@@ -33,44 +32,46 @@ The OneTrust consent banner has three key UI configurations that control how the
-You can set use the banner display and banner closing settings to either create a banner implementation that is **mandatory**, or must be interacted with before a user can access your site, or **optional**, where a banner is either always present as your end users navigate through your site, disappears after a user takes an action, like clicking or scrolling, or is never shown to your users.
+You can set use the banner display and banner closing settings to either create a banner implementation that is either:
+- **Mandatory**: A user must interact with a banner before they access your site
+- **Optional**: A user does not have to interact with a banner while they access your site. The banner is always present as your end users navigate through your site, disappears after a user takes an action, like clicking or scrolling, or is never shown to your users
-Some combinations of banner behaviors and consent models may lead to a [risk of data loss in your downstream destinations](#scenarios-where-you-might-experience-data-loss).
+Some combinations of banner behaviors and consent models may lead to a [possibility of data loss in your downstream destinations](#scenarios-where-you-might-experience-data-loss).
-### Risk evaluation
+### Possibility for data loss
-Segment has evaluated a combination of banner behaviors, consent models, and load orders to be at either a [low](#low) risk or [medium](#medium) risk of data loss.
+Segment has evaluated a combination of banner behaviors, consent models, and load orders to be at either a [low](#low) or [medium](#medium) possibility of data loss.
#### Low
-Segment assess some behaviors to have a low risk of data loss and noncompliance because Twilio Segment analytics.js and third-party device mode libraries are loaded only after the user has provided their consent (for consent banners a user **must** interact with to use your site) or if Segment assumes that a user consents (if you set your cookie banner on your site to be optional and never displayed to a user).
+Segment assess some behaviors to have a low possibility of data loss because Twilio Segment Analytics.js and third-party device mode libraries are loaded only after the user has provided their consent (for consent banners a user **must** interact with to use your site) or your site assumes that a user consents (if you set your cookie banner on your site to be optional and never displayed to a user).
#### Medium
-Segment assess some banner behaviors, like those that always remain as a user navigates your site and those that disappear after a user action like clicking or scrolling, to be at a medium risk for data loss and noncompliance.
+Segment assess some banner behaviors, like those that always remain as a user navigates your site and those that disappear after a user action like clicking or scrolling, to be at a medium possibility for data loss and noncompliance.
-- **Compliance Risk**: Once device mode libraries are loaded they cannot be unloaded when the user revokes consent to their mapped categories. *Note: Not unloading the library poses a risk **only** if the library is collecting data in addition to collecting Segment events.*
-- **Data loss Risk**: Once Segment loads, if the user consents to additional categories that map to device mode libraries, then these new libraries will not be loaded until the next time that Segment loads, like after a page reload. This may result in data loss.
+- **Compliance Risk**: Once device mode libraries are loaded they cannot be unloaded when the user revokes consent to their mapped categories. *Note: Not unloading the third-party library poses a risk **only** if the third-party library is collecting data in addition to collecting Segment events.*
+- **Possibility of data loss**: Once Segment loads, if the user consents to additional categories that map to device mode libraries, then these new libraries will not be loaded until the next time that Segment loads, like after a page reload. This may result in data loss.
-To minimize the risks of having a medium risk level:
+To minimize the possibilities for data loss:
- Set up cookie banners that either must be interacted with in order to use your site, or are set to be optional and never displayed to a user, with the assumption that users rarely go back to update consent preferences
- If using cookie banners that either always remain as a user navigates your site or disappear after a user action, like clicking or scrolling:
- **Use fewer device mode libraries.** This way, all data flows through Twilio Segment and you can respect an end-user's consent preferences using Consent Management
- **Regularly audit your device mode libraries.** Audit your device mode libraries to confirm they are not capturing data themselves
- - **Add logic to do a full page refresh when the user’s consent to categories associated with device mode libraries changes.** This will help unload the device mode libraries completely.
+ - **Add logic to do a full page refresh when the user’s consent to categories associated with device mode libraries changes.** This will help unload the device mode libraries completely
> info " "
-> Refreshing a page when a user's consent changes could cause duplicate page events in your destinations. This can also cause a loss of form state for your users, if input form fields were present at the time of refresh. However, page refreshes due to changes in consent can also help load additional device mode libraries the user has consented to share data with, eliminating the risk of data loss in your downstream destinations.
