This guide explains how to delay cookie writing and data collection in Convert until visitor consent is provided, ensuring compliance with GDPR, CCPA, and ITP.
Benefits of This Feature:
-
Data Privacy Compliance: Delaying cookie writing and experiment execution ensures that your website complies with data protection regulations like GDPR and CCPA, safeguarding your organization against potential legal risks.
-
Visitor Trust: By not collecting data or running experiments until explicit consent is granted, you show respect for visitor privacy, building trust with your audience.
-
Flexible Consent Integration: This feature allows seamless integration with your Consent Management Software (CMS), ensuring that tracking and experiments start only when users agree, aligning your marketing efforts with privacy expectations.
-
Enhanced Control: It offers precise control over cookie writing and experiment execution. This lets you decide whether to block just cookies, or both cookies and experiments, depending on your compliance needs.
Why It Should Always Be Configured Alongside Consent Management Software:
-
Automated Consent Handling: While Consent Management Software manages the user interface and processes the consent status, this feature ensures that tracking and experimentation behavior are properly aligned with the consent choices made by the user.
-
Seamless User Experience: Without this feature, Consent Management Software might only block cookies but not the experiments themselves, leading to potential non-compliant data collection or experiments running prematurely, which can cause discrepancies or legal issues.
-
Consistent Data Tracking: Configuring this alongside your Consent Management Software ensures that once consent is provided, tracking resumes smoothly, avoiding data gaps and ensuring that your analytics and marketing efforts reflect the complete visitor journey.
Setup Option 1: Showing Experiences Until Consent Is Given
In this setup, you delay cookie writing but continue to show experiments and related variants until the visitor gives consent. The steps and considerations are as follows:
Step 1: Notify Convert That Consent Is Required
To ensure Convert blocks cookie writing but still shows experiments, add the following code in the Convert App > Your Project > Configuration > Global Project JavaScript section:
_conv_q.push(["consentRequired"]);
Consequences and Scenarios:
-
No Content Flashing: Since experiments are displayed even before consent, visitors will not experience content flashing. The page loads normally, but cookies are not written until consent is given.
-
Potential Data Collection: Because the experiments are shown, you will still have data on visitor interactions with the experiments, even if cookies are not written. However, if consent is never given, some interactions may not be fully captured in cookie-based analytics.
Step 2: Re-enable Tracking After Consent
Once the visitor gives consent, tracking can be re-enabled, and cookies can be written by triggering the following code:
window._conv_q.push(['consentGiven']);
How to Integrate with GTM or Consent Management Systems:
-
Google Tag Manager (GTM): You can use GTM to trigger this code by creating a tag that listens for the consent event. This way, when the consent is given, GTM fires the tag to execute the
consentGivencode. -
Consent Management Systems: Most Consent Management Platforms (CMPs) have events that fire when a user gives consent. You can use these events to trigger custom JavaScript code like the
consentGivencode to re-enable tracking and cookie writing.
Important Considerations:
-
Integrating With Consent Management Tools: Ensure that your CMP is configured to correctly trigger the consent event and execute the
consentGivenfunction. -
Compliance: This setup ensures compliance with GDPR and CCPA as no cookies are written until explicit consent is provided. However, experiments are still shown prior to consent.
Setup Option 2: Blocking Both Cookies and Experiments Until Consent Is Given
In this setup, both cookie writing and experiment execution are blocked until the visitor gives consent. This method provides the strictest level of privacy protection.
Step 1: Block Both Cookies and Experiments Until Consent
To block both cookie writing and experiment display until consent is provided, add the following code in the Global Project JavaScript section:
if (!document.cookie.includes("_conv_")) {
_conv_q.push({
what: "consentRequired",
params: { runExperiences: false }
});
}
Consequences and Scenarios:
-
Content Flashing: Since experiments are blocked until consent is granted, the visitor may experience a content flash when the page refreshes after consent is provided, causing experiments to start running only at that point.
-
Potential Data Loss: If consent is never given, experiment visits and goal conversions will not be tracked because the experiments are never shown to the visitor.
Step 2: Re-enable Tracking and Experiments After Consent
When the visitor provides consent, tracking and experiments can be re-enabled using the following code:
window._conv_q.push(['consentGiven']);
How to Integrate with GTM or Consent Management Systems:
-
Google Tag Manager (GTM): Create a tag in GTM that listens for a consent event and executes the
consentGivencode once consent is provided. -
Consent Management Systems: Many CMPs allow you to trigger custom code when consent is provided. Use the consent event in your CMP to run the
consentGivencode, ensuring both experiments and cookie writing start only after consent.
Compliance Considerations:
-
-
GDPR & CCPA Compliance: This method fully complies with data privacy regulations, ensuring that neither cookies are written nor experiments are shown without explicit visitor consent.
-
ITP Compliance: This method also helps ensure compliance with Intelligent Tracking Prevention (ITP) standards, as tracking only starts once consent is provided.
-