KuppingerCole Report
Whitepaper
By John Tolbert, Anne Bailey

Technical Approaches to Consent Management and Dynamic Access Management: Ping Identity

Privacy regulations are changing the way organizations handle personal information. GDPR was not the first and will not be the last to require data handlers to collect consent from users. Many Consumer Identity platforms have added in consent management features, and specialty Privacy and Consent Management solutions are available to address these evolving business scenarios. In this report, we’ll look at several approaches.
By Anne Bailey
aba@kuppingercole.com

1 Introduction

The need to acquire consent from users for the use of their personal information has grown in recent years due to the passage of privacy regulations i ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • New regulations in many jurisdictions are improving consumer and personal privacy
  • Organizations found to be in regulatory non-compliance may incur ...
Login Free 30-day Select Access Get full Access

3 The regulatory environment driving consent management

A number of regulations across the globe are forcing enterprises of varying types to evaluate and implement digital solutions for collecting and manag ...

Login Free 30-day Select Access Get full Access

3.1 The General Data Protection Regulation (GDPR)

The GDPR is perhaps the most well-known of the data privacy regulations around the globe. It has been applicable to organizations serving data subject ...

Login Free 30-day Select Access Get full Access

3.2 The California Consumer Protection Act (CCPA) and other US regulations

The California Consumer Protection Act is the major legislation in the United States that addresses online data privacy. The CalOPPA of the Business a ...

Login Free 30-day Select Access Get full Access

3.3 The Personal Information Protection and Electronic Documents Act (PIPEDA)

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and came fully into force January 1, 2004. Its goal is to set up gove ...

Login Free 30-day Select Access Get full Access

4 How CIAM and Consent & Privacy Management solutions address these requirements

CIAM solutions are in common use by many organizations today. While originally designed to improve consumer experiences across all channels and facili ...

Login Free 30-day Select Access Get full Access

4.1 CIAM solutions for consent management

Consumer user interfaces are not specified in these regulations, but they are a key features of most CIAM and privacy and consent management solutions ...

Login Free 30-day Select Access Get full Access

4.2 Consumer-hosted consent store

Many business websites have UIs that fragment privacy management into steps: initial consent-giving in one format and location, updates or exercising ...

Login Free 30-day Select Access Get full Access

4.3 Privacy and consent management solution-hosted consent store

Privacy and Consent management solutions are available today. Their scopes are generally limited to a single enterprise, but they can excel in driving ...

Login Free 30-day Select Access Get full Access

4.4 Consent receipt with the Kantara Initiative and IAB Transparency and Consent Framework (TCF)

As implied in the above-described regulations, consent that is collected must be enforced throughout the organization and along the digital value chai ...

Login Free 30-day Select Access Get full Access

4.5 Kantara Initiative User-Managed Access (UMA)

The User-Managed Access (UMA) recommendation is made up of UMA2 Grant and UMA2 Federated Authorization specifications from the Kantara Initiative and ...

Login Free 30-day Select Access Get full Access

5 Use cases driving delegated access management

Delegated access management is a satisfactory and common model that CIAM and CPM solution vendors employ to address consent collection and management. ...

Login Free 30-day Select Access Get full Access

5.1 Use Cases in Banking

Each individual's financial actions are fraught with many different relationships, levels of trust, and the need to view the individual's personal dat ...

Login Free 30-day Select Access Get full Access

5.2 Use Cases in Retail

In a retail context, there are also many opportunities for delegated access management to support privacy and consent management.

In a User-to-User ...

Login Free 30-day Select Access Get full Access

6 The Ping Identity delegated access approach for consent management

Ping Identity offers a set of tightly integrated components that work together as a logically centralized delegated access control mechanism that can ...

Login Free 30-day Select Access Get full Access

7 Action plan for architecting consent and delegated access management

Consent management has become a core requirement for most organizations operating consumer facing businesses and non-profits, as well as government ag ...

Login Free 30-day Select Access Get full Access

Copyright

©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top