Validating Consent Managers

Overview

Validating your Consent Manager is great way to take advantage of ObservePoint's functionality. In this doc, we'll walk you through how to opt out of all cookies and then simulate traffic from from a locations where GDPR & CCPA would be applicable.

Procedure

  1. Create an audit, giving it a name describing which test you want to perform, key words like "GDPR" and "CCPA" make great labels and audit titles.
  2. Next, under Advanced Setup, choose a proxy from the Location dropdown applicable to the test you are creating. ObservePoint offers proxies to simulate traffic from Northern California; London, England; Dublin, Ireland; and Frankfurt, Germany.

3. After configuring the rest of the advanced setup of your audit audit, Go to the User Session tab.4. Create a User Session that simulates a user declining all cookies that are available to decline. Consent managers tend to be custom, so there is no on-size-fits all approach. In this example we'll use a OneTrust consent manager found on https://www.gene.com, but the same principles could be applied to any consent manager solution.

5. We'll start with a Navigation action to the page. 6. Then we'll open a new tab in our browser and navigate to https://www.gene.com and search for a consent manager banner

Note: If you don't see the banner, you maybe maybe already have your cookie preferences saved from a previous visit, so perform the step above in an incognito window.7. From here we'll create actions to click on "Cookie Preferences", then toggle off available cookies that can be declined, and finally click "Confirm My Choices"

8. After grabbing appropriate selectors and creating click actions, your User Session should look like this.

9. Now, run the audit. Before visiting any page in the audit, the User Session actions will be performed and the results should show no Performance, Functional, Social Media, or Targeting Cookies. The results can be seen in the Cookie Export available in the Page Details Report, or by inspecting the lack of tags in the tag presence report.

10. If you know which tags you expect not to fire after modifying the cookie preferences, you can create rules to validate that they are not firing. You can do this by making the tag part of your condition and then picking an arbitrary tag and choosing a fake variable name and value.

Note: This will trigger a rule failure 100% of the time that tag is present.

Note: This would be a blacklist method. If you are interested in a more robust, whitelist method, reach out to your Data Governance Consultant.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.