+> Refreshing a page when a user's consent changes could cause duplicate page events in your destinations. This can also cause a loss of form state for your users, if input form fields were present at the time of refresh. However, page refreshes due to changes in consent can also help load additional device mode libraries the user has consented to share data with, eliminating the possibility of data loss in your downstream destinations.
## Segment library desired behavior
-| Banner behavior | Cookie banner | User interaction with webpage | Segment loads | Risk | Support Status |
-| --------------- | ------------ | ----------------------------- | ------------ | ---- | -------------- |
-| Mandatory |
Displayed on page load |
Required to access webpage | After use action | [Low](#low), until a user changes their preferences |
Supported |
-| A banner that always remains as a user navigates your site |
Displayed on page load |
Not required to access webpage | With page load | [Medium](#medium) |
Unsupported |
-| A banner that disappears after a user action, like clicking or scrolling |
Displayed on page load |
Not required to access webpage | With page load | [Medium](#medium) |
Unsupported |
-| A banner that is optional and never displayed to a user |
Not displayed on page load |
Not required to access webpage | With page load | [Low](#low), until a user changes their preferences |
Supported |
+| Banner behavior | Cookie banner | User interaction with webpage | Segment loads | Possibility of data loss |
+| --------------- | ------------ | ----------------------------- | ------------ | ---- |
+| Mandatory |
Displayed on page load |
Required to access webpage | After use action | [Low](#low), until a user changes their preferences |
+| A banner that always remains as a user navigates your site |
Displayed on page load |
Not required to access webpage | With page load | [Medium](#medium) |
+| A banner that disappears after a user action, like clicking or scrolling |
Displayed on page load |
Not required to access webpage | With page load | [Medium](#medium) |
+| A banner that is optional and never displayed to a user |
Not displayed on page load |
Not required to access webpage | With page load | [Low](#low), until a user changes their preferences |
## Scenarios where you might experience data loss
@@ -91,7 +92,7 @@ You might experience data loss if a user navigates away from a landing page befo
| Opt-In (optional banner behavior) |
- User provides consent preferences and closes banner (with or without the presence of strictly necessary destinations) |
+ User provides consent preferences and closes banner (with or without the presence of strictly necessary category) |
1. Website loads
2. Website presents consent banner to a user
3. Users provide consent preference and close banner
4. Segment libraries load
5. Any events in the buffer for that session are sent to consented destinations (Segment and third-party destinations)
6. All events after a user provides their consent will flow to consented destinations (Segment and third-party destinations) |
Data loss is possible if the user navigates away from the landing page before providing consent or if a user closes the banner.
No data loss if the user provides consent on the landing page |
@@ -149,6 +150,7 @@ You might experience data loss if a user navigates away from a landing page befo
| Opt-In(with mandatory or optional consent banner) |
+ User does nothing and continues accessing the website |
1. Website loads
2. Segment libraries load
3. Events flow to default consented and unmapped destinations (Segment and third-party destinations)
4. User does not interact with the consent banner and continues to access the website |
No data loss |
@@ -159,6 +161,7 @@ You might experience data loss if a user navigates away from a landing page befo
| Opt-out(with mandatory or optional consent banner) |
+ User does nothing and continues accessing the website |
1. Website loads
2. Segment libraries load
3. Events flow to default consented and unmapped destinations (Segment and third-party destinations)
4. User does not interact with the consent banner and continues to access the website |
No data loss |
@@ -168,10 +171,16 @@ You might experience data loss if a user navigates away from a landing page befo
No data loss
Device mode libraries that are passively collecting data and are mapped to categories a user does not consent to share data with might still be collecting data.
Segment is not able to block that data collection. |
- | Implied |
+ Implied |
+ User does nothing and continues accessing the website |
1. Website loads
2. Segment libraries load
3. Events flow to default consented and unmapped destinations (Segment and third-party destinations)
4. User does not interact with the consent banner and continues to access the website |
No data loss |
+
+ | User seeks, opens, and updates cookies on the banner, then closes the banner |
+ 1. Website loads
2. Segment libraries load
3. Events flow to default consented destinations (Segment and third-party destinations)
4. User seeks, opens, and updates cookies on the banner
5. User closes banner
6. Events flow to consented destinations, are block from flowing to mapped, non-consented destinations.
If a user rejects all categories and your Segment workspace has no unmapped destinations, no data will flow to any destination
If a user rejects all categories and your Segment workspace has unmapped destinations, data will flow to your unmapped destinations |
+ No data loss
Device mode libraries that are passively collecting data and are mapped to categories a user does not consent to share data with might still be collecting data.
