Depending on the country you or your users are located in, and the applicable data privacy regulations, you, as the Data Controller, might have a duty to obtain consent and demonstrate that valid consent has been given by users.
To support your compliance with applicable data privacy regulations, we provide you with the option to implement the Active Cookie Consent mode, which enables you to demonstrate that valid consent has been provided by enabling us to obtain information in real time about users’ cookie consent preferences.
With the Active Cookie Consent mode, users are not served personalized experiences unless they actively provide consent. Only users who gave their consent receive personalized experiences. Users can opt in and change their opt-in status at any time, without limitations.
What happens when users have not provided consent?
- Data is not collected at all, so there are no reports for these users.
- Dynamic Yield cookies are not set in their browser (unless you use JavaScript code to create a cookie). In such instances, the information gathered through the JavaScript code remains in your possession.
- No variation stickiness occurs. Every time the user is eligible for an experience, the system selects a variation regardless of previous selections (you can use the opt-out targeting condition to target variations to these users if you want to avoid users getting multiple variations across sessions).
- Custom Code, Visual Edit, Push Notification campaigns, and Overlays and Notifications are served only to opted-in users (this is the default behavior and is not configured in Active Consent mode settings).
-
Targeting by "Who" conditions (such as user properties or session behavior) does not target these users. If Active Cookie Consent mode has been activated and the user has not provided their consent, no user personal data is processed for personalization purposes, except for data stemming from strictly necessary cookies, as those are not subject to consent. More specifically, we only collect contextual information that is essential for the website to function properly and is limited to the first 2 octets of IP addresses.
Note: Targeting users by lack of activity (for example, 0 pageviews) will target these users. If you want to restrict non-consenting users from being targeted by the experience, use the Active Consent targeting condition. - Recommendations using personalized algorithms (such as affinity or deep learning) fall back to the closest non-personalized algorithm.
- Landing Pages might fail to attribute conversions.
- Audiences: Users are not added to any audience report. However, during a visit to a web page (pageview) they are temporarily entered into an audience based on specific conditions (for example, a user with a mobile device might match an audience condition of "Mobile Users"). Despite this, as every pageview resets the user identity, they do not remain in the same audiences across sessions.
Notes:
- These conditions are also true in preview mode, as you preview the campaign and variation.
- Consent for triggered message campaigns is not managed using Active Cookie Consent. To handle consent for these campaigns, see the Managing Opted-in Users section in Getting Started with Reconnect.
Enabling Active Cookie Consent mode
Do the following to enable Active Cookie Consent mode:
- Implement a field in your <head> tag with the current consent preference of the user, and use an API call to notify Dynamic Yield when a user has changed their consent preference.
- Validate that the implementation is done properly.
- Preview how existing campaigns are served to users who did not provide consent, and make adjustments if needed.
- Contact your Dynamic Yield Support to turn on Active Cookie Consent mode.
Note that as soon as a user opts in, all of the current page data is saved, including the cookie referral data.
Step 1: Implement an Active Cookie Consent snippet and APIs
In this mode, you need to let Dynamic Yield know – on every page and for every user – whether or not the user gave consent. Implement the snippet in the <head> tag of the page, after the page context. If the user changes their consent preference, make an API call to notify Dynamic Yield of this change and ensure that the snippet in the <head> tag of the page changes accordingly.
Note: This is a necessary preliminary step for turning on Active Cookie Consent mode, but it doesn't affect your visitors until Dynamic Yield Support activates it.
If the user consents:
DY.userActiveConsent = { accepted: true }
If the user does not consent:
DY.userActiveConsent = { accepted: false}
Note: We recommend that you explicitly add this snippet for users who did not give their consent as well. When Active Consent Mode is enabled, the user is considered "false" if no consent is given, or if the snippet isn't implemented for any reason. Only users with explicit consent are served with personalized experiences.
However, using the API means that if a user changes their preferences, the change occurs immediately.
Use the following API call to notify that the user has given consent:
DYO.ActiveConsent.updateConsentAcceptedStatus(true)
Use "false" to notify that the user moved from consent to no consent:
DYO.ActiveConsent.updateConsentAcceptedStatus(false)
Remember to update the snippet in the <head> tag of the page to match the data sent in this API call.
If you use a custom analytics integration, use an additional API in the code of the custom integration to prevent private user data from being sent to a third party.
