Overview: Privacy and consent with BlueConic
Does the BlueConic CDP offer capabilities to manage privacy and consent?
Yes, BlueConic helps you comply with data privacy regulations worldwide by supporting multiple legislation zones, including:
- Argentina (DPL)
- Australia (Privacy Act)
- Brazil (LGPD)
- Canada (PIPEDA)
- Europe (GDPR)
- Israel (PPL)
- Japan (APPI)
- Mexico - LFPDPPP
- New Zealand (Privacy Act 2020)
- People's Republic of China (PIPL)
- Peru (DPL)
- Switzerland (DPA)
- United Kingdom (UK GDPR)
- US - California (CCPA/CPRA)
- US - Colorado Privacy Act (CoPA/SB190)
- US - Connecticut Data Privacy Act (CDPA/CTCPDA)
- US - Florida Digital Bill of Rights (FDBR)
- US - Montana Consumer Data Privacy Act (MTCDPA)
- US - Nevada (SB220)
- US - New York (NYPA)
- US - Oregon Consumer Privacy Act (OCPA)
- US - Texas Data Privacy and Security Act (TDPSA)
- US - Utah Consumer Privacy Act (UCPA)
- US - Virginia’s Consumer Data Protection Act (VCDPA/SB1392)
- Rest of the World (including the disabled legislations zones)
Note: Enable any of these legislation zones from the Privacy page (BlueConic settings > Privacy) to make them available for selection for individual Objectives. Then, designate them as either Opt-in or Opt-out. (This designation determines if an Objective is met for visitors in that zone based on their consent.) Review the article Privacy Settings for more information.
Notes:
- As of the June 2022 release, when the United Kingdom (UK GDPR) legislation zone is enabled on the Privacy settings page, all new UK visitors will be assigned to that zone and no longer to Europe (GDPR).
- If United Kingdom (UK GDPR) is NOT enabled on the Privacy settings page, then any new UK visitor will continue to be assigned to the Europe (GDPR) zone until the UK zone is enabled.
- Existing UK profiles before June 2022 will still be part of the Europe (GDPR) zone. No changes have been made for those visitors.
Learn more about managing privacy for multiple legislation zones with BlueConic.
How can I use BlueConic to manage compliance with GDPR?
See our FAQ on using BlueConic for GDPR privacy compliance.
Where can I learn more about CCPA/CPRA for privacy compliance in California?
See our FAQ on using BlueConic for CCPA/CPRA compliance.
Is BlueConic considered a data processor or a data controller in relation to the profile data stored in the platform on behalf of its customers?
BlueConic is considered to be a data processor in this context.
Will BlueConic’s Consent and Privacy Management capabilities make my organization compliant?
Not necessarily. You should consult your internal legal and privacy experts to determine which of your marketing objectives require implicit or explicit consent, as well as where and when you need to ask for consent. Once you have this determined, you can use BlueConic’s Dialogues to ask for consent and capture individual rights requests.
Does BlueConic provide consulting to its customers about how to comply with privacy legislations?
No. BlueConic is not a consulting or law firm. We recommend you consult your organization’s legal and/or privacy experts to determine what is required for your specific organization.
Is BlueConic compliant in relation to the profile data stored in the platform on behalf of its customers?
Yes, all our internal processes are compliant, as well as third parties, like Amazon Web Services.
Managing privacy and consent with Objectives in BlueConic
What is the Objectives object in BlueConic, and how does it relate to consent management?
In BlueConic, you use Objectives to define why you're collecting personal data, for purposes that require explicit or implicit consent (to send email to someone or to collect phone numbers, for example). You can easily add Dialogues, Connections, Listeners, and other BlueConic objects to Objectives to enable consent management for those objects.
Is it possible to only ask for consent against one overall Objective and remain compliant with privacy legislations?
This is a question for your internal legal and privacy experts. It depends on what types of data you collect, as well as how many different marketing purposes for which you use it.
Consent management
How can BlueConic help me manage consent for personal data collection?
You can use BlueConic Dialogues to request consent from individual customers for the specific purposes associated with your defined Objectives in the platform. Once consent is given or denied at the individual level, that data is stored in the corresponding profile that is persistently stored in BlueConic. As a marketer, BlueConic Dialogues provide you with complete control and flexibility over how and where you ask for consent, so you can make changes as needed without the help of IT or developers. You can view what percentage of your customers has provided consent for each of your objectives at any time. The article Privacy Management in BlueConic helps you get started.