Segment is not able to block that data collection. |
+
From 4a060f2f2757ea4a9daabbfa78bfa82d66265ac9 Mon Sep 17 00:00:00 2001
From: forstisabella <92472883+forstisabella@users.noreply.github.com>
Date: Mon, 29 Apr 2024 20:26:31 -0400
Subject: [PATCH 4/8] Update src/privacy/consent-management/onetrust-wrapper.md
Co-authored-by: pwseg <86626706+pwseg@users.noreply.github.com>
---
src/privacy/consent-management/onetrust-wrapper.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/privacy/consent-management/onetrust-wrapper.md b/src/privacy/consent-management/onetrust-wrapper.md
index c90c338b0b..55b537546b 100644
--- a/src/privacy/consent-management/onetrust-wrapper.md
+++ b/src/privacy/consent-management/onetrust-wrapper.md
@@ -5,7 +5,7 @@ plan: consent-management
This guide about Segment's Analytics.js OneTrust wrapper contains context about which configurations might cause data loss, steps you can take to remediate data loss, and configurations that minimize data loss.
-For questions about OneTrust Consent and Preference Management behavior, see the [OneTrust documentation](https://my.onetrust.com/s/topic/0TO3q000000kIWOGA2/universal-consent-preference-management?language=en_US){:target="_blank”}.
+For questions about OneTrust Consent and Preference Management behavior, see the [OneTrust documentation](https://my.onetrust.com/s/topic/0TO3q000000kIWOGA2/universal-consent-preference-management?language=en_US){:target="_blank"}.
For questions about the Analytics.js OneTrust wrapper, see the [@segment/analytics-consent-wrapper-onetrust](https://github.com/segmentio/analytics-next/tree/master/packages/consent/consent-wrapper-onetrust){:target="_blank”} repository.
From ee99133f57d07f7a3510093952b0b313ad84ac90 Mon Sep 17 00:00:00 2001
From: forstisabella <92472883+forstisabella@users.noreply.github.com>
Date: Mon, 29 Apr 2024 20:27:56 -0400
Subject: [PATCH 5/8] Apply suggestions from code review
Co-authored-by: pwseg <86626706+pwseg@users.noreply.github.com>
---
src/privacy/consent-management/onetrust-wrapper.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/privacy/consent-management/onetrust-wrapper.md b/src/privacy/consent-management/onetrust-wrapper.md
index 55b537546b..ff66919b9c 100644
--- a/src/privacy/consent-management/onetrust-wrapper.md
+++ b/src/privacy/consent-management/onetrust-wrapper.md
@@ -7,7 +7,7 @@ This guide about Segment's Analytics.js OneTrust wrapper contains context about
For questions about OneTrust Consent and Preference Management behavior, see the [OneTrust documentation](https://my.onetrust.com/s/topic/0TO3q000000kIWOGA2/universal-consent-preference-management?language=en_US){:target="_blank"}.
-For questions about the Analytics.js OneTrust wrapper, see the [@segment/analytics-consent-wrapper-onetrust](https://github.com/segmentio/analytics-next/tree/master/packages/consent/consent-wrapper-onetrust){:target="_blank”} repository.
+For questions about the Analytics.js OneTrust wrapper, see the [@segment/analytics-consent-wrapper-onetrust](https://github.com/segmentio/analytics-next/tree/master/packages/consent/consent-wrapper-onetrust){:target="_blank"} repository.
## OneTrust consent banner behavior
@@ -44,11 +44,11 @@ Segment has evaluated a combination of banner behaviors, consent models, and loa
#### Low
-Segment assess some behaviors to have a low possibility of data loss because Twilio Segment Analytics.js and third-party device mode libraries are loaded only after the user has provided their consent (for consent banners a user **must** interact with to use your site) or your site assumes that a user consents (if you set your cookie banner on your site to be optional and never displayed to a user).
