Introduction
Consent as a Service (CaaS) is a unique tool to enable you to create your own consent experiences for privacy regulation compliance.
This module is for implementation teams and outlines the steps to get started on a privacy experience project including how to access CaaS, who to include on your team and what to consider when designing your project.
You’ll understand
- The steps to login
- How each team member will participate
- How to craft a plan to begin.
For more information on features and benefits of CaaS, download our datasheet.
Accessing CaaS
In order to generate tokens and view reports for your experiences, you will log in at https://caas.evidon.com/.
Your access will be set up during onboarding with your CSM. You will use the same credentials as TagControl or Universal Consent Platform (UCP).
If you are an existing customer unsure about your access to CaaS, contact your Evidon CSM.
Your Project Team
Now that you have confirmed your access, confirm your team members have access as well.
There are usually at least 2 team members:
- Decision Maker
- You will own the requirements of the experience and review the reports.
- Developer
- You will use the Consent as a Service Privacy Information Collector (CaaS PI Collector) to implement the privacy experience. You will generate a token to associate the application with your company and post the data to the correct report.
- The developer skill set required (experience with mobile SDKs, JavaScript expertise, etc.) will depend on the type of application you plan to create and the platform it delivered from.
Designing Your Project
There are two primary requirements to consider when designing project that will use CaaS – the type of consent and the data points to collect. Let’s take a closer look at both.
Type of consent experience
The experience you create will be informed by the technology - the platform and application type, the design requirements and the reason for consent.
Platform
By design, CaaS allows you to deliver experiences across multiple channels. Examples include
Application
Using the collector, you can request experiences outside of banners and barriers such as
- Forms
- Emails
- Chatbots
- Game systems
- In car displays
Design Requirements
There are a handful of flows that are worth considering for every project
- Impression - When and how the banner or consent notification is displayed
- Consent - When the site user accepts the consent notification
- Modify Consent - When the site user changes to their consent response
Like any interactive experience, for each you will need to chart the steps you will need the user to complete, when you will request consent, the consent notification layout and how to fit the experience into your organization’ s branding guidelines.
Also, consider incorporating modern customer experience best practices including
- Situationally aware experiences- request based on what the user is trying to do
- Progressive experiences – asking for additional information in a series instead of all at once
- Reciprocal experiences – provide something valuable in return
Reason for Consent
Finally, consider why consent is necessary. This will impact the data points required.
- Is it compliance for specific law or regulation like CCPA or GDPR? Check the regulations to ensure your privacy experience aligns.
- Are you managing granular consent choices for vendors or cookies? Creating a userid will be helpful to keep the user’s selections available as they interact with your different applications on different platforms.
Data point to collect
As noted above, if you are interested in keeping track of a user’s selections across applications, collect a unique identifier to pass for the userid parameter.
This will improve stats and allow proper cross platform management. The best practice is to send a hashed version the user’s email address. Evidon will hash and store it.
This unique identifier will eventually allow for instantaneous retrieval of consent across applications. If a unique identifier is not sent, CaaS will automatically create one. There is no guarantee this will be as precise a unique identifier provided by your application.
The other data points you’ll collect will depend on what’s required by the consent experience. For most standard flows, you will consider
- Impressions to collect
- Consent actions to collect including accept, decline, and granular consent actions
- Application data points. For example, a form might include
- First name
- Last name
- Address
- Email
- Permissions for email or marketing information
Summary
To review, to get started with CaaS, we recommend completing these steps
- Confirm your access to https://caas.evidon.com
- Check with Evidon CSM if you cannot log in
- Assemble your team
- Pick developer based on platform and skillset required for application
- Include decision maker to help with requirements and analysis of reports
- Design your project by considering
- Type of consent experience – this includes platform, application, design and reason for consent
- Data points to collect