Website Privacy Validation (4/6): Does my CMP effectively respect all possible consent profiles?

If you’ve followed along with our privacy validation series, you know that we've checked for the presence of the privacy policy, the “do not sell/share” link, and the cookie consent banner tag. The next thing you should ask is, “Does my consent management platform (CMP) effectively block/allow specific cookies and tags based on user-specified consent preferences."

Essentially, you want to know if the CMP is implemented correctly. Just because the cookie banner is there and website visitors can click on it, that alone doesn't mean it's effectively functioning as expected behind the scenes.

To demonstrate how you could validate this, we used ObservePoint to run an Audit of OneTrust.com, our example website for this series, and simulated a user that has opted out of non-strictly necessary cookies. In the resulting report, you can see that there are still 11 tags that are firing, even after opting out to a "Disable All" state. This could be fine. There are some tags (and cookies) that are absolutely necessary for a website to function properly.

If we look more closely at the Audit results, however, we can see that some of these technologies are not categorized as “Strictly Necessary” – tags like Google Ads Remarketing and Google Universal Analytics. While they are not being detected on most pages of the site when a user has opted out, there still are a small handful of pages (46 out of the 1000 scanned) on which user consent preferences do not appear to be fully respected.

If you were to find similar behavior on your own website, you would want to examine those pages to see if your CMP is not implemented as expected or if there are other reasons for that potentially noncompliant state to exist.

If you’d like to see how well your own Consent Management Platform is respecting consumer preferences on your website, reach out to get a pre-recorded demo.

Read the next post in our Website Privacy Validation series: Where are new and/or unapproved cookies and technologies showing up on my website?

Related Posts

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?” Essentially,…
Read More

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?” Essentially,…
Read More