obvious that to obtain the true consent of a user, one should not be content to use only the warning banner appearing on the screen during the first visit of a site, as we see it too often on the Web. Consent should evolve with the user's journey with your brand and it should be updatable through channels other than the  OneTrust pop-up  window.

CCPA stands for California Consumer Privacy Act. This is a new data privacy law that provides privacy rights to California residents.


Permission marketing is a term that was introduced in 1999 by Seth Godin with his book  Permission marketing: Turning strangers into friends and friends into customers . This unusual term could take off in the coming years since we want to give full powers to the user.  

Being transparent and giving back control of their data to consumers is beneficial for them, but also for the company. Indeed, this very often generates a renewed trust in the brand, and this strengthened relationship can eventually encourage users to consent to the sharing of their data. 

This is therefore the first tactic that must be put in place.

Then, we advise to push transparency to 100% by explaining in a simple and clear way what are the benefits of the use of personal data for the company as for the users. There are correlations between the data collected and the level of service and personalization of the customer experience: these must be made explicit to counter the effects of the privacy paradox, mentioned earlier in this article.

Finally, use your CDP (Consumer Data Platform) to save your users' preferences regarding data sharing. This will allow you to drive the right advertising and personalization campaigns across all channels for known (PII IDs) or unknown (pseudonymous IDs) users. In addition to respecting its commitments to its customers, your company will see its primary data assets strengthened.   

CDPs are a future-proof technology that empowers and powers user-centric operations cross-functionally, including marketing, BI, sales, and consumer services. The different levels of consent will live in the CDPs and will allow your data scientists to better understand the psychographic profile of users who are sometimes receptive, suspicious or even ardent defenders of their privacy.

Do you have questions or need professional support in order to meet new challenges or to adapt to the latest changes in the industry?

Our team of specialists will be happy to lend you a hand, so that 2022 can be a fruitful year and propel your business to new heights!