How To: Configure Data Restrictions and Consent in Segment
A step-by-step technical guide for setting up opt-outs for Data Sales and Data Sharing in Segment
California's Consumer Privacy Act (CCPA), requires organizations to offer consumers the right to opt out of data processing for sales. CPRA, VCDPA, and CPA require organizations offer consumers the rights to opt out of data sharing or in to sensitive data processing.
This step-by-step guide walks you through how to configure Ethyca to automatically manage consent to Data Sales or Data Sharing for your users.
This guide focuses on the technical integration for "Do Not Sell"/"Do Not Share" and assumes you are already familiar with the steps for creating your Data Use Case and adding the necessary Consent Flags. These are both required steps for completing your implementation.
When implementing a use case for processing sensitive personal information, ensure that any third party integrations take the GROUP6 flag into account. If third parties collect sensitive personal information, this information cannot be processed without without explicit opt-in consent from the user.
Configure Data Restrictions for Segment Destinations
Ethyca integrates directly with Segment's existing consent suppression systems to ensure that pixels and service calls set as destinations in Segment are not triggered if a user has opted out of data sales.
Configuring Ethyca's Data Restrictions for Segment requires the following prerequisite step:
Ensure you have installed Ethyca's consent pixel on your website either via the GTM or directly in your website, using the code below:
<!-- Ethyca Management Platform -->
<script language='javascript' type='text/javascript' src='https://harpocrates.ethyca.com/emp.js'></script>
<!-- End Ethyca Management Platform -->
Now, we'll introduce changes directly to Segment's analytics.js file and implement Ethyca's Segment JS file as follows:
Step 1: Remove the analytics load call from your analytics.js (line you should remove below, where YOUR_WRITE_KEY represents your Segment write key.
analytics.load("YOUR_WRITE_KEY");
As in this code sample:
This line expressly loads Segment analytics without any conditional logic, so we're going to remove this to introduce conditions related to consent.
Step 2: Copy the code below or download a copy of ethyca-segment.js file here and install this within the <head></head> of any page on your site which requires consent management. Please ensure this is loaded prior to Segment's analytics.js file.
<script>
!function(){"use strict";for(var n=["WEBSITE_WRITE_KEY"],t=window.ethyca||{},e=[],i=0;i<n.length;i++){!function(i,o){var a=new XMLHttpRequest;a.onreadystatechange=function(){if(4===a.readyState){try{if(!(a.status>=200&&a.status<300))throw new Error("HTTP "+a.status+" "+a.statusText);var c=JSON.parse(a.responseText);e.push(c)}catch(t){console.error("Failed to fetch integrations for write key",n[0]+":",t)}i===n.length-1&&r(e,o,t.GROUP4)}},a.open("GET","https://cdn.segment.com/v1/projects/"+n[0]+"/integrations"),a.send()}(i,n[i])}function r(t,e){var i=!(arguments.length>2&&void 0!==arguments[2])||arguments[2],r=o(t),s=a(r,i),d=c(s);u(n[0],r,d,!1)}function o(n){var t=[];return n.reduce((function(n,t){return n.concat(t)}),[]).map((function(n){return void 0===n.id&&(n.id=n.name),n})).filter((function(n){return"Repeater"!==n.id})).forEach((function(n){t.length?t.reduce((function(t,e){return t||e.id===n.id}),!1)||t.push(n):t.push(n)})),t}function a(n,t){return n.map((function(n){var e={};return e[n.id]=!!t||"Advertising"!==n.category,e}))}function c(n){for(var t={"Segment.io":!0},e=0;e<n.length;e++){var i=n[e];for(var r in i)t[r]=i[r]}return t}function u(n,t,e,i,r){r=void 0===r||r;var o=!1;if(e){for(var a in e){e[a]&&(o=!0)}window.analytics.initialized?r&&window.location.reload():o&&window.analytics.load(n,{integrations:e})}else{if(i)return;window.analytics.initialized||window.analytics.load(n)}}}();
</script>
Step 3: Please update the following parameters in the script:
-
WEBSITE_WRITE_KEYreplace this value with your Segment write key. -
Modify the set of destinations that you would like to check for in line 15:
e[n.id]=!!t||"Advertising"!==n.category,e}))}function c(n){for(var t={"Segment.io":!0},e=0;e<n.length;e++)
In the example above if the destination category is Advertising it will be excluded from advertising; you can add other categories as necessary to this.
Save your changes and deploy to your website - in the future, when a user's consent is set to false for data sales (e.g. they have opted out), all Segment destinations in the categories you have assigned above will be suppressed from firing pixels/endpoint requests, thus directly ensuring data sales preferences are respected for your users.
Technical Guide
Please visit each of the below support articles if your business manages pixels in any additional locations:
- If your business loads pixels directly in your website: Configuring consent directly on your Website
- If your business manages pixels directly in Google Tag Manager (GTM): Configuring Consent in GTM
- If your business manages pixels in your mobile application: Adding Privacy & Consent to your Application
- To go back to our technical CCPA hub, click here
For QA instructions, check out our how to guide for testing Consent for CCPA's Data Sales.
Support
Please contact [email protected] if you have any questions regarding your account.
Updated 6 months ago