The Crownpeak Universal Consent Platform (UCP) provides our customers with an easy mechanism to gather consent for all their web properties and provide transparency into the technologies being used on the properties. The UCP is designed to be easy to configure and implement. It is also fully customizable so it can match your site designs.
This implementation guide will help you quickly get up and running with UCP. In the guide below we will cover the nine steps you will need to complete to publish your privacy experience.
- Understanding Consent
- Building a Site Notice
- Working with Site Notice Templates
- Styling a Site Notice
- Site Notice Translations
- Deploying Privacy Notices
- Access Requests
- Managing Vendors and Categories
- Testing a Site Notice
1. Understanding Consent
Under global privacy regulations, data collection practices must be outlined and/or consented to before they can lawfully occur. This is done through consent notices – often in the form of banners or barriers on websites. These notices tell website visitors which technologies are on the websites they visit, the type of data they collect and help ensure data is lawfully gathered. Different regulations require different forms of consent.
There are four main types of consent experiences that are important for you to understand when creating privacy experiences for your websites.
Prior Consent (Opt-In)
Prior consent, also known as “opt-in” consent, means non-essential user data is not collected until consent is provided. Essential means only information that is needed for the website to function. Advertising and marketing cookies are not dropped and tags do not fire unless the website visitor has explicitly given permission for it to happen. This usually happens through clicking an “Accept” button.
Opt-Out
“Opt-out” consent means that data is collected and marketing tags fire by default. By using the website, the website visitor agrees to the use of cookies, tags, and other ways of collecting data. Tracking and data collection happens by default, and the visitor must act to “opt-out” and end it.
Implied Consent
Implied consent means that consent is implicitly granted based on a website visitor’s actions. For example, by clicking on the page, scrolling, or continuing to use the site. This is not equivalent to explicit consent.
No Consent Required
For situations where no privacy regulations are being enforced, consent is not required. Best practice is to inform visitors that data is being collected even if no consent is required. In these cases, the visitor has no control over the collection of data through the UCP interface.
2. Building a Site Notice
Consent notices are an integral part of an effective privacy experience and can be customized to match the look and feel of your brand.
Site notices should be created using a notice template. We'll talk more about notice templates in the next section, but the high-level overview is that the notice templates are the logic or rules behind how your notices function. The template governs what experience to show to a visitor based on their location and the corresponding privacy regulation. The other benefit of the template is that it can be used on as many sites as you need, so you do not need to rebuild the logic for each notice. Though you can create a notice without a template, we don't recommend it.
The site notice wizard has 5 steps.
Countries & Languages
Give your notice a name and then select the notice templates for the regulations you would like to comply with from the dropdown on the bottom left. The notice template will populate the countries and translations.
Consent Settings
These are the settings defined by the notice template. You can click through countries on the left to see the rules that will be applied. nothing for you to do here.
Dialog Settings
The options dialog is where site visitors can access additional privacy information and granular consent options. These options are also driven by your notice template. If you see ⚠️, it means some data is missing which will prevent you from moving forward. These issues are typically missing links to your privacy policy and privacy requests pages.
Disclosure
In this section, you can manage tags and vendors. Creating a new notice will initiate a one-page scan off the domain you entered in Step 1 that populates the initial vendors on your visible notice. If you need to add vendors and mark them as essential, you can do this here. You can also categorize vendors so they will display correctly for your visitors.
Style
This tab lets you choose the visual experience site visitors will see. We'll cover styles later.
Preview
This is a preview of your notice. you can toggle between countries and languages to see the different experiences.
Learn more about creating a site notice.
3. Working With Site Notice Templates
Notice templates make it easy to manage many consent notices across many domains. The settings you choose in your notice template will be applied to every site notice where the template is applied.
If you need to edit your settings, you can make changes to your notice template and the updated settings will be applied to all notices using that template.
We have created default notice templates for enforced regulations and will continue to add templates as new regulations come online. You are able to build your own templates, but we encourage you to use the best practice templates provided.
To view notice templates, select Templates & Assets from the main menu bar, and then Notice Templates below that.
Learn more about working with notice templates.
4. Styling a Site Notice
Styles allow you to control the look and feel of your notices. Where notice templates are a template for the consent settings, styles are a template for the visual design. Research shows that privacy experiences that match the look and feel of your web experience result in higher consent rates. We provided a basic style theme for you to get started with.
To start creating a style, click Template & Assets and Styles in the main menu bar.
❗Caution: If you edit a theme that is used on active notices, changes you make will automatically be applied and visible on those notices. |
Learn more about working with Styles in UCP.
5. Site Notice Translations
You can edit the text that appears on your site notice so that it will align with the tone of voice of your brand as well as match legal requirements. We provide default text translated into 56 languages that we developed based on privacy UX best practices. The text for all languages is fully customizable. We recommend that if you update one language, you similarly update all other languages you would like to use.
Notices will be served to your website's visitors based on the default language set in their browser.
Some organizations create multiple translation sets for different brands/divisions or for testing new messaging to increase consent rates for your audience.
Learn more about working text and translations.
6. Deploying a Site Notice
To display a site notice, you will need to deploy the UCP Script Tag. You can find the right script for your organization, navigate to the Site Notice landing page and click the 'Get Site Notice Tag' button on the top right of the screen. From here you can download or copy the tag to put on your site. This can be done via a tag manager or directly with JavaScript.
Learn more about deploying a site notice and tag wrapping.
7. Access Requests
Many global privacy regulations, including GDPR and CCPA, grant users control over their personal data. Often referred to as “Data Subject Access Requests" (DSARs) or “access requests” for short, website visitors can make a request related to their personal data. Your organization will need a way to manage incoming requests.
UCP includes a simple way for your organization to take incoming requests, verify the visitor’s identity via email, and manage the status of existing requests. You have the option to use your own form or a third-party management tool. You will make this selection when setting up your site notice template.
Learn more about Access Requests.
8. Managing Vendors and Categories
Privacy regulations require you to disclose through your site notice how you are using your site visitor's data and who you are sharing it with. Based on preference and regulation, site notices may allow visitors to provide consent based on individual vendors or vendor categories.
Within UCP you can see where your vendors are and what notices they are on. Additionally, you can recategorize based on your company’s needs.
Learn more about vendors and categories.
9. Testing a Site Notice
Non-Production notices are a way to set up a notice in an environment meant for testing. By clicking the checkbox in the top right of the “Countries & Languages” when creating a site notice, you can set that notice for testing.
If you set a notice as Non-Production, you will need to update the snippet in the UCP script for "window.evidon.test". Setting this "variable = false" will point to the production settings. Pointing to "True" will be the test location. When setting up these production notices you will create a new folder structure that points to test settings.
prod: {companyId}/{domain}
non prod: {companyId}/test/{domain}
Learn more about how to test the site notice experience from different countries.