Consent Management
Overview
This section explains how the Real-time CDP JavaScript SDK manages user consent, ensures compliance with global privacy regulations, and enables privacy-aware data collection.
Modern data privacy regulations such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and similar laws require organizations to collect and process personal data only with appropriate user consent.
The Real-time CDP JavaScript SDK is designed with privacy-by-default and privacy-by-design principles. This ensures that user data is handled responsibly and only collected when proper consent is available.
How Consent Management Works
The SDK continuously evaluates the user's consent status before collecting any data. If consent is not granted for a specific category, the SDK automatically prevents that data from being collected or transmitted.
The consent management system consists of the following components:
-
Consent-Aware Attribute Collection
-
Integration with Consent Management Platforms (CMPs)
-
Granular Consent Category Handling
-
Dynamic Consent Updates
Consent-Aware Attribute Collection
The SDK automatically checks consent status before collecting sensitive attributes.
-
Location data is collected only when explicitly permitted
-
Web push tokens are captured only after consent is granted
-
PII is never collected without appropriate consent
Integration with Consent Management Platforms (CMPs)
The SDK integrates seamlessly with popular Consent Management Platforms (CMPs):
-
OneTrust
-
Cookiebot
-
TrustArc
When a user updates their consent preferences in the CMP, the SDK dynamically adjusts data collection behavior in real time.
Granular Consent Categories
Consent is managed at a category level to provide fine-grained control over data collection.
-
Analytics – Controls behavioral tracking and clickstream events
-
Personalization – Controls collection of user identity and PII
Consent Category Behavior
The SDK behavior changes dynamically based on the enabled or disabled consent categories.
Analytics = false
When the analytics consent category is disabled:
-
All clickstream data collection is completely stopped
-
No behavioral data is captured or transmitted
-
The following events are blocked:
-
Page views
-
Product interactions
-
Navigation events
-
Any behavioral tracking data
-
Personalization = false
When the personalization consent category is disabled:
-
All personally identifiable information (PII) collection is stopped
-
The SDK does not capture:
-
Identity events
-
Email addresses
-
Phone numbers
-
Customer codes
-
Any identifiable user data
-
SDK Consent Configuration
The SDK allows developers to update consent settings dynamically using a simple API method.
Consent settings can be updated when:
-
A user accepts or rejects cookies in a CMP banner
-
A user updates preferences in a privacy settings page
-
A developer programmatically updates consent values
Consent Integration Example
// Example: Integrating with a CMP
window.addEventListener('consentUpdated', function(e) {
rcdp.updateConsent({
analytics: e.detail.analytics,
personalization: e.detail.personalization
});
});
// Or set consent programmatically
rcdp.updateConsent({
analytics: true,
personalization: true
});
Default Consent State
By default, the SDK assumes consent is granted.
If your site uses a Consent Management Platform (CMP), you must explicitly update the consent state using rcdp.updateConsent() based on the user's choices.
Consent Scope
Consent is specific to the user's device and browser.
-
Consent granted on one browser does not apply to another
-
Each device/browser maintains its own consent state
Privacy by Design
The SDK ensures that no personally identifiable information (PII) is collected or transmitted without explicit user consent.
This architecture enables organizations to comply with strict global privacy regulations while continuing to leverage real-time customer data.