Consent Management Overview

Learn about RudderStack’s consent management feature.

RudderStack’s robust consent management solution offers the following features:

Workflow

The following steps give a high-level overview of how to implement RudderStack’s consent management feature.

You can configure each destination with custom logic to block or allow events based on the consent provider and the category IDs.

  1. Go to the destination’s Configuration settings > Consent settings to configure the consent settings for each source.
  1. Choose your consent management provider from the dropdown. You can also add multiple providers based on your requirements.
  2. Enter enter the consent category IDs relevant for the destination in the Enter consent category IDs field.

Note that for a Custom provider, you must also specify the consent logic to be applied on the category IDs while resolving them against user consent data. See Custom Consent Management for more information on specifying the consent logic for a custom provider.

You can add multiple consent management providers for each source while configuring the destination-specific consent settings.

  1. Specify the consent provider settings.
  2. Click Add group condition.
  3. Specify the consent settings for the other provider.

You can add consent settings for multiple providers. However, note that only one of them will be used for filtering events to a destination, based on the provider specified in the client SDK’s load instrumentation or in the context.consentManagement object in the event payload.

After specifying the consent settings in the RudderStack dashboard, you need to instrument your website to capture the consent IDs and add them to your event payloads.

info
See the Consent Management Support Matrix for help in planning your implementation.

There are two ways to set up your instrumentation. If you are tracking consent across client and server-side SDKs, you will need to use both:

  1. Automatically capture consent data through integrations: The JavaScript, iOS, and Android SDKs support native integrations that automatically capture consent data from your consent provider, then append it to event payloads.
  2. Add consent data directly to event payloads: If you need to manage consent data coming from server-side SDKs and other sources, you need to add the consentManagement object to the context of the event payload. See Add the Consent Object to Event Payloads for more information.

RudderStack’s JavaScript SDK lets you configure user tracking before the user provides consent.

Sample implementation workflow

RudderStack’s pre-consent user tracking feature lets you configure a preConsent object that defines the JavaScript SDK’s cookie storage and event delivery behavior in pre-consent mode.

The following steps give a high-level implementation overview of the pre-consent user tracking feature:

  1. Configure the storage options while loading the JavaScript SDK.
  2. In the loading snippet, set preConsent.enabled to true. You can also define the SDK’s cookie storage and events delivery strategy before the user provides consent.
rudderanalytics.load(WRITE_KEY, DATA_PLANE_URL, {
    storage: {
        encryption: {
            version: "v3" / "legacy"
        },
        type: "cookieStorage", // Other available options are "localStorage", "sessionStorage", "memoryStorage", and "none".
        
        // Other storage options
    }
  consentManagement: {
    enabled: true,
    provider: "oneTrust" / "ketch" / "custom" // Specify your consent management provider
  },
  preConsent: {
    enabled: true,
    storage: { // Optional; defines SDK's cookie storage strategy
      strategy: "session" // Optional; other accepted values are "none", "session"
    },
    events: { // Optional; defines SDK's events delivery behavior
      delivery: "buffer" // Optional; other accepted value is "immediate"
    },
  }
  // Other load options
});
  1. Invoke the consent API once the user provides consent. You can also define the SDK’s post-consent storage options here and determine if the SDK should discard the buffered pre-consent events, if any.
rudderanalytics.consent({
  trackConsent: true,
  discardPreConsentEvents: true, // Optional; default value is false
  storage: {
    type: "localStorage" // Other available options are "cookieStorage", "sessionStorage", "memoryStorage", and "none".
  }
});

See the following guides for more information on using this feature with the specific consent management platform:



Questions? Contact us by email or on Slack