+Segment assesses some behaviors to have a low possibility of data loss because Twilio Segment Analytics.js and third-party device mode libraries are loaded only after the user has provided their consent (for consent banners a user **must** interact with to use your site) or your site assumes that a user consents (if you set your cookie banner on your site to be optional and never displayed to a user).
#### Medium
-Segment assess some banner behaviors, like those that always remain as a user navigates your site and those that disappear after a user action like clicking or scrolling, to be at a medium possibility for data loss and noncompliance.
+Segment assesses some banner behaviors, like those that always remain as a user navigates your site and those that disappear after a user action like clicking or scrolling, to be at a medium possibility for data loss and noncompliance.
- **Compliance Risk**: Once device mode libraries are loaded they cannot be unloaded when the user revokes consent to their mapped categories. *Note: Not unloading the third-party library poses a risk **only** if the third-party library is collecting data in addition to collecting Segment events.*
- **Possibility of data loss**: Once Segment loads, if the user consents to additional categories that map to device mode libraries, then these new libraries will not be loaded until the next time that Segment loads, like after a page reload. This may result in data loss.
From 5c58c103715cde12c390282f8ac5debdafea40b2 Mon Sep 17 00:00:00 2001
From: forstisabella <92472883+forstisabella@users.noreply.github.com>
Date: Tue, 30 Apr 2024 18:39:09 -0400
Subject: [PATCH 6/8] [netlify-build]
---
.../consent-management/consent-in-segment-connections.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/privacy/consent-management/consent-in-segment-connections.md b/src/privacy/consent-management/consent-in-segment-connections.md
index 80919720f8..2e4059c575 100644
--- a/src/privacy/consent-management/consent-in-segment-connections.md
+++ b/src/privacy/consent-management/consent-in-segment-connections.md
@@ -81,4 +81,4 @@ If there is a category configured in Segment (`functional`) that is not mapped i
## Content observability
-Events discarded due to consent preferences appear in [Delivery Overview](/docs/connections/delivery-overview/) at the "Filtered at destination" step with the discard reason *Filtered by end user consent*.
+Events discarded due to consent preferences appear in [Delivery Overview](/docs/connections/delivery-overview/) at the "Filtered at destination" step with the discard reason *Filtered by end user consent*.
\ No newline at end of file
From cdb8a9f081c7e1034de6decfc34e100e6f77c0b1 Mon Sep 17 00:00:00 2001
From: forstisabella <92472883+forstisabella@users.noreply.github.com>
Date: Wed, 1 May 2024 15:01:10 -0400
Subject: [PATCH 7/8] [netlify-build]
---
src/privacy/consent-management/onetrust-wrapper.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/privacy/consent-management/onetrust-wrapper.md b/src/privacy/consent-management/onetrust-wrapper.md
index ff66919b9c..97ac18174c 100644
--- a/src/privacy/consent-management/onetrust-wrapper.md
+++ b/src/privacy/consent-management/onetrust-wrapper.md
@@ -16,8 +16,8 @@ The OneTrust consent banner has three key UI configurations that control how the
- **Banner display:** If the banner should be shown or not when a user lands on your webpage
- **Banner closing:** If the consent banner should automatically close when the user takes an action on your webpage
- **Consent model:** If the status is automatically set to `true` or `false` for all categories
- - **Opt-In:** The user, by default does not consent to all categories (except those that you deem to be mandatory). The user is required to select categories that they consent to share data with (or, opt-in to data collection)
- - **Opt-out:** The user, by default, does consent to all categories. The user can choose to select categories that they do not consent to share data with (or, opt-out of data collection)
+ - **Opt-In:** The user, by default, does not consent to all categories (except those that you deem to be mandatory). The user is required to select categories that they consent to share data with (or, "opt-in" to data collection)
+ - **Opt-out:** The user, by default, does consent to all categories. The user can choose to select categories that they do not consent to share data with (or, "opt-out" of data collection)
@@ -32,7 +32,7 @@ The OneTrust consent banner has three key UI configurations that control how the
-You can set use the banner display and banner closing settings to either create a banner implementation that is either:
+You can set the banner display and banner closing settings to create a banner implementation that is either:
- **Mandatory**: A user must interact with a banner before they access your site
- **Optional**: A user does not have to interact with a banner while they access your site. The banner is always present as your end users navigate through your site, disappears after a user takes an action, like clicking or scrolling, or is never shown to your users
