How To: Set Up Consent Management in the Control Panel

A guide for setting up and managing consent for data sales, data sharing, and sensitive personal information processing under CCPA, CPRA, VCDPA, and CPA

CCPA regulation calls for a business that sells consumers' personal information to provide a notice of right to opt-out to consumers. Specifically, a website must host a link on their website titled "Do Not Sell My Personal Information" that allows a user to opt-out of data sales.

Regulations like CPRA, VCDPA, and CPA have varying requirements for users to be able to opt out of data sharing, or voluntarily opt in to sensitive personal information processing.

For more information on state requirements, see our State Privacy Hub.

  • Ethcya provides a Consent option in your Privacy Center to allow users to opt-out of Data Sales, Data Sharing, and Personal Information Processing. When a user goes through the Consent experience, they will land on the Consent Management Portal to manage their opt-out:

This article will focus on how to set up a Data Use within Ethyca:

  • Creating your Data Use Case
  • Applying Consent Flags to your Data Use Case
  • Understanding the Customer Opt-out Experience
  • Viewing Reports in Your Control Panel

To configure the technical integration, please visit our technical implementation guide.

Creating your Data Use Case

In order to set up your Data Use Case, there are a few steps you will want to follow in your Control Panel. It is important to note, this Data Use Case will be visible to customers in your Ethyca Privacy Center Consent Management portal depicted above.

When creating your Data Use Case, you will want to ensure that you:

  • Provide a Title that describes its purpose (e.g. Data Sales, CCPA's Data Sales, Information Sharing)

  • Ensure Requires Consent is set to Yes to display your Data Use option in your Privacy Center

  • Include a Description of what your business does with the data. For example, the following might be used for a CCPA Data Sales Data Use:

      From time to time we may use some of your personal information for advertising 
      performance analysis and audience modeling for ongoing advertising, 
      which may be interpreted as Data Sales or Sharing under the California Privacy
      Rights Act (CPRA). You can opt out of this here and we will ensure 
      your data is no longer used for these purposes.
  • Provide the Categories of information involved, such as: e-mail, IP address, behavior data, location, etc.

  • Provide the Phases of data activity. For example, in Data Sales, this will commonly be Data Collection, Data Processing and Data Retention.

Understanding Opt-In and Opt-Out

All data use cases except Sensitive Personal Information are set to an opt-out experience. When enabled, your users will be able to use your Control Panel to opt out of Data Sales, Marketing, etc, which are enabled by default.

Sensitive Personal Information is an opt-in experience. When enabled, your users will be able to use your Control Panel to opt in to the processing of sensitive personal information, but it is disabled by default.

Applying Consent Flags to your Data Use Case

The final step in creating your Data Use is assigning Consent Flags, which will identify what underlying business processes and systems a users consent will affect.

Applying Consent For Websites will govern how data is handled in front end applications that use cookies and pixels. For example, sending event performance data from an e-commerce flow to Google via the Google Ads pixel.

Applying Consent For Data Integrations will govern how data is handled in backend and service-to-service calls. For example, sending attribution data from physical retail sales to Facebook via their Offline Attribution API.

For your Data Sales Data Use Case, you must check the box on the following flags:

  • Under "Apply Consent for Website", select the checkbox for your required use case: Data Sales, Sensitive Personal Information or Data Sharing
  • Under "Apply Consent for Data Integration", select the checkbox for required use case: Data Sales, Sensitive Personal Information, or Data Sharing

Click Save for your Data Use Case, and you're all set with the customer facing consent set up.


Understanding the Customer Opt-out Experience

When you set your Data Use Case live, it will be visible to customer's in your Ethyca Privacy Center's Consent Management portal. See mapping guide below:

Privacy CenterControl Panel
Activities We ProcessBusiness use case for the processing activity. Refers back to the "Title" in the Data Use Case section. (A)
Do you Consent?Allows a user to select YES (opt-in) or NO (opt-out). (B)
DescriptionBusiness description of what a subject is consenting to. Refers back to the "Description" in the Data Use Case section. (C)
Information being processedPII processed in the activity. Refers back to "Category" in the Data Use Case section. (D)

Now let us we'll walk through the subject's consent experience in your Ethyca Privacy Center.

A subject will visit your custom-branded Ethyca Privacy Center and selects the "Consent" option (e.g. https://privacy.<yourcompany>.com).


The subject will then be shown a popup message that prompts them to provide their email address for identity verification. CCPA regulation requires that you verify the identity of the subject requesting to opt-out to ensure they are who they say they are.


Once the subject's email address has been submitted, they will be emailed a verification code to confirm their identity and receive the below pop up:


From the Consent Management page, the subject can choose whether or not they want to consent to having their data sold.


Once the user confirms their request—"YES" for Opts-In or "NO" for Opts-Out—they will see a confirmation banner (shown below), and a cookie will be set on the user's browser with their consent preference.


If the user selects "NO", the next time the subject visits your company's site, a cookie will be set on the subject's browser that will suppress their data from being sent back to any downstream systems. This way, Facebook and any other relevant ad products will know the user has opted out.

If the user selects "YES", it will be business as usual until a customer changes their opt-out preferences.

For more information on how to launch your Privacy Center check out this link here.

Viewing Reports in Your Control Panel

All of your subjects' consent status are available in the Control Panel for easy viewing and downloading. This is key for keeping a record of the consumer's opt-out requests you have honored.

Reporting is available on a monthly basis (including month to date). You have the option to open a new window to view the report or download it directly from the Control Panel as a CSV.


The report will include the consent categories consented to, the subjects' location, their consent record, and the date the consent occurred.



Please contact [email protected] if you have any questions regarding your account.