Implementing Opt-in Service Using Adobe Launch

Introduction to Data Privacy#

Information protection or data security is a part of Data Privacy having regulations about the secure handling of information, data collection (consent), and administrative commitments following regional regulatory obligations

The data privacy regulations for data collection across digital properties mainly involves the following rights for individual users:

  • Right to be informed
  • Right to rectification
  • Right of access
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to profiling and dynamic decision making

Right to be Informed#

User consent is required for analytics, optimization, targeting cookies on our digital properties, this is where our web implementation strategy comes into place.

In this blog, we will leverage Adobe Optin Service to implement Adobe Analytics, Adobe Target, and Adobe Audience Manager with cookie consent mechanism to make sure our web implementation strategy follows cookie guidelines as per state regulations.

Experience Cloud ID (ECID) Extension#

The Experience Cloud ID (ECID) extension in Launch is designed to let us manage which Experience Cloud solution can create cookies on the web page before user consent. The Opt-in service also provides methods to integrate with our CMP (Consent Management Platform) to retrieve/set user permission and deploy solutions accordingly.

Below is the Opt-in service settings in ECID extension in Adobe Launch:

Opt-in Service#

There are few prerequisites for enabling adobe opt-in service which is basically using supporting libraries in order to make experience cloud solutions to work together and managed by Opt-in service:

  1. ECID 4.0 or later
  2. AppMeasurement 2.11 or later
  3. DIL 9.0
  4. AT.js version 1.7.0
  5. AT.js Launch extension version 9.0
  6. For Analytics, App Measurement 2.11 with extension 1.6
  7. For Target, extension 0.9.1

More details and updates can be found in official adobe documentation here: https://docs.adobe.com/content/help/en/id-service/using/implementation/opt-in-service/getting-started.html

Configuring Optin Service#

Let us set-up ECID opt-in service step by step for Cookie Consent Setup:

Enable optin-service in Experience Cloud ID (ECID) extension In the Opt-in section the first setting 'Enable Opt-in' will help us configure the opt-in service.

  • Selection ‘No’: This is the default setting, It disables the Opt-in service.
  • Selection ‘Yes’: This setting will enable opt-in service for all web properties that are using this launch container. If we’ve separate launch properties per site, this is the best option to implement for us.
  • Selection ‘Determined at runtime using function’: This is the option we will explore in this article, where we’ve multiple regional sites handled using a single launch property.

We will need to set up a data element to return true/false based upon the website/domain in order to apply Opt-in service on runtime. This value can be also be referred from the data layer (if available). Let us set up a dummy data element with custom code to return optin check value (true/false):

// Custom Code > Data Element: [Optin Check]
var _ret = '';
var _host = window.location.hostname;
var _cookieConsentRequired = ['localhost','abhinavpuri.com']; //Add additonal domain here in order to enable Opt-in Service
try {
if (_cookieConsentRequired.indexOf(_host) > -1) 
  _ret = true
else
  _ret = false  // For domains that don't require cookie consent/Optin service 
    }
catch(e) {}
return _ret

Moving to the next configuration settings:

Is Opt-In Storage Enabled? Yes/No -

  • If opt-in storage is enabled, the permissions are stored in a first-party cookie for future reference,
  • If disabled - The cookie permissions are kept and read form our existing CMP (Cookie Management Platform) Cookie/objects. Please Note: This storage cookie will be referend as primary permission/consent cookie and all the CMP permission changes need to be mapped to it, Opt-in service will use this as primary consent to refer permissions ahead of our CMP permission cookie.

Opt In Cookie Domain? This field is applicable incase we have enabled the Opt-in storage. We can specify the first party domain where the opt-in cookie is stored.

Opt In Storage Expiry? Applicable only of Opt-in storage cookie is enabled to set the cookie expiration. The default setting is 13 months.

Previous Permissions? Previous permissions field will be used to retrieve the existing user consent permissions from our CMP cookie. This will ensure our adobe experience cloud tools work as per user consent available from previous sessions. We will need to setup a data element to return permission values in an JSON format.

