The Consent Prompt Manager makes it easy to deploy a prompt to your website to allow users to opt-in or opt-out of tracking. This tools offers full access to customize the code behind the scenes and offers translated content to your global customers. This feature replaces the functionality offered by the Privacy Manager extension and is part of our consent management features that help you stay compliant with GDPR.

In this article:

How It Works

A consent prompt notifies your customers about your desire to track their activity on your digital property and to acquire their consent. Explicit consent is a proactive approach in encouraging your customers to opt-in or opt-out by forcing a pop-up prompt until a selection is made. If a customer opts-out, the website will suppress all tracking activity and cookie storage that is not directly relevant to the digital experience. If the customer opts-in, the website can track the user behavior (commonly using third-party services).

Example explicit consent prompt:

The Explicit Consent Prompt manager in Tealium iQ makes it easy to create and deploy a consent prompt to your website using your existing iQ installation. This feature can be used with the Consent Preferences Manager to offer your customers more granular control over how they are tracked.

• Learn more about the Consent Preferences Manager

The Explicit Consent Prompt satisfies a requirement of the General Data Protection Regulation that a data subject (EU residents) must give explicit consent before activity can be tracked.

Visitor Experience

Once deployed to your website via the standard iQ JavaScript container (utag.js) the consent prompt operates automatically--no additional coding is needed for the consent prompt to function. The prompt behavior is based on the configured load rule and the presence of a consent cookie. The prompt is triggered automatically on pages matching the load rule if that cookie is not detected. Once a response to the prompt has been submitted (i.e., visitor selects "Opt-in" or "Opt-out") the consent cookie is created and subsequent page views will not trigger the consent prompt.

The consent prompt can be displayed programmatically using the JavaScript helper functions.

Features

The Explicit Consent Prompt in Tealium iQ offers the following features:

• Display Templates
• Customizable Style and Layout
• Multi-Language Support
• Configurable Display Condition
• Global Settings for Enterprise Rollout
• Consent Logging (requires DataAcces)

This feature does not require any additional code on your site. All of the configuration is bundled with your existing installation of our JavaScript library (utag.js).

Once you configure and activate the consent prompt, the changes are released in your next publish.

Steps

The Explicit Consent Prompt is set up using the following screens:

• Content
  Use this screen to enter the message displayed to your customers, add multiple language translations, and provide your company's logo URL and privacy policy link.
• Customization
  Customize the design and layout of your prompt by editing the CSS, HTML, and JavaScript used to display your prompt.
• Display Rule
  Use your data layer to create a load rule that determines when the consent prompt should be displayed.
• Options
  Adjust additional options, like logging consent changes using DataAccess or marking non-tracking tags that are not governed by consent management (e.g. chat widget).

Global Settings

The Explicit Consent Prompt can be configured for multiple profiles at once using the global privacy resources setting. This allows you to configure your consent prompt at the account level and have each profile inherit that configuration.

To learn more, see Managing Global Consent Content.

Getting Started

To begin setting up the explicit consent prompt, go to the My iQ tab and in the left side bar click Privacy Management. Click Get Started to launch the configuration modal. If your prompt is already set up, you can toggle it on or off from this screen.

Content

On the Content screen you will customize the message displayed in the consent prompt, add languages for translated content, define custom parameters, and see a preview of the prompt.

Content Parameters

The Explicit Consent Prompt uses parameters to construct the final prompt that appears on your site. The prompt is templatized so that the values of the parameters can be easily substituted. Parameters are referenced using the format: {{parameter_name}}.

The standard built-in content parameters are:

• Title  {{title}} 
  The main heading of the consent prompt.
• Message  {{message}} 
  Your message to customers to inform them about your tracking intentions and links to other resources such as a privacy policy or contact form.
• Opt-in/Opt-out  {{opt_in}} / {{opt_out}}
  The two options available: opt-in - grant consent, opt-out - deny consent.
• Confirmation Button  {{confirmation_button}} 
  The label on the submission button.

To edit the content of the standard parameters, modify the text fields and click Finish.

Sample HTML code with parameters:

<div class="example_body">
  <div class="privacy_prompt">
    <div class="privacy_prompt_content">
      <h1>{{title}}</h1>
      <p>{{message}}</p>
    </div>
    <div class="privacy_prompt_footer">
      <div class="button right">{{confirmation_button}}</div>
    </div>
    <div class="close_btn_thick"></div>
  </div>
</div>

Custom Parameters

Custom parameters can be added to further customize the prompt. These parameters can be referenced within the standard parameters or in the CSS/HTML/JavaScript code.

Best Practice: Avoid putting translatable text directly in the HTML or JavaScript. Instead, construct the code with {{parameters}} and define the values using custom parameters.

To add a custom parameter:

1. Click +Add Parameter. The Custom Parameter dialog appears.
2. Enter a name for the parameter.
3. Click Apply. The new custom parameter will appear in the list.
4. Enter a value for the new parameter. This value will be substituted whereever the parameter is referenced.
5. Click Finish.

Languages

The Explicit Consent Prompt is built with automatic language detection. The consent prompt detects the language setting in the browser (two-character language code) and presents the corresponding version of the consent prompt (if that language has been configured). The consent prompt is configured in English (en) as the default.