@@ -68,7 +68,7 @@ To minimize the possibilities for data loss:
| Banner behavior | Cookie banner | User interaction with webpage | Segment loads | Possibility of data loss |
| --------------- | ------------ | ----------------------------- | ------------ | ---- |
-| Mandatory |
Displayed on page load |
Required to access webpage | After use action | [Low](#low), until a user changes their preferences |
+| Mandatory |
Displayed on page load |
Required to access webpage | After user action | [Low](#low), until a user changes their preferences |
| A banner that always remains as a user navigates your site |
Displayed on page load |
Not required to access webpage | With page load | [Medium](#medium) |
| A banner that disappears after a user action, like clicking or scrolling |
Displayed on page load |
Not required to access webpage | With page load | [Medium](#medium) |
| A banner that is optional and never displayed to a user |
Not displayed on page load |
Not required to access webpage | With page load | [Low](#low), until a user changes their preferences |
@@ -131,7 +131,7 @@ You might experience data loss if a user navigates away from a landing page befo
| Implied |
User does not interact with the consent banner and continues to access the website |
- 1. Website loads
2. Segment libraries load
3. Events flow to default consented and unmapped destinations (Segment and third-party destinations)
4. Website presents consent banner to a user
5. User does not interact with the consent banner and continues to access the website
6. Events continue to flow to all connected destinations |
+ 1. Website loads
2. Segment libraries load
3. Events flow to default consented and unmapped destinations (Segment and third-party destinations)
4. Website presents consent banner to a user
5. User does not interact with the consent banner and continues to access the website
6. Events continue to flow to all connected destinations
If your workspace has unmapped or strictly necessary destinations, events continue to flow to unmapped destinations. |
No data loss |
From 2338eb4febe4838f832ded0825cfb773cf39c01b Mon Sep 17 00:00:00 2001
From: forstisabella <92472883+forstisabella@users.noreply.github.com>
Date: Thu, 2 May 2024 13:05:24 -0400
Subject: [PATCH 8/8] updating categories info flows to by default
---
src/privacy/consent-management/onetrust-wrapper.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/privacy/consent-management/onetrust-wrapper.md b/src/privacy/consent-management/onetrust-wrapper.md
index 97ac18174c..0e38a12629 100644
--- a/src/privacy/consent-management/onetrust-wrapper.md
+++ b/src/privacy/consent-management/onetrust-wrapper.md
@@ -120,12 +120,12 @@ You might experience data loss if a user navigates away from a landing page befo
| User does not interact with the consent banner and continues to access the website |
- 1. Website loads
2. Segment libraries load
3. Events flow to default consented and unmapped destinations (Segment and third-party destinations)
4. Website presents consent banner to a user
5. User does not interact with the consent banner and continues to access the website
6. Events continue to flow to all connected destinations |
+ 1. Website loads
2. Segment libraries load
3. Events flow to default consented and unmapped destinations (Segment and third-party destinations)
4. Website presents consent banner to a user
5. User does not interact with the consent banner and continues to access the website
6. Events continue to flow to default consented and unmapped destinations |
No data loss |
| User provides consent preferences, rejects all categories, and closes the banner |
- 1. Website loads
2. Segment libraries load
3. Events flow to default consented destinations (Segment and third-party destinations)
4. Website presents consent banner to a user
5. User provides consent preferences, rejects all categories and closes the banner.
If your workspace has no unmapped or strictly necessary destinations, all event data after a user provides their consent data is blocked.
If your workspace has unmapped or strictly necessary destinations, events continue to flow to unmapped destinations. |
+ 1. Website loads
2. Segment libraries load
3. Events flow to default consented destinations (Segment and third-party destinations)
4. Website presents consent banner to a user
5. User provides consent preferences, rejects all categories and closes the banner.
If your workspace has no unmapped or strictly necessary destinations, all event data after a user provides their consent data is blocked.
If your workspace has unmapped or strictly necessary destinations, events continue to flow to destinations in the strictly necessary category and unmapped destinations. |
No data loss
Device mode libraries that are passively collecting data and are mapped to categories a user does not consent to share data with might still be collecting data.
Segment is not able to block that data collection. |