//For example
{'aa':true,'aam':false,'target':false','ecid':true}

The cookie management platform (CMP) solution applied will be used to store/retrieve user consent permissions. We can create a data element [Previous Permissions] to read permission values form cookie or return default permissions.

Pre Opt-In Approvals? This setting is configured similarily using a data element returning JSON with pre-opt in permissions. It will assume consent for an adobe solution. Previous Permission settings can override this setting.

Here is our final configurations:

Testing Our Configuration#

This is default setting, where all our tools set permissions are set to false. Let us check on browser console how launch will process this case:

🚀 [Experience Cloud ID Service] Set variables: {"doesOptInApply":true,
"previousPermissions":{"aa":false,"aam":false,"target":false,"ecid":false}}

// MCID is not available since permissions are not available
🚀 [Experience Cloud ID Service] Obtained Marketing Cloud Visitor Id:  

In this case, we will all launch rules that will fire as expected and values will be built to ’s’ object tracker but no hits/or cookies [AMCV,AMCVS, mbox, demdex cookies] being set.

Now once the user accepts cookies, we will update permissions and invoke a direct call rule to trigger tools as permissions/consent provided. Adobe opt-in service provides built-in methods to invoke tools as per the below methods.

The configuration will be based upon the permission/consent provided for different tools and will be invoked by direct call rule once the user makes his selections/consent

Case: 1> Approve All

In this case, all the service and cookies have been allowed by the user: We can use the following methods in [direct call rule] custom code to approve/render tools.

// Individually approve all tool categories.
  adobe.optIn.approve(adobe.OptInCategories.ECID,true);
  adobe.optIn.approve(adobe.OptInCategories.ANALYTICS,true);
  adobe.optIn.approve(adobe.OptInCategories.AAM,true);
  adobe.optIn.approve(adobe.OptInCategories.TARGET,true);

// or call approve_all()
  adobe.optIn.approveAll();

// Invoke Complete Method once tools are approved.     
      adobe.optIn.complete();

Case: 2> Deny All

In this case all service have been denied by user - We can simply call:

  adobe.optIn.denyAll()
  adobe.optIn.complete();

Case: 3> Individual Tools Permission

We can approve multiple tools manually and allow them to track and set cookies. for example: If we want only Adobe Analytics and ECID to work but not Target and AAM -

  adobe.optIn.approve(adobe.OptInCategories.ECID,true);
  adobe.optIn.approve(adobe.OptInCategories.ANALYTICS,true);
  adobe.optIn.complete();

Once the above approval process is performed based upon the consent user permission provided. The consent information is stored in our previous permission cookie and retrieved via data element from next page load onwards and tracking works automatically for consent approved tools.

Key Considerations#

  1. For Adobe Analytics - The doPlugins is rendered at the end while page load rules are evaluated irrespective of consent, so make sure all cookie-based plugins are always set in doPlugins. It will only get executed once permission/consent for AA has been received.

  2. For Adobe Target - It supports GDPR deployments using ‘optinEnabled’ variable. This can be enabled using Target extension /or we can simply add a condition in Target page load rule to set this variable true if our domain/site has optin enabled (retrived from data element > ‘Optin Check’ we created earlier)

window.targetGlobalSettings = {
  optinEnabled: true
}
  1. For Adobe Audience Manager (Server Side Forwarding) - In this implementation the Adobe Analytics hits are automatically forwarded to Adobe Audience Manager on the backend using the server-side forwarding. In cases where the user has accepted Adobe Analytics but denied permission for AAM - We need to set a context data variable flag in adobe analytics tracking call “cm.ssf” to let the adobe server know if this call needs to be forwarded to AAM or not.
s.contextData['cm.ssf'] = '1' //Hit will not be forwarded to AAM
s.contextData['cm.ssf'] = '0' //Hit will be forwarded to AAM

If you enjoyed this post, I’d be very grateful if you’d help it spread by sharing it on Twitter/LinkedIn. Thank you!

©2020 abhinavpuri.com