What if a customer denies or revokes consent for website tracking behavior? How would BlueConic automatically manage that?
Assuming that ‘website tracking behavior’ is defined as a BlueConic Objective, when a customer denies or revokes consent for that Objective, BlueConic will not execute Dialogues, Listeners, Connections and other related objects for that particular customer’s BlueConic profile.
Can I synchronize customer-level consent data to my external marketing platforms, such as ESP, CRM, retargeting?
Yes. You can use BlueConic partner Connections to sync with your external platforms. When exporting profiles, you can select to transfer only the profiles for customers that have given consent.
What if we are capturing consent in other platforms? Can we integrate consent data captured outside of BlueConic into BlueConic profiles?
Yes. As long as the consent is captured at the individual level and can be mapped to a BlueConic profile identifier, you can use BlueConic connections to synchronize this data. When importing profiles, you can select to only transfer profiles that have given consent.
By using the BlueConic APIs you can maintain the same objectives as that you have ‘purposes’ in the leading system. Using the JavaScript API, the legislation and consented/refused objectives can also be managed for each visitor individually.
By linking the objectives with (global)listeners, connections, trackers and dialogues BlueConic will only execute / show the items for which the visitor has given consent to.
Can I also use BlueConic’s consent management capabilities to manage cookie consent?
Some privacy legislations, view cookies as only one way to create an online identifier. With GDPR, for example, the focus is on getting consent for a specific purpose, of which cookies are only a part. BlueConic will only set an identifier in a cookie when the visitor has given consent to at minimum one consent, before that no identifiers are stored in cookies.
Does BlueConic work with OneTrust?
Yes, you can install the OneTrust Privacy Management Listener to sync OneTrust consent goals with BlueConic profiles. Contact your Customer Success Manager to learn more.
Can I disable consent management for one plugin?
Yes, by adding the following line to the plugin.xml you disable consent management for one plugin:
<profileindependent>true</profileindependent>
It’s advised to only add this for plugins that don’t require access to the profile. Items based on a plugin for which the consent management has been disabled can still be placed into all objectives. In this situation BlueConic will not limit the execution of the item based on the objectives with consent management switched on.
Can I pass on consent when using an External Tracker?
Yes, for each objective that must be added to the consented objectives for the visitor that follows the tracker, you can add the ID of the objective to the querystring of the tracker. An example where consent is added for objectives with the ID ‘x’ and ‘y’:
https://aaa.blueconic.com/s/4?consented_objective=x&consented_objective=y
How does BlueConic keep track of consent without a profile?
If BlueConic is set up in a way that the visitor does not get a profile when landing on a website, then a profile is only created after the visitor gave consent for at least one objective. If the visitor only refuses objectives, no profile is created and the information about the refused objectives is stored in the ‘local storage’ of the browser.
You don’t have to do anything special to target these visitors without a profile that refused one or more objectives.
What happens with profile data when a visitor withdraws consent?
By default, nothing changes to the profile data when a visitor withdraws consent for one or more objectives. You can change this behavior through a setting on the Privacy page (BlueConic settings > Privacy):
By checking the option "After visitor withdraws consent for an objective, clear the related profile properties," the visitor’s profile will be updated after a visitor withdraws consent. Profile properties that are related to the withdrawn objectives will be cleared, except for profile properties that are related to other objectives that the visitor still consents to.
Profile properties are related to objectives by items (such as listeners and import connections) that are contained by the objective and write data into profile properties.
Privacy management
Can BlueConic help me manage individual rights requests, such as requests to access data, rectify data, and delete data?
Yes. You can use BlueConic’s new privacy management capabilities to create a customer-facing privacy center using BlueConic Dialogues. Customers can make these requests in the privacy center, so you can respond in a timely manner. The article Privacy Management in BlueConic will help you get started.
How do I implement multilingual websites?
If you want to set up the privacy management for multiple languages, then you can use the option to enter custom text for each objective and profile property. This way you can enter language-specific names and descriptions for all your objectives and profile properties (as used in the profile overview table).
To enter language-specific text for objectives, click the icon to the right of each of the chosen objective:
To enter language-specific text for profile properties, click the icon to the right of each of the chosen profile property:
Learn more: Using BlueConic for privacy compliance
Here are some other resources on the subject of privacy and management:
- Privacy management in BlueConic
- Managing privacy for multiple legislation zones (GDPR, CCPA/CPRA, etc.)