Skip to main content
All CollectionsTroubleshooting
Does my CMP effectively block/allow specific cookies and tags for all possible user-specified consent preferences?
Does my CMP effectively block/allow specific cookies and tags for all possible user-specified consent preferences?
Luiza Gircoveanu avatar
Written by Luiza Gircoveanu
Updated over 4 months ago

Overview

It is important to make sure that your CMP (Consent Management Platform) is implemented correctly. If your CMP is not correctly implemented, you will not have a good overview of your compliance with domestic and international data privacy laws.

Implementation

  1. Identify (conceptually) every single consent scenario that you may wish to test for - this box may provide an idea of how to go about this:

Scenarios to consider

Opt-In

Opt-Out

GPC (opt-out)

Default Consent Status (if not already covered)

USA Site Visitor (CPRA)

Europe Site Visitor (GDPR)

  1. Create Audits for each scenario

    1. Configure each Audit with the necessary settings and configurations in order to emulate each scenario

      1. Region

        1. Set the appropriate location

      2. Opt-In vs. Opt Out

        1. GPC Signal

        2. Default state of implied consent (no configuration needed for this scenario)

      3. Domain

        1. Choose the correct Starting URLs and apply inclusion/exclusion settings if needed

      4. Example:

Audit Settings for each scenario

Opt-In

Opt-Out

GPC (opt-out)

Default Consent Status (if not already covered)

USA Site Visitor (CPRA)

No additional settings required

Pre Audit actions that interact with the consent banner to opt-out

Toggle on GPC signal setting

No additional settings required

Europe Site Visitor (GDPR)

Pre Audit actions that interact with the consent banner to opt-out

No additional settings required

Toggle on GPC signal setting

No additional settings required

  1. Create Consent Categories

    1. Define as many Consent Categories as is needed to cover all scenarios -you may wish to view the linked help doc on Consent Categories if you are unfamiliar with them

    2. You can define these Consent Categories in whatever way makes the most sense to you and your testing purposes - here are a few examples that you could follow:

      1. Mirror your Consent Manager Platform categorization (e.g. OneTrust, Trustarc)

        1. Strictly Necessary

        2. First Party Analytics

        3. Performance

        4. Functional

      2. Create a Consent Category for Each Scenario

        1. Opt in (USA)

        2. Opt out (USA)

        3. Opt in (Europe)

        4. Opt out (Europe)

  2. Apply the appropriate consent categories to the appropriate Audits

    1. example:

Consent Categories applied to Audits

Opt-In

Opt-Out

GPC (opt-out)

Default Consent Status (if not already covered)

USA Site Visitor (CPRA)

Strictly Necessary/First Party Analytics/Performance

Functional

Strictly Necessary

Strictly Necessary

Strictly Necessary/First-Party Analytics

Europe Site Visitor (GDPR)

Strictly Necessary/First Party Analytics/Performance

Functional

Strictly Necessary

Strictly Necessary

Strictly Necessary/First-Party Analytics

Data Privacy Law Information

Here are some useful links for information on GDPR, CCPA, and CPRA regulations:

  1. GDPR (General Data Protection Regulation):

  2. CCPA (California Consumer Privacy Act):

  3. CPRA (California Privacy Rights Act):

Did this answer your question?