How To: Configure Consent for "Do Not Sell," "Do Not Share," and Sensitive Personal Information
A technical guide for setting up opt-outs for data sales and data sharing
California's Consumer Privacy Act (CCPA), requires organizations to offer consumers the right to opt out of data processing for sales. CPRA, VCDPA, and CPA require organizations offer consumers the rights to opt out of data sharing or in to sensitive data processing.
This guide acts as the hub for setting up your technical integrations for both CCPA's "Do Not Sell My Personal Information" and the approaching "Do Not Share My Personal Information" legislation of other states. Because every business is different, we have multiple technical guides available, so you can manage pixels in all of your various system - whether it is in Google Tag Manager or directly in your mobile application, we have you covered!
Setup Overview
Any new configuration of Ethyca Consent Platform will require these 5 steps. Please make sure you complete Steps 1 and 2 prior to your Privacy Center launch.
- Creating a Data Use Case for Data Sales or Data Sharing
- Adding Consent Flags to your Data Use Case
- Understanding Ethyca's Global Consent Object & Cookie
- Setting up consent in the systems where you manage pixels
- Testing Consent for Data Sales
Understanding Ethyca's Global Consent Object & Cookie
The eth_cmp cookie is a representation of Ethyca's internal global consent object. The global consent object retains a categorized view of preferences related to consent a user may have set under regulations like GDPR, CCPA, CPRA, or ePrivacy Directive (the 'cookie consent banners' you see in Europe).
Depending on your configuration of Ethyca's consent system, some or all of these values will be available:
{
ethy_fbp: 'consent-value', // Value for Facebook's LDU pixel
ethy_fbi: 'consent-value', // Value for Facebook's LDU image
ethy_gads: 'consent-value', // Value for Google Ads RDO
ethy_ds: 'consent-value', // Value for global non-specific system
GROUP0: BOOLEAN, // Essential Cookies
GROUP1: BOOLEAN, // Functional Cookies
GROUP2: BOOLEAN, // Marketing & Analytics
GROUP3: BOOLEAN, // Advertising
GROUP4: BOOLEAN, // Do Not Sell
GROUP5: BOOLEAN, // Do Not Share
GROUP6: BOOLEAN // Sensitive Personal Information Processing
}
These values are available directly from the cookie or if you use Ethyca's emp.js tag they will be injected into the DataLayer of your site as well as an Ethyca defined global object on the window. By default, groups 1-5 are set to true, meaning a user would need to opt out by default. Group 6 is set to false by default, meaning a user would need to opt in.
Technical Guide
More than likely, your business may be triggering pixels like Facebook, Pinterest, Snapchat in multiple place, so we recommend checking with the appropriate internal teams (i.e. marketing, ad agencies, mobile engineers, software developers) prior to implementation. Please visit the relevant support articles below for step-by-step technical guides:
- If your business loads pixels directly in your website: Configuring consent directly on your Website
- If your business manages pixels directly in Google Tag Manager (GTM): Configuring Consent in GTM
- If your business uses Segment's consent suppression system: Configuring Data Restrictions in Segment
- If your business manages pixels in your mobile application: Adding Privacy & Consent to your Application
Support
Please contact [email protected] if you have any questions regarding implementation.
Updated 6 months ago