The Explicit Consent Prompt Manager makes it easy to deploy a prompt to your website to allow users to opt-in or opt-out of tracking. This tool offers full access to customize the code behind the scenes as well as offers translated content to global customers. This feature replaces the functionality perviously offered by the Privacy Manager extension and is part of our consent management features designed to help you stay compliant with GDPR.

In this article:

How It Works

A consent prompt notifies your customers about your desire to track their activity on your digital property and to acquire their consent. Explicit consent is a proactive approach in encouraging your customers to opt-in or opt-out by forcing a pop-up prompt until a selection is made.

• If a customer opts-out, the website suppresses all tracking activity and cookie storage that is not directly relevant to the digital experience.
• If the customer opts-in, the website can track the user behavior (commonly using third-party services).

Explicit Consent Prompt example:

The Explicit Consent Prompt Manager in iQ Tag Management (TiQ) makes it easy to create and deploy a consent prompt to your website using your existing TiQ installation. This feature can be used with the Consent Preferences Manager to offer your customers more granular control over how they are tracked (Learn More)

The Explicit Consent Prompt satisfies a requirement of the General Data Protection Regulation that a data subject (EU residents) must give explicit consent before activity can be tracked. 

Visitor Experience

Once deployed to your website using the standard iQ JavaScript container ( utag.js ), the consent prompt operates automatically – no additional coding is needed for the consent prompt to function. The prompt behavior is based on the configured load rule and the presence of a consent cookie. The prompt is triggered automatically on pages matching the load rule if that cookie is not detected. Once a response to the prompt has been submitted (for example, the visitor selects "Opt-in" or "Opt-out"), the consent cookie is created and subsequent page views do not trigger the consent prompt.

The consent prompt can be displayed programmatically using the JavaScript helper functions.

Features

The Explicit Consent Prompt in Tealium iQ offers the following features:

• Display Templates
• Customizable Style and Layout
• Multi-Language Support
• Configurable Display Condition
• Global Settings for Enterprise Rollout
• Consent Logging (requires DataAccess)

This feature does not require additional code on your site. All of the configuration is bundled with your existing installation of our JavaScript library (utag.js).

Once you configure and activate the consent prompt, the changes are released in your next publish.

Steps

The Explicit Consent Prompt is set up using the following screens:

• Content
  Use this screen to enter the message displayed to your customers, add multiple language translations, and provide your company's logo URL and privacy policy link.
• Customization
  Customize the design and layout of your prompt by editing the CSS, HTML, and JavaScript used to display your prompt.
• Display Rule
  Use your data layer to create a load rule that determines when to display the consent prompt.
• Options
  Adjust additional options, such as logging consent changes using DataAccess or marking non-tracking tags that are not governed by consent management, such as chat widget.
• Default Consent Categories (JavaScript Code Extension) (when Consent Preferences is disabled)
  If you do not use the Consent Preferences Dialog and have a server-side product enabled (EventStream, AudienceStream, or DataAccess), then this JavaScript Code extension is required to set the default consent categories.
  

  If you skip this step, incoming events might be ignored.

Global Settings

The Explicit Consent Prompt can be configured for multiple profiles at once using the global parameters setting. This allows you to configure your consent prompt at the account level and have each profile inherit that configuration.

To learn more, see Managing Global Consent Content.

Getting Started

Use the following steps to begin setting up the explicit consent prompt:

1. In the left sidebar, go to Client-Side Tools > Consent Management.
2. In the Explicit Consent Prompt section, click Get Started to launch the configuration.
   If the Explicit Consent Prompt is already set up, you can toggle it on or off from this screen.

Content

On the Content screen, customize the message displayed in the consent prompt, add languages for translated content, define custom parameters, and view a preview of the prompt you created.

Content Parameters

The Explicit Consent Prompt uses parameters to construct the final prompt that displays on your site. The prompt is templatized so that the values of the parameters can be easily substituted. Parameters are referenced using the format: {{parameter_name}}.