To add a language:

1. In the Language side panel, click +Add. The Add Language dialog appears.
2. Select the desired language and click Apply. The new language will appear in the Language side panel.
3. Click the new language to configure its content.
4. Enter the translated values in the standard parameter boxes (Title, Message, and Confirmation Button).
5. Click Finish.

Set a default language by checking the box named Make Default Language located in the language title bar. The default language will be used to display the consent prompt when the user's detected browser language does not have a matching language configured in the consent prompt manager.

Preview

Preview your configuration by clicking Preview from the language title bar.

Customization (CSS, HTML, JavaScript)

On the Customization screen you will see the code behind the consent prompt--the CSS, HTML, and JavaScript that runs the prompt. This code can be edited to adjust the look and design of the prompt to match your website.

The JavaScript code is minified before it is published into the utag.js file. If the minification process fails for any reason (such as a syntax error), the publish process halt and return a warning message in iQ. Upon sucessful publish, when utag.js executes on the page, the consent prompt JavaScript code is injected into the <head> of the page.

Display Rule

On the Display Rule screen you will select the load rule to determine when to load the consent prompt (and display it to customers). To comply with GDPR regulation, the consent prompt must be presented to data subjects residing in the European Union (EU). You can select an existing load rule or create one to satisfy that criteria. If you are unsure, a guide is offered to generate a load rule for you.

GDPR Load Rule Creation Guide

The GDPR load rule creation guide is a series of questions about your website, domain, and data layer that generates the best load rule for the consent prompt. The questions are designed to determine the easiest way to identify your EU visitors using the data available in the data layer. The guide has pre-built the list of EU country names and will generate the conditions needed to detect them all in one load rule.

Identifying EU data subjects can be accomplished the following ways:

• Domain, Subdomain, or Pathname
  If your iQ profile is loaded on a website that is dedicated to EU citizens or your business only operates within the EU, then the domain, subdomain, or pathname of the URL will likely contain a country code that can be used in a load rule.
  Examples: de.example.com, www.example.de, www.example.com/de
• Data Layer Country Variable
  If your iQ profile is loaded on a website that allows visitors to choose their country or language, then this information can be represented in the data layer and used to create a load rule.
  Examples: utag_data.country_code = "de"

If you skip the load rule creation guide, you can create your own load rule or, if your iQ profile is loaded on a site entirely dedicated to serving EU citizens, you can use the default load rule, "All Pages".

Options

On the Options screen you can enable event logging and tags to omit.

Event Logging

The event logging option logs every consent action takes by your visitors. Each time a visitor grants or revokes consent using the consent prompt, the action will be logged for auditing purposes. This option is offered to help you comply with recital 42 of the GDPR requirement that proof of consent must be available for auditing purposes.

Consent events are tracked through your existing Tealium Collect tag or using the HTTP API if you don't have a Collect tag.

Reference: Consent Change Event Specifications

The event logging option requires EventStream.

Tags to Omit

Not all tags deployed via iQ Tag Management are for tracking or data collection. Tags and extensions can also be used to serve site functionality, such as pop-up modals, product feedback, site support, or chat clients. Use the Tags to Omit setting to create a list of tags to be exempted from the tracking restrictions.

JavaScript Helper Functions

Once enabled and published, the consent prompt will introduce JavaScript utility functions into the utag namespace to allow you to integrate additional functionality. The namespace utag.gdpr contains all of the consent management utility functions.

utag.gdpr.showExplicitConsent()

Displays the explicit consent prompt. This function should be integrated into your site to provide visitors a way to change their consent setting.

Example:

<a href="#" onClick="utag.gdpr.showExplicitConsent()">Change Consent</a>

Consent Cookie

The consent prompt uses a cookie named CONSENTMGR. The presence of this cookie and the values it contains will determine the behavior of the prompt and reflect the state of the visitor's consent. The key/value pairs are delimited by the "|" character.

The CONSENTMGR cookie stores the following key/value pairs related to the consent and preferences prompts:

• c1..N - integer value 1 or 0 indicating the tag category consent status where 1..N is the category number. 1=allowed, 0=not allowed (for use with the Consent Preferences Prompt)
• consent - a boolean value that reflects the consent state of the visitor:
  
  • true - consent was given using the Opt-In option
  • false - consent was declined using the Opt-Out option
• ts - the timestamp of the last consent state change

Example value of the CONSENTMGR cookie: ts:1525369619|consent:true|c1:0|c2:0|c3:0|c4:0|c5:0|c6:0|c7:1|c8:0|c9:1|c10:0|c11:0|c12:1|c13:0|c14:0|c15:0

utag.gdpr.getCookieValues()

Returns an object of key/value pairs from the CONSENTMGR cookie (mentioned above). The values are retrieved from utag.data['cp.CONSENTMGR'].

Example of consent declined:

> utag.gdpr.getCookieValues()
{
  ts: "1525369619",
  consent: "false"
}

Example of partial consent has been given for categories 7, 9, and 12:

> utag.gdpr.getCookieValues()
{
  ts: "1525369619",
  consent: "true",
  c1: 0,
  c2: 0,
  c3: 0,
  c4: 0,
  c5: 0,
  c6: 0,
  c7: 1,
  c8: 0,
  c9: 1,
  c10: 0,
  c11: 0,
  c12: 1,
  c13: 0,
  c14: 0,
  c15: 0
}