1. Option C: Consent or Pay Model (UK only)

Users must be provided with the possibility of accepting cookies and tracking technologies and to just as easily refuse them.

You must make it as easy for people to refuse consent as it is to accept consent.

“Accept” and “Pay” options presented on first layer.

The “Accept” and "Pay" options should be:

1. Located in the 1st layer.

2. Equally visible (factors to consider here are size, font and location for example).

3. Clear wording used, creating no ambiguity as to its function (e.g. avoid “continue to read for free” or “subscribe for all content”).

4. Consent option should not mention only “cookies” but also other tracking technologies.

5. No reliance on (other) deceptive design patterns [1] and [2].

6. In case scrolling is required to view Utiq consent text, the buttons are always displayed and are placed in a fully visible section of the CMP (i.e. the accept/pay buttons do not disappear with the scrolling down).

Paying journey is functional and easy.

1. Paying journey is functional (effectively works)

2. Paying journey is easy

Valid consent must be obtained for Utiq technology activation

It should be sufficiently clear that the use of Utiq technology is available on the website.
User attention must be drawn to Utiq consent text on 1st layer.

1. Users must be provided with the Utiq consent text (v4.0) in 1st layer without modifications

2. Utiq consent text is shown in the same form as the domain‘s own consent text (same size, font, colour).

3. Utiq consent text is inserted in an appropriate location to ensure appropriate visibility and distinct from other consent wording.

4. Sub-title provided by Utiq is implemented without any variations.

5. Utiq logo is placed next to Utiq consent text sub-title.

6. In case scrolling is required to view Utiq consent text, Utiq logo is placed in a fully visible section of the CMP not requiring scrolling down (where technically possible, logo should be clickable and, if clicked, it directs automatically to the Utiq section). The most logical place is expected to be next to the mention of use of similar tracking technologies.

7. No reliance on deceptive design patterns [1] and [2] that could compromise the visibility of Utiq consent.

8. Utiq consent text must be used for “Consent or Pay” models, without modifications.

9. Utiq consent text refers to the withdrawal options for Utiq technology.

Correct configuration of accept and reject/pay functions

The CMP must be configured to ensure that Utiq calls are only triggered if user consents to the activation of Utiq technology.

1. Utiq technology must be off by default.

2. No Utiq calls to enable the Utiq technology shall be triggered if a user specifically:

   1. selects the “pay” option

   2. rejects consent to the use of Utiq technology

   3. makes an overall rejection of all non-essential cookies and other tracking technologies

   4. rejects Utiq custom purpose and/or Utiq custom vendor.

3. Only strictly necessary cookies (i.e., utiq_consent_status) can be dropped if user denies consent to non essential cookies and other tracking technologies.

Implement 1^st layer Utiq opt-out function

A function to open the second layer of the CMP where the end users can granularly reject the activation of the Utiq technology (using the Utiq custom purpose) will be made available to end users in the “Accept” part of the CMP (within the Utiq consent text).

1. The word “now” in the Utiq consent text 1st layer sentence “You can reject now” triggers a function to open the second layer of the CMP where the end users can granularly reject the activation of the Utiq technology (using the Utiq custom purpose).

Main CMP title must be adequate

As per core requirement.

1. The main CMP title must not only reference or concern cookies. It must address other similar technologies, given that Utiq falls under “other similar technologies” and not a cookie per se.

2. Title must be adequate to describe both the “Consent” or “Pay” options, with clear wording used, creating no ambiguity as to its function.

Configurable elements within the Utiq Consent text must be populated with the Data Controller information

The Utiq consent text (1st layer) contains the following configurable elements:

• [DATA CONTROLLER] → Data Controller’s name and legal form (i.e. the legal entity that owns the website as mentioned on the website’s Privacy Policy page)

• [BUTTON WORDING FOR PAY OPTION] → label/wordings used for the “Pay” option button

Populate dedicated configurable elements with your details:

• [DATA CONTROLLER] → Data Controller’s name and legal form (i.e. the legal entity that owns the website as mentioned on the website’s Privacy Policy page)

• [BUTTON WORDING FOR PAY OPTION] → label/wordings used for the “Pay” option button

Implement hyperlinks in clickable elements within Utiq consent text (1st layer and 2nd layer)

The Utiq consent text contains clickable elements:

• consenthub

• Utiq's Privacy Statement

• supported internet connection

• across our property(ies)

Implement hyperlinks that open in a new page for clickable elements within Utiq consent text:

• consenthub → https://consenthub.utiq.com/

• Utiq’s privacy statement → https://consenthub.utiq.com/pages/privacy-statement

• supported internet connection → https://consenthub.utiq.com/pages/privacy-statement#telecom-operators

• for advertising or analytics activities → this function will open the Advertiser/Publisher’s own privacy statement.

