Website Privacy Validation (4/6): Does my CMP effectively respect all possible consent profiles?

If you’ve followed along with our privacy validation series, you know that we've checked for the presence of the privacy policy, the “do not sell/share” link, and the cookie consent banner tag. The next thing you should ask is, “Does my consent management platform (CMP) effectively block/allow specific cookies and tags based on user-specified consent preferences."

Essentially, you want to know if the CMP is implemented correctly. Just because the cookie banner is there and website visitors can click on it, that alone doesn't mean it's effectively functioning as expected behind the scenes.

To demonstrate how you could validate this, we used ObservePoint to run an Audit of OneTrust.com, our example website for this series, and simulated a user that has opted out of non-strictly necessary cookies. In the resulting report, you can see that there are still 11 tags that are firing, even after opting out to a "Disable All" state. This could be fine. There are some tags (and cookies) that are absolutely necessary for a website to function properly.

If we look more closely at the Audit results, however, we can see that some of these technologies are not categorized as “Strictly Necessary” – tags like Google Ads Remarketing and Google Universal Analytics. While they are not being detected on most pages of the site when a user has opted out, there still are a small handful of pages (46 out of the 1000 scanned) on which user consent preferences do not appear to be fully respected.

If you were to find similar behavior on your own website, you would want to examine those pages to see if your CMP is not implemented as expected or if there are other reasons for that potentially noncompliant state to exist.

If you’d like to see how well your own Consent Management Platform is respecting consumer preferences on your website, reach out to get a pre-recorded demo.

Read the next post in our Website Privacy Validation series: Where are new and/or unapproved cookies and technologies showing up on my website?

Related Posts

Bridging Internal Website Privacy Gaps

This tip sheet helps legal and compliance departments effectively communicate with marketing and analytics departments to collaborate, strategize, and execute on website privacy compliance.
Read More

IAPP Webinar: Shining a Light on Dark Patterns

Do you feel prepared for the death of cookies? We wanted to know how well prepared the industry is, so we scanned the top 100 sites in the US, UK and Australian markets to find out.
Read More

2023 Data Predictions

Read this infographic for 2023 data predictions.
Read More

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Bridging Internal Website Privacy Gaps

This tip sheet helps legal and compliance departments effectively communicate with marketing and analytics departments to collaborate, strategize, and execute on website privacy compliance.
Read More

IAPP Webinar: Shining a Light on Dark Patterns

Do you feel prepared for the death of cookies? We wanted to know how well prepared the industry is, so we scanned the top 100 sites in the US, UK and Australian markets to find out.
Read More

2023 Data Predictions

Read this infographic for 2023 data predictions.
Read More

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More