In this article
A guide to user consent in Permutive, how to receive consent, and allow users to opt-out of tracking.
Default Consent
By default, Permutive assumes the data controller has consent to track their users’ data, which we call consent-by-default. In this configuration mode, the collection of user data starts from the first time Permutive’s SDK loads without requiring a consent token be passed by the controller for the user.
Consent-by-token
As a data controller, you may need to receive consent from the user before tracking data against them.
Permutive offers data processors a consent mechanism for this use-case, which we call consent-by-token. In this configuration mode, no user data is collected until the data controller has received consent from the user and passed the user’s consent token to the Permutive SDK. Once the Permutive SDK has been granted consent for this user, the SDK will start collecting user data from this moment on. The user can revoke this consent at any point.
To configure your Permutive SDK in consent-by-token mode, set the consentRequired
configuration field to true:
<script>
!function (n, e, i) { ... }(window.permutive, '<API_KEY>', '<W_ID>', { 'consentRequired': true })
permutive.addon('web', {
page: {
// ...
}
})
</script>
No user data will be tracked by the SDK until it receives a consent token for the user.
Once you have obtained consent for the user, consent can be passed to Permutive by calling the SDK consent
method with the consent token as below. From this point on, the SDK will track user event data — or until the user wishes to opt out.
permutive.consent({ "opt_in": true, "token": "YOUR_CONSENT_TOKEN_HERE" });
The consent token can have any value. Generally, this is used if an ID gets generated when the user gives consent via a Consent Management Platform to provide some transparency, but the actual value has no meaning to Permutive. As long the opt_in
is true and the token
is not null, we consider the consent to be given.
Some of our customers set a fixed value ie: {"opt_in":true,"token":"CONSENT_CAPTURED"}
.
Opt-out
You may choose or be required to offer users the option to opt out of tracking. All future tracking is then disabled for the user until the point they opt back in.
Whether the SDK is configured in consent-by-default or consent-by-token mode, a user can be opted out by setting the consent opt-in
field to false:
permutive.consent({ "opt_in": false });
Note: Read more about Permutive and user privacy here: Privacy and Compliance
Comments
0 comments
Article is closed for comments.