• across our property(ies) → direct the user to the relevant section within the “Manage Utiq” page where there is the list of all such websites/apps in scope for the cross-domain martechpass sharing feature (i.e., all websites that would make use of the same martechpass value) (see “2. Setup the dedicated “Manage Utiq” page linked via a footer hyperlink“).

• You can reject now → a function to open the second layer of the CMP.

Implementation of telecom operators hyperlink

As per core requirement.

1. The reference to participating telecom operators in scope within the Utiq consent text must be correctly hyperlinked and direct the user to the relevant section within the Utiq privacy statement which contains the list of all participating telecom operators per country.

2. In case of additional telecom operators in scope, the list within Utiq’s privacy statement will be updated by Utiq, without unreasonable delay.

Implementation of a section within “Manage Utiq” page listing the cross domain websites in scope (i.e., all websites that would make use of the same martechpass value)

As per core requirement.

1. The reference to other websites in scope within the Utiq consent text must be correctly hyperlinked and direct the user to the relevant section within the “Manage Utiq” page where there is the list of all such websites in scope (i.e., all websites that would make use of the same martechpass value).

2. In case of additional websites in scope, the list must be updated, before the additional website goes live.

You must provide clear information about each of the options in your “consent or pay” model using concise, clear and plain language to enable people to make an informed decision.

Consent text must clearly explain what each options means, the consequences and the impact it will have on data processing.

1. Consent text must clearly explain what each options means, the consequences and the impact it will have on data processing.

2. If the 1^st layer text is mentioning the technologies, Utiq must be mentioned (e.g. “including Utiq”)

3. If the website/app is listing the purposes as accordions in the 1^st layer, Utiq must be listed as accordion there as well.

4. If there is a summary section, main CMP provides a clear summary of the differences between the options.

You must provide clear information about how users can exercise their data protection rights.

Consent text must clearly explain how users can exercise their data protection rights.

1. Consent text must refer to the withdrawal options for each option

2. Consent text should include information on how to do so

3. If a person withdraws their consent, the website/app can take them back to the first layer of the original “consent or pay” mechanism. In this case, Utiq technology must be switched off, if the user withdraws the consent.

4. Consent withdrawal is free of charge

Utiq technology purpose included in 2nd layer of CMP (as Utiq custom purpose)

It must be possible for users to view the purposes in a granular way. Specifically, users should be able to make granular choices for Utiq via distinct tick boxes.

1. Utiq 2nd layer consent text must be added in an appropriate location (as Utiq custom purpose).

2. If possible, Utiq logo must be placed next to Utiq 2nd layer title.

3. Accept and reject options must be displayed in the 2nd layer and must be equally visible to each other (factors to consider here are size, font and location for example).

4. Specific accept and reject options must be placed next to Utiq consent (Utiq 2nd layer text)

5. No reliance on deceptive design patterns [1] and [2] that could compromise the visibility of Utiq consent.

The website’s main CMP must be easy to locate and resurface to facilitate withdrawal of consent at any time

You must give people an easy way to withdraw their consent and you must make this easily accessible on your service at all times.

1. The option to resurface the website main CMP shall be located in an easily visible place for the user to find. Usually, this will be at the bottom of the page.

2. The option must be present in all the pages of the website (i.e. not only in the Homepage).

3. The name of the functionality (e.g., link or icon) should use clear wording to enable the user to make use of the functionality to manage their consents.

4. The wording used must not reference only cookies, but also other similar technologies (in case such wording is used).

5. No reliance on deceptive design patterns [1] and [2] (e.g., different size, font, colour or inappropriate location), accessible with 1 click, not hidden by other banners in the websites, colour of text contrasts sufficiently with the background)

The website should make its “Privacy policy/notice/statement” easily accessible at the bottom of all pages

As per core requirement.

1. The option to open the Privacy Statement shall be located in an easily visible place for the user to find. Usually, this will be at the bottom of the page.

2. The option to open the Privacy Statement must be present in all the pages of the website (i.e. not only in the Homepage).

3. No reliance on deceptive design patterns [1] and [2] (e.g., different size, font, colour or inappropriate location, accessible with 1 click, not hidden by other banners in the websites, colour of text contrasts sufficiently with the background).

Consent validity timeframe (the time after which consent should be re-requested)

The consent validity timeframe (the time after which consent should be re-requested) for Utiq consents is aligned with your CMP consent validity timeframe and up to a possible 13 month maximum period.

martechpass TTL is 90 days.

Main CMP’s consent validity timeframe is no longer than 13 months.

Utiq shall not be enabled for users that have already consented unless consent is refreshed to cover Utiq consent

As per core requirement.

1. Utiq technology must be activated only to new users accepting Utiq consents. Utiq technology cannot be activated for users who previously “accepted” with another consent model before Utiq was implemented.

