Consent Management Platforms – with industry-leader Tealium IQ

This article explains the steps required to collect user data in compliance with regulations using Tealium’s Consent Management Platform.

A Consent Management Platform is an advanced toolkit with multiple moving parts. We will break these down. Firstly we introduce the Explicit Consent Manager and then the Consent Preference Manager; this will help you understand the logic behind a user-form all the way through to tag firing to manage the user-defined personalized journey. Next, we examine how the Global Consent Parameters allow administrators to customize the form shown to your user and, therefore, the data collected. Finally, we reveal how the Consent Event Specification Manager gives you fine-grained control over which events are logged as the user interacts with your site.

If you wish to understand the fine details of how to move from a consent prompt to tagging to implementing effective, customized marketing, then read on.

A Consent Management Platform has multiple moving parts. Image shows Explicit Consent Manager and then the Consent Preference Manager and how Global Consent Parameters and Consent Event Specification manager controls these.

What are Consent Management Platforms?

Consent management platforms allow your users to securely store their data on your website platform and determine what you do with it. This article explains why a dedicated consent management platform is such a useful tool for regulatory compliance; and how to implement consent management in Tealium iQ – a market leader.

With the introduction of multiple consumer data privacy regulations (for instance, GDPR, CCPA, POPI, etc.), collecting personal data via cookies requires appropriate consent from users. This required an overhaul of the tools applied to marketing solutions and consumer data consumption for most businesses. 

Consent Management Platforms (CMPs) manage the process of collecting user-specific data on websites via different cookies, facilitating compliance with multiple consumer data privacy policies. Consent Management Platforms present consumer-friendly pop-ups or elements on the website. These ask to collect and process personal data with the consumer’s consent acceptance or prevent such data collection on rejection. 

Consent manager platforms facilitate the regulatory obligations within their platforms, simplifying:

  1. Consent manager pop-up implementation for users in a production environment.
  2. Recording and storing visitor’s consent decision information; collecting pre-consent approval data with required tag firing.
  3. Data collection and processing for advertisement and remarketing purposes.

General Requirement of General Data Protection Regulation (GDPR law)

For a Cookie and Consent Management 101, see our previous article (the EU regulations, the GDPR, are just one example). The consumer data protection regulation imposed by the EU (EU Cookie Law) enforces informed choice. This means that websites must offer users the ability to accept or reject cookie data collection while surfing a website. With GDPR in place, websites must meet the regulatory policy while collecting and processing an EU citizen’s data. Failure to comply may lead to a financial penalty. 

Businesses have to take and record consent from users before collecting and processing their cookie data. Consent Management Platforms automate the collection and processing of users’ personal data (whether for analytics, remarketing, personalization, etc.).

Tealium iQ, a GDPR-Compliant Consent Management Platform

Tealium iQ Consent Manager supports and promotes consumer data safety and privacy, allowing businesses to quickly and easily implement consent management. It encourages users to control what cookie data they want to allow businesses to capture. And, it allows users to change their selection whenever they want. Importantly, Tealium Consent Manager supports all languages. This allows you to localize the text, making it easier for users to understand the request. 

Once Consent Manager is enabled on your website, tagged events wait in the queue until the user’s consent is recorded as accepted or rejected. Tealium processes the user’s surfing behavior as ‘unknown’ until consent is provided. With consent given, Tealium iQ reassigns the user to a ‘Full’, ‘Partial’, or ‘Decline’ consent state. With the consent state set, the website’s queued events are triggered as per the consent state’s preassigned behavior.

A Smooth User Experience

To manage compliance with the GDPR, Tealium has introduced multiple out-of-the-box features, addressing GDPR requirements and other consumer data protection regulatory policies. This gives you a Consent Management Platform that is user-friendly – both from an administrator and consumer point of view. For example:

  • ‘Opt-in’ and ‘Opt-out’ notification management
  • User management, ensuring security
  • A privacy widget to manage consumer data protection
  • DataLayer and Tag Market Place configuration policies

Tealium’s Consent Manager Platform massively simplifies GDPR compliance by implementing:

  1. Explicit consent prompt manager
  2. Consent preference manager

Tealium also supports global consent parameters management and consent event specifications, which we will also touch on.