Step 2: Validate the implementation of Active Cookie Consent APIs
It is crucial to validate that everything is implemented correctly. To do so:
- Check that the value of DY.UserActiveConsent is false.
- Check that Active Cookie Consent mode is implemented in the head before the script (check at least three pages). Here is an example of a specific implementation, though yours might be different:
-
Check that the status changes with:
DYO.ActiveConsent.isUserOptOut() ? 'No Consent' : 'Consent'
- Check that there are no console errors related to Active Cookie Consent implementation.
- To verify that the status was changed by API:
- Open the developer console (Option+⌘+C (Mac) or Cmd+Shift+J (PC)).
- Go to the Elements tab, and search for the term “updateConsentAcceptedStatus” (press ⌘+F or CTRL+F and paste the term). You'll find the results described in Step 1.
Step 3: Preview an existing campaign
You might want to check how users who did not provide consent experience your site. Remember, these users will not be served with experiences that have personalized targeting, in addition to some other limitations (see the section What happens when users have not provided consent?).
To preview how users who did not provide consent experience your site:
- Go to Settings › Data Privacy › Active Cookie Consent and click Preview Site.
- In the browser tab that opens, look at your site and see which campaigns and experiences are served.
Step 4: Contact Dynamic Yield Support
After you complete and verify the implementation, and your campaigns are ready, contact Dynamic Yield Support to turn on Active Cookie Consent mode.
Next, we recommend that you verify that data is indeed not collected for users who did not provide consent. Look for the strings px.dynamicyield.com and px-eu.dynamicyield.com in their network calls. These strings don't exist if data isn't being collected.
Manage campaigns for users who have not provided consent
Because users who did not provide consent are served with limited Dynamic Yield experiences, you might want to edit some of your existing campaigns as follows:
- If all the experiences in a campaign use a targeting condition from the "who" category, the campaign will not be served to users who did not provide consent. So, you might want to create another experience for these users without using these conditions.
- If you have a test with multiple variations, remember that users who did not provide consent will not have variation stickiness. This means that they might see a different variation upon each pageview. If you want to avoid this, you can exclude them from the experience targeting by using the Active Cookie Consent targeting condition.
How can I target users who have not given consent with unique experiences?
Dynamic Yield provides a targeting condition designed to target users who have not given consent when Active Cookie Consent is enabled. For example, if you have a personalized experience on your homepage, you might want to create an alternative experience for the users who will not be served with the personalized experience.
To do this, create an experience that is targeted only to users who have not consented using the targeting condition Active Cookie Consent. Supported campaign types include recommendations and dynamic content.
Enabling API campaigns with Active Cookie Consent
API campaigns behave similarly to web personalization campaigns. This means that a user is considered to be opted out until they actively opt in, and you need to notify Dynamic Yield when a user opts in (or opts out). User consent data must be sent in every API call, such as Choose, Engagement, Events, and so on.
To indicate the user’s preference, add the active_consent_accepted parameter. If you send requests without this parameter, or with an incorrect value, Dynamic Yield assumes that the visitor has not opted in (value of false).
Param
"user": {
"dyid": "-4350463893986789401",
"dyid_server": "-4350463893986789401"
"active_consent_accepted" : // true or false
}
How it works:
- For first-time users, you don't send the user ID and session ID to Dynamic Yield.
- Dynamic Yield sets and returns the user ID and session ID in a cookie in the response.
- After Active Cookie Consent is turned on, Dynamic Yield can't return valid cookies unless the user has consented.
- If the user has opted out or not consented, Dynamic Yield sends a cookie with the user ID and session ID with a TTL (maxAge) of -1 (that is, the cookie is not saved, and if there was a cookie before, it's deleted). This way, you don't need to change your implementation, as the cookie expires immediately.
Handling Assumed Consent
If you don't require your users to opt-in for cookies, and instead you allow them to opt-out (also known as Assumed Consent or Implied Consent), you can use use the Dynamic Yield's Active Cookie Consent capability by reporting the existing state of consent of the user - as you maintain it in your consent management tool - in <head> tag of every page, before the Dynamic Yield script:
If the user didn't opt out, or opted in after previously opting out:
DY.userActiveConsent = { accepted: true }
If the user opted out:
DY.userActiveConsent = { accepted: false}