The standard built-in content parameters are:

• Title {{title}}
  The main heading of the consent prompt.
• Message {{message}}
  Your message to customers to inform them about your tracking intentions and links to other resources such as a privacy policy or contact form.
• Opt-in/Opt-out {{opt_in}} / {{opt_out}}
  The two options available:
  • opt-in - grant consent
  • opt-out - deny consent
• Confirmation Button {{confirmation_button}}
  The label on the submission button.

To edit the content of the standard parameters, modify the text fields and click Finish.

Sample HTML code with parameters:

<div class="example_body">
  <div class="privacy_prompt">
    <div class="privacy_prompt_content">
      <h1>{{title}}</h1>
      <p>{{message}}</p>
    </div>
    <div class="privacy_prompt_footer">
      <div class="button right">{{confirmation_button}}</div>
    </div>
    <div class="close_btn_thick"></div>
  </div>
</div>

Custom Parameters

Custom parameters can be added to further customize the prompt. These parameters can be referenced within the standard parameters or in the CSS/HTML/JavaScript code.

Best Practice: Avoid putting translatable text directly in the HTML or JavaScript. Instead, construct the code with {{parameters}} and define the values using custom parameters.

Use the following steps to add a custom parameter:

1. Scroll down to the Custom Parameters section and click + Add Parameter.
   The Custom Parameter dialog displays.
2. Enter a name for the parameter.
3. Click Apply.
   The new custom parameter displays in the list.
4. Enter a value for the new parameter.
   This value are substituted where the parameter is referenced.
5. Click Finish.

Languages

The Explicit Consent Prompt is built with automatic language detection. The consent prompt detects the language setting (wo-character language code) in the browser and presents the corresponding version of the consent prompt if that language has been configured. The consent prompt is configured in English (en) by default.

Language Overrides

You can optionally override the language with a value provided in the data layer if it is in the ISO format.

To override a language, add the following code as a preloader extension:

This step lets Consent know which variable to use to switch the language and affects the language shown for both the Explicit Consent and Preferences Manager.

window.utag_cfg_ovrd = window.utag_cfg_ovrd || {}; 
window.utag_cfg_ovrd.gdprDLRef = "<some data layer var e.g. meta.lang/page_lang>";

Adding a Language

Use the following steps to add a language:

1. In the Language side panel, click + Add.
   
   The Add Language dialog displays.
2. Select the desired language and click Apply.
   The new language displays in the side panel.
3. Click the new language to configure the content.
4. Enter the translated values in the standard parameter boxes (Title, Message, and Confirmation Button).
5. Click Finish.

Setting the Default Language

The default language is used to display the consent prompt when the user's detected browser language does not have a matching language configured in the consent prompt manager.

Use the following steps to set a default language:

1. Check the Make Default Language box located in the language title bar.
   
2. Click Preview to view your language configuration.

Customization (CSS, HTML, JavaScript)

On the Customization screen, the code is behind the consent prompt – the CSS, HTML, and the JavaScript that runs the prompt. This code can be edited to adjust the look and design of the prompt to match your website.

The JavaScript code is minified before it is published into the utag.js file. If the minification process fails for any reason (such as a syntax error), the publish process halt and return a warning message in iQ. Upon successful publish, when utag.js executes on the page, the consent prompt JavaScript code is injected into the <head> of the page.

Display Rule

On the Display Rule screen, select the load rule to determine when to load the consent prompt and display it to customers. To comply with GDPR regulation, the consent prompt must be presented to data subjects residing in the European Union (EU). You can select an existing load rule or create one to satisfy that criteria. If you are unsure, a guide is offered to generate a load rule for you.

GDPR Load Rule Creation Guide

The GDPR load rule creation guide is a series of questions about your website, domain, and data layer that generates the best load rule for the consent prompt. The questions are designed to determine the easiest way to identify your EU visitors using the data available in the data layer. The guide has pre-built the list of EU country names and generates the conditions needed to detect them all in one load rule.