Improving the Customer Experience with Tealium iQ’s  Consent Manager Platform

With Tealium iQ Consent Manager, users can allow businesses to track their analytics data or revoke access to personal data. The outcome depends on the kind of cookie the user agrees the business can apply; e.g., analytics, marketing, functional, etc. In this way, Tealium Consent Manager supports your business in complying with GDPR and other consumer data protection regulatory obligations. More importantly, it puts your user in control of their experience.

1. Explicit Consent Prompt Manager

The Consent Prompt Manager customizes code based on the user’s preferences. This step eventually links a user’s choices to which tag categories are activated and, therefore, determines what cookie data is captured.

The simplest Consent Prompt Manager deployment allows users to ‘Opt-in’ or ‘Opt-out’ of allowing their data to be captured. This tool can be customized at setup as per the regulations you are bound by, helping your business stay compliant.

Tealium simplifies the entire customization with its user-friendly form. This includes allowing you to create a fully-customized message to be provided with the consent prompt (supporting multiple languages and custom parameters).

A consent management platform GUI

With the simplest options accepted during customization, this is the form that will be presented to the user:

A Consent Manager Platform for GDPR compliance

If you choose to go beyond the default customization, you may set up advanced consent options. These will be available as a link from the default cookie consent form, as per Tealium’s site:

A Consent Manager Platform puts cookie control into the hands of the user

With setup complete, you are ready to call the form from your web page, like so:

Standard parameters – HTML code [Sample code] – 

A Consent Manager Platform assists with the development of HTML for your site

1.1 Manage Custom Parameters

1.1 Configure

As with the custom parameter configuration, Tealium iQ allows developers to edit the CSS/HTML/JavaScript code to support or adjust the ‘Explicit Consent Manager Prompt’ as per your business requirements to accommodate integration with your website.

A consent management platform simplifies customization of the User Form

[Snapshot taken from Tealium tool]

1.2 Display

Display rules need to be defined to determine who receives the consent prompt on your website.  For example, to meet the EU cookie law, select the existing GDPR load rule available in the tool or define one’s own rule – as per your unique business requirement.

EU data subject identification can be achieved by:

  • Examining the domain/sub-domain or pathname (e.g., ex.example.com, www.example.ex, or www.example.com/ex)
  • Examining the DataLayer Country Variable (e.g., utag_data.country_code = “ex”)
  • Creating your own load rule to meet with GDPR load-rule to accommodate your industry sector’s business requirement.

1.3 Options

The options screen allows you to determine which user actions or events are logged. It is possible to log every event or action undertaken by visitors on your website. This option supports compliance with Recital 42 of the GDPR (recording capture of ‘Proof of Consent’) and keeps the data available for audit purposes. It also controls whether the tags implement tracking or collect the visitors’ data.

2. Consent Preference Manager

Part of Tealium IQs Consent Manager Platform is the simple Consent Preference Manager interface that offers the following features:

  • Display templates
  • Customizable style and layout
  • Multi-language support
  • Tag categories

 

With Consent Prompt Manager setup, the user’s preferences are passed to the Consent Preference Manager to deploy their tracking preferences. This preference manager broadly categorizes the cookies’ tags based on functionality or purpose – e.g., analytics, marketing, or functional. If advanced consent was set up, the visitor is provided with a toggle button to specifically Opt-in or Opt-out from each specific category. For example, if a consumer wants to be informed about new offers on your site but doesn’t want to be reached out to by third-party sites, they would select the personalized campaign but wouldn’t accept being targeted via email marketing campaigns. Like so:

The user’s selections create the following binary list recorded in the Consent Cookie – CONSENTMGR. Note that the Opt-in/Opt-out values are binary true/false. The key/value pairs that arise from the form completion in the image are separated with a pipe, “|” character. Each category is  ‘c’ with an identifying number. Again, a binary value is recorded, this time an integer ‘1’ or ‘0’ meaning 1=Allowed and 0=Not allowed. 

The above form, would therefore populate the CONSENTMGR cookie like so:

ts:1525369619|consent:true|c1:0|c2:0|c3:0|c4:0|c5:0|c6:0| c7:1|c8:0|c9:1|c10:0|c11:0|c12:1|c13:0|c14:0|c15:0

With “Analytics” set to “allowed”, CX-Y becomes 1

Performance: [“analytics”, “monitoring”, “big_data”, “mobile”, “crm”],

Marketing: [“analytics”, “monitoring”, “big_data”, “mobile”, “crm”, “affiliates”, “email”, “search”, “engagement”, “cdp”],