2. If the website/app was already live with Utiq technology with another consent model (e.g. standard “Integrated Model” or “Utiq Separate pop-up”) and then it moves to “Consent or Pay Model”, a refresh of consent collection/reprompt of consent banner to all users is required.

Evidence of consent

It should be technically possible for the Advertiser/Publisher to provide evidence of Utiq consents captured.

It should be technically feasible for Utiq to monitor that each consent has effectively been provided.

1. Ensure that you are keeping track of the version of your Consent Notices that includes Utiq consent.

2. Ensure that the Evidence of Consents feature in your CMP console is correctly capturing the user’s preferences for the Utiq consent.

Utiq consent withdrawal mechanism are in place

As per core requirement.

1. The following 3 ways for users to withdraw Utiq consents should be in place:

   • CMP: by re-opening the CMP and changing the Utiq preferences, the users can withdraw Utiq consent.

   • Manage Utiq via the consent revocation dedicated functionality: users can revoke their Utiq consent directly through your site. The revocation will only apply to your site in this case.

   • consenthub.

2. The above should be implemented in accordance with Utiq technical requirements to ensure correct synchronisation with consenthub.

1st layer

Use of Utiq technology powered by your telecom operator

If you accept and use a supported internet connection, we, [DATA CONTROLLER], will use marketing identifiers provided by Utiq for advertising or analytics activities. To create the identifiers, Utiq works with your telecom operator, which will use your IP address against internal data (e.g. mobile number), without disclosing it.

We use the identifiers to link the browsing activity across our property(ies) where Utiq consent is given, including of others using the same connection.
You can reject now or withdraw consent later via "Manage Utiq" or in Utiq’s privacy portal (“consenthub”). If you “[BUTTON WORDING FOR PAY OPTION]”, Utiq will not be used.

You confirm that you are the connection account holder’ or have permission to activate Utiq.

For more, visit Utiq's privacy statement.

2nd layer (Utiq custom purpose)

Use of Utiq technology powered by your telecom operator

If you consent, you agree to the following processing:

• Eligibility check: Utiq uses your IP address to check if you’re using a supported internet connection. If you are not, Utiq will not be activated.

• Activation of Utiq technology: Your IP address is shared with your telecom operator to create a secure identifier ("Network Signal"). To do this, your operator matches your IP address with internal data (e.g. mobile number), without disclosing it. Only this identifier is then provided to Utiq.

• Creation of Utiq identifiers: Utiq uses the Network Signal to create additional Utiq identifiers, including marketing specific ones, stored in your browser with first party cookies and other device storage information.

• Sharing and use of marketing identifiers: We only receive the marketing identifiers that can be used for the advertising and analytics purposes to which you consent. They help us understand your browsing behaviour and connect visits across our property(ies) (only if you agree to the activation of the Utiq technology on each one separately).

• Sharing of Utiq identifiers to advertising and analytics platforms: Certain Utiq identifiers are also shared with platforms that work with us and/or Utiq, as part of the advertising or analytics process and depending on what you agree to.

The Utiq technology is designed with privacy in mind: it uses minimal personal data, secure, temporary identifiers, and limits data sharing. Utiq also offers a privacy portal (“consenthub”) to exercise your privacy rights.

For more details, visit Utiq’s privacy statement.

Vendor name

Utiq

Privacy Policy

https://consenthub.utiq.com/pages/privacy-statement

Purpose based on consent (2nd layer Utiq consent text)

Use of Utiq technology powered by your telecom operator

If you consent, you agree to the following processing:

• Eligibility check: Utiq uses your IP address to check if you’re using a supported internet connection. If you are not, Utiq will not be activated.

• Activation of Utiq technology: Your IP address is shared with your telecom operator to create a secure identifier ("Network Signal"). To do this, your operator matches your IP address with internal data (e.g. mobile number), without disclosing it. Only this identifier is then provided to Utiq.

• Creation of Utiq identifiers: Utiq uses the Network Signal to create additional Utiq identifiers, including marketing specific ones, stored in your browser with first party cookies and other device storage information.

• Sharing and use of marketing identifiers: We only receive the marketing identifiers that can be used for the advertising and analytics purposes to which you consent. They help us understand your browsing behaviour and connect visits across our property(ies) (only if you agree to the activation of the Utiq technology on each one separately).

• Sharing of Utiq identifiers to advertising and analytics platforms: Certain Utiq identifiers are also shared with platforms that work with us and/or Utiq, as part of the advertising or analytics process and depending on what you agree to.

The Utiq technology is designed with privacy in mind: it uses minimal personal data, secure, temporary identifiers, and limits data sharing. Utiq also offers a privacy portal (“consenthub”) to exercise your privacy rights.

For more details, visit Utiq’s privacy statement.