Identifying EU data subjects can be accomplished the following ways:

• Domain, Subdomain, or Pathname
  If your iQ profile is loaded on a website that is dedicated to EU citizens or your business only operates within the EU, then the domain, subdomain, or pathname of the URL likely contains a country code that can be used in a load rule.
  Examples:  de.example.com , www.example.de ,  www.example.com/de
• Data Layer Country Variable
  If your iQ profile is loaded on a website that allows visitors to choose their country or language, then this information can be represented in the data layer and used to create a load rule.
  Examples: utag_data.country_code = "de"

If you skip the load rule creation guide, you can create your own load rule or, if your iQ profile is loaded on a site entirely dedicated to serving EU citizens, you can use the default load rule, "All Pages".

Options

From the Options screen, you can enable event logging and tags to omit.

Event Logging

The event logging option logs every consent action taken by your visitors. Each time a visitor grants or revokes consent using the consent prompt, the action is logged for auditing purposes. This option is offered to help you comply with Recital 42 of the GDPR, which requires that proof of consent be available for auditing purposes.

Learn more about Event Logging for Consent Management.

Tags to Omit

Not all tags deployed via iQ Tag Management are for tracking or data collection. Tags and extensions can also be used to serve site functionality, such as pop-up modals, product feedback, site support, or chat clients. Use the Tags to Omit setting to create a list of tags to be exempted from the tracking restrictions.

Consent Cookie

The consent prompt uses a cookie named CONSENTMGR. The presence of this cookie and the values it contains determines the behavior of the prompt and reflect the state of the visitor's consent. The key/value pairs are delimited by the " |" character.

The CONSENTMGR cookie stores the following key/value pairs related to the consent and preferences prompts:

• c1..N – integer value 1 or 0 indicating the tag category consent status where 1..N is the category number. 1=allowed, 0=not allowed (for use with the Consent Preferences prompt)
• consent – a boolean value that reflects the consent state of the visitor:
  
  • true – consent was given using the opt-in option
  • false – consent was declined using the opt-out option
• ts – the timestamp of the last consent state change

Example value of the CONSENTMGR cookie: ts:1525369619|consent:true|c1:0|c2:0|c3:0|c4:0|c5:0|c6:0|c7:1|c8:0|c9:1|c10:0|c11:0|c12:1|c13:0|c14:0|c15:0

Default Consent Categories (JavaScript Code Extension)

This step is only needed if the Consent Preferences Dialog is disabled and if you have a server-side product (EventStream, AudienceStream, DataAccess) enabled. This step uses the JavaScript Code extension to add the default consent categories to the data layer to ensure that server-side events continue to be processed.

To add the default consent categories:

1. Add a JavaScript Code extension.
2. Add this line of code to set the default list of consent categories:b["consent_categories"] = ["analytics", "affiliates", "display_ads", "search", "email", "personalization", "social", "big_data", "misc", "cookiematch", "cdp", "mobile", "engagement", "monitoring", "crm"];
3. Scope the extension to the Tealium Collect tag.

JavaScript Helper Functions

Once enabled and published, the consent prompt introduces JavaScript utility functions into the utag namespace to allow you to integrate additional functionality. The namespace utag.gdpr contains all of the consent management utility functions.

utag.gdpr.showExplicitConsent()

Displays the explicit consent prompt. Integrate this function into your site to provide visitors a way to change their consent setting. To set the language dynamically, you can send the language as a parameter when calling the function. This overrides both the window.utag_cfg_ovrd.gdprDLRef defined above and the browser detection logic.

Example:

<a href="javascript&colon;utag.gdpr.showExplicitConsent('EN')">Change Consent</a>

utag.gdpr.getCookieValues()

Returns an object of key/value pairs from the CONSENTMGR cookie (mentioned above). The values are retrieved from utag.data['cp.CONSENTMGR'].

Example of consent declined:

> utag.gdpr.getCookieValues()
{
  ts: "1525369619",
  consent: "false"
}

Example of partial consent has been given for categories 7, 9, and 12:

> utag.gdpr.getCookieValues()
{
  ts: "1525369619",
  consent: "true",
  c1: 0,
  c2: 0,
  c3: 0,
  c4: 0,
  c5: 0,
  c6: 0,
  c7: 1,
  c8: 0,
  c9: 1,
  c10: 0,
  c11: 0,
  c12: 1,
  c13: 0,
  c14: 0,
  c15: 0
}