Personalized Advertising: [“analytics”, “monitoring”, “big_data”, “mobile”, “crm”, “affiliates”, “email”, “search”, “engagement”, “cdp”, “display_ads”, “personalization”, “social”, “cookiematch”, “misc”]]

Analytical Cookies

Google Analytics

The measurement, collection, analysis, and reporting of web data. For more information, please visit Google’s dev guides

Yandex

The measurement, collection, analysis and reporting of web data. For more information, please visit Yandex

Youtube

The measurement, collection, analysis and reporting of web data. For more information, please visit Google’s dev guides

Expiry: 90 Days

Marketing Cookies

DoubleClick

Online advertising that comes in several forms, including banner ads, rich media and more. For more information, please visit Google Policies

Google Ads

To help deliver better search results based on customers visiting our site. For more information, please visit Google Policies

Oracle Eloqua, Oracle Maxymizer

To track when visitors are entering our site to determine effectiveness of our targeting efforts. For more information or to opt-out, please visit Oracle 

Oracle Bluekai

To create customized experiences for visitors to our website. For more information or to opt-out, please visit Oracle 

Crazyegg

To create personalised experiences for visitors to our website. For more information or to opt-out, please visit Crazyegg

Twitter, Facebook, Snapchat

To better generate, target, and deliver marketing communications via Social networks. For further information please visit

Facebook

Snapchat

Twitter

Media Math

To help deliver better marketing based on customers visiting our site. For more information, please visit Media Math

Xandr

Marketing and advertising tool. For more information, please visit Xandr

Expiry: 90 Days

Functional Cookies

Google Recaptcha, Google Botguard

Functionality important to deliver an optimal website experience. For more information, please visit Google Policies

Expiry: 90 Days

3. Additional Global Consent Parameters

Global Consent Parameters manage the code variables that populate the Explicit Consent Prompt and preference block, i.e., these parameters determine what fields are available to the administrator responsible for step 1. This specific setup is managed at the account level and is inherited across the board. Note, only users with ‘manage account’ permission have access to this specific consent manager feature.

What the prompt displays and generates is based on CSS, HTML, and JavaScript. Each parameter used in this form, is updated according to its configuration at this Global Consent Parameter-level. For example, {{title}}, {{message_body}}, {{opt-in}}/{{opt_out}}, etc.

4. Consent Event Specifications

Consent Event configures Consent Preference Manager’s collection of user responses and implements data privacy and tracking. Applying Consent Event to customize the Consent Preference Manager (used in step 2) gives you control over which events are logged according to the preferences set by visitors via the Consent Preference Manager tool. 

For example, you may set up the Event Specification under the ‘Privacy’ category like so:

  1.   Policy as ‘GDPR’.
  2.   Tag Categories as ‘Analytics’, ‘Marketing’, etc.
  3.   Tealium Change Event as ‘Grant Full Access’ or ‘Grant Partial Access’.

 

This will reflect as:

{

“tealium_event”: “grant_partial_consent”,

“policy”: “gdpr”,

“consent_categories”: [“Affiliates”, “Social”]

}

Simple UX and UI customization

 Tealium iQ Consent Manager allows users to preview the ‘Consent Manager’ pop-up – showcasing exactly how it will appear in the production environment. This enables developers to customize it, to match the business or site’s requirements without hampering the consumer experience.

A Consent Manager Platform – a Robust Solution for Compliance

Tealium iQ Consent Manager provides a superior Consent Management Platform with the tooling and infrastructure that simplifies consent prompt box configuration. By implementing a Consent Management Platform, you can be assured that your consumer’s data is well-protected and demonstrate compliance with regulations. 

The example platform we discussed here, Tealium IQ, provides strong data governance and GDPR compliance. Tealium also updates its features to meet the evolving consumer data privacy regulatory obligations, which is why, at e-CENS, we are big fans of Tealium’s iQ. 

e-CENS Capabilities

Would you like our support? We are here to assist with your Consent Management. e-CENS can help you apply best practices and solutions to store, structure, and process user consent data and make it GDPR and CCPA compliant.

When you put your Consent Management into the hands of our professional team here at e-CENS, you get the best implementation in place. You won’t risk serious fines through non-compliance. You won’t have to wrestle with a management system that doesn’t integrate well with your website or business needs. We are here to smooth your Consent Management journey.

Related resources

Share on facebook
Share on twitter
Share on linkedin

Do you want to
win with data?

e-CENS designs and builds a complete, customized digital analytics and measurement program to drive your business forward.