Integrate RudderStack with the OneTrust consent management platform.
Data protection laws such as GDPR, CCPA, etc., require the websites to get user consent for collecting their data through cookies.
Consent managers offer various cookie consent solutions allowing the customers to determine what personal data they want to share with a business.
OneTrust is a popular consent management platform that provides data governance, privacy management, and security solutions to thousands of businesses worldwide.
The JavaScript SDK seamlessly integrates with the OneTrust SDK. It lets you map the OneTrust cookie/consent groups to RudderStack’s consent purposes. RudderStack, in turn, uses this consent information to enable/disable tracking and sending the data.
The OneTrust integration with the JavaScript SDK is applicable only for the device mode connections. For the cloud mode connections, you can write a transformation to implement your desired use-case.
How the RudderStack-OneTrust integration works
Whenever a user starts browsing a website, OneTrust pops up a modal to take consent from the user. This modal contains a list of cookie groups representing the GDPR consent purposes that the user needs to decline or accept.
The JavaScript SDK fetches these consented groups and the destination (OneTrust category) mappings specified in the RudderStack dashboard. Depending on these settings, the SDK filters the destinations.
Setting up the integration
The following sections highlight the steps to set up the JavaScript SDK integration with OneTrust.
Step 1: Configuring OneTrust
Follow these steps to configure OneTrust for your web app:
Enter your top-level website URL to scan and click Start Scan.
Go to the Categorizations tab and define the new categories or modify the existing ones, as required.
The categories should be associated with/attached to at least one cookie to be displayed in your RudderStack dashboard’s OneTrust modal.
Go to the Scripts tab, select the domain to be published and click Publish to publish the script.
Step 2: Specifying the OneTrust Cookie Categories
You need to enable OneTrust for a given JavaScript source. To do so, specify the consent category names defined in OneTrust (Step 1) for each destination connected to that JavaScript source.
Step 3: Setting up your website
Load the OneTrust script that you published in your web app in Step 1, as shown below:
As seen in the above snippet, you must first load the OneTrust script and then load the JavaScript SDK only if the user provides their consent. This is because the SDK determines whether to send events to a destination based on the user’s consent. If a user denies consent in OneTrust, then Rudderstack does not load the destination SDKs or send any events to them.
One way to load the JavaScript SDK after the user provides the consent is to modify the OptanonWrapper() callback function provided by OneTrust. You also need to add the cookieConsentManager option in the load() call as shown:
functionOptanonWrapper(){if(window.OneTrust.IsAlertBoxClosed()){// Load the SDK
rudderanalytics.load(WRITE_KEY,DATA_PLANE_URL,{cookieConsentManager:{oneTrust:{enabled:true}},//other options
});}}
If a user updates the consent settings, the web page must be refreshed for the changes to take effect in the SDK.
Once completed, RudderStack reads the consented categories and filters the destinations accordingly.
If you are using a consent manager other than OneTrust, configure the cookie categories you want to show on your website whenever a new user visits your website.
Next, you need to create an internal mapping between these cookie categories and the destinations configured in RudderStack. For example:
Analytical cookie: Amplitude, Google Analytics
Targeting cookie: Bing Ads, Google Ads
Marketing cookie: Braze, Mailchimp, Customer.io
When a user provides consent, you should fetch the consent (via the API or SDK provided by your consent manager) and filter the destinations depending on the consent. Once you have the list of destinations for which the user has provided consent, you can only load the JavaScript SDK for those destinations.
For example, if a user has provided consent for an analytical cookie, then you can load the JavaScript SDK as shown:
rudderanalytics.load(WRITE_KEY,DATA_PLANE_URL,{integrations:{All:false,"Amplitude":true,"Google Analytics":true// only provide the destinations the user has provide consent for
}// pass other initialization options
});
FAQ
Can I integrate the RudderStack JavaScript SDK with any consent manager?
Currently, RudderStack only supports OneTrust cookie consent manager. For using other consent managers, you can refer to the Consent management with other managers section.
What happens if the JavaScript SDK is loaded before the OneTrust modal is closed?
In this case, the JavaScript SDK will not be able to capture the user consent. Hence, it will load all connected destinations and all events will flow through to them.
This site uses cookies to improve your experience while you navigate through the website. Out of
these
cookies, the cookies that are categorized as necessary are stored on your browser as they are as
essential
for the working of basic functionalities of the website. We also use third-party cookies that
help
us
analyze and understand how you use this website. These cookies will be stored in your browser
only
with
your
consent. You also have the option to opt-out of these cookies. But opting out of some of these
cookies
may
have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This
category only includes cookies that ensures basic functionalities and security
features of the website. These cookies do not store any personal information.
This site uses cookies to improve your experience. If you want to
learn more about cookies and why we use them, visit our cookie
policy. We'll assume you're ok with this, but you can opt-out if you wish Cookie Settings.
