Data privacy consulting takes many forms. Our team offers a variety of services in this area, perhaps none as important as what often happens when working with small to mid-sized business clients, where data privacy doesn't usually come up until we raise the question.
In those instances, we have a "quick privacy guide" that we share when talking about collecting event data. For example, by setting up Tealium, Segment, Google Tag Manager, Adobe Launch, Hightouch-- these all help us collect behavioral event data about our customers as the customer journey brings them to our digital properties.
Easier said than done. Here we will show a technical example of implementing the steps in this guide, for those seeking to get started and get consent mode nailed down.
Keeping it simple
There are many classifications for data being collected. For simplicity, let's use three buckets:
1. required/functional data and cookies,
2. analytics/business data and cookies,
3. data and cookies for sharing/advertising/targeting/personalization
Bucket 3 is the one that folks must be able to opt out of. Many legal teams would split hairs in #2 and require opt- capabilities for various parts.
SMBs and B2B startups who have taken no measures to comply with privacy regulations at all would do well to start like the above. Each tracking system allows categorization of data collection, and will only collect data in consented categories. For example, in Google Tag Manager (GTM) there are separate consent checks that can be associated with any tag. Some are built in, and no configuration is required once consent mode has been appropriately configured.
Consent mode tagging template
For these situations where consent mode is not even in place and privacy regulations are not being addressed, it is not okay to simply set all consents to "granted" in a consent mode tagging template. In many situations, however, it is at least better as long as messaging on the website is clear about what data is collected and why, and an opt-out capability exists. Having an updated privacy policy that includes an opt-out link is a must-have.
Ideally, site developers will trigger an event that can be reacted to in order to update the tagging template. This can also be done within GTM itself by setting a trigger up just like any other specific link click.
What about cookies already set?
The most compliant systems take care of clearing cookies / storage objects. This example assumes the privacy policy informs users on clearing device of data. When someone is considered "opted in" for advertising
*ZappyPeople are not a legal consulting group, but we do often consult on digital data privacy. Consult with legal counsel regarding the approach to compliance.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article