diff --git a/src/_data/sidenav/main.yml b/src/_data/sidenav/main.yml index 535e987834..4631fbb3ec 100644 --- a/src/_data/sidenav/main.yml +++ b/src/_data/sidenav/main.yml @@ -512,6 +512,18 @@ sections: title: Complying With GDPR - path: /privacy/user-deletion-and-suppression title: User Deletion and Suppression + - section_title: Consent Management + slug: privacy/consent-management + expanded: true + section: + - path: /privacy/consent-management + title: Consent Management Overview + - path: /privacy/consent-management/consent-in-segment-connections + title: Consent in Segment Connections + - path: /privacy/consent-management/configure-consent-management + title: Configure Consent Management + - path: /privacy/consent-management/consent-in-unify/ + title: Consent in Unify - path: /privacy/account-deletion title: Account & Data Deletion - path: /privacy/hipaa-eligible-segment diff --git a/src/connections/delivery-overview.md b/src/connections/delivery-overview.md index 6efb10b3b6..35d7e9dfdc 100644 --- a/src/connections/delivery-overview.md +++ b/src/connections/delivery-overview.md @@ -24,7 +24,7 @@ The pipeline view shows the following steps: - **Successfully received**: Events that Segment ingested from your source - **Failed on ingest**: Events that Segment received, but were dropped due to internal data validation rules - **Filtered at source**: Events that were discarded due to schema settings or [Protocols](/docs/protocols/) Tracking Plans -- **Filtered at destination**: Events that were discarded due to [Destination Filters](/docs/guides/filtering-data/#destination-filters), [filtering in the Integrations object](/docs/guides/filtering-data/#filtering-with-the-integrations-object), or [per source schema integration filters](/docs/guides/filtering-data/#per-source-schema-integrations-filters). [Actions destinations](/docs/connections/destinations/actions/) also have a filtering capability: for example, if your Action is set to only send Identify events, all other event types will be filtered out. Actions destinations with incomplete triggers or disabled mappings are filtered out at this step. Beta users of [Consent Management](/docs/privacy/consent-management/) also see events discarded due to consent preferences. +- **Filtered at destination**: Events that were discarded due to [Destination Filters](/docs/guides/filtering-data/#destination-filters), [filtering in the Integrations object](/docs/guides/filtering-data/#filtering-with-the-integrations-object), or [per source schema integration filters](/docs/guides/filtering-data/#per-source-schema-integrations-filters). [Actions destinations](/docs/connections/destinations/actions/) also have a filtering capability: for example, if your Action is set to only send Identify events, all other event types will be filtered out. Actions destinations with incomplete triggers or disabled mappings are filtered out at this step. [Consent Management](/docs/privacy/consent-management/) users also see events discarded due to consent preferences. - **Failed delivery**: Events that have been discarded due to errors or unmet destination requirements - **Successful delivery**: Events that were successfully delivered to the destination diff --git a/src/privacy/consent-in-unify.md b/src/privacy/consent-in-unify.md deleted file mode 100644 index c88c46e8d5..0000000000 --- a/src/privacy/consent-in-unify.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Consent in Unify -hidden: true -related: - - "/privacy/consent-management/" - - "/privacy/configure-consent-management/" - - "/privacy/consent-in-segment-connections/" ---- - -> info "Consent in Unify and Twilio Engage is currently unavailable." -> However, Segment's OneTrust consent wrappers automatically generate the Segment Consent Preference Track event, which will be required for future integrations with Unify and Twilio Engage. - -Segment uses Profiles in [Unify](/docs/unify/) as the source of truth of an end user's consent preference when enforcing consent in Twilio Engage. To get consent preference on the Profile, Segment requires the use of the [Segment Consent Preference event](#segment-consent-preference-event) and [Identify](/docs/connections/spec/Identify) events to route events to Unify. The Segment Consent Preference and Identify events should include the [consent object](/docs/privacy/consent-in-segment-connections/#consent-object). - -## Segment Consent Preference event -Every time an end user provides or updates their consent preferences, Segment requires you to generate a **Segment Consent Preference** event. If you are using [Segment's OneTrust consent wrappers](/docs/privacy/configure-consent-management/#step-2-integrating-your-cmp-with-segment), Segment automatically generates a Segment Consent Preference event. This event is required to add the end user’s consent preference on their Profile in Unify. - -For example, if an end user agreed to share their information for functional and advertising purposes but not for analytics or data sharing, the Segment Consent Preference [Track call](/docs/connections/spec/track/) demonstrating their new consent preferences would have the following format: - -``` json -{ - "anonymousId": "23adfd82-aa0f-45a7-a756-24f2a7a4c895", - "type": "track", - "event": "Segment Consent Preference", - "userId": "u123", - "traits": { - "email": "peter@example.com", - "phone": "555-555-5555", - } - "timestamp": "2023-01-01T00:00:00.000Z", - "context": { - "consent": { - "categoryPreferences" : { - "Advertising": true, - "Analytics": false, - "Functional": true, - "DataSharing": false - } - } - } -} -``` - -If you use Protocols, the Segment app automatically adds the Segment Consent Preference event to all your existing Tracking Plans and for every new Tracking Plan. Segment recommends you don’t edit or delete the default fields in the Segment Consent Preference events, but you can add new fields as needed. - -> info "Segment Consent Preference is a reserved event name" -> Segment has standardized a series of reserved event names that have special semantic meaning and maps these events to tools that support them. -> -> See the [Semantic Events](/docs/connections/spec/semantic/) docs for more details. diff --git a/src/privacy/consent-management.md b/src/privacy/consent-management.md deleted file mode 100644 index b74ae6d081..0000000000 --- a/src/privacy/consent-management.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Consent Management Overview -related: - - "/privacy/configure-consent-management/" - - "/privacy/consent-in-segment-connections/" - - "/privacy/consent-in-unify/" ---- -> info "Consent Management is in public beta" -> This means that Consent Management features are in active development, and some functionality may change before it becomes generally available. [Contact Segment](https://segment.com/help/contact/){:target="_blank"} with any feedback or questions. - -When an end user visits your web or mobile app, they set **consent preferences**, or make decisions about the types of data they want you to collect, use, and share. These consent preferences are typically presented as a set list of categories that describe how your company intends to use that data. Some common categories include personalization, advertising, and site performance. - -Segment integrates with your commercial third-party or bespoke consent management platform (CMP) that captures an end user's consent preferences and enforces those preferences by only routing events to the categories consented to by an end user. - -![Diagram outlining information flowing from an end user to Segment destinations](/docs/privacy/images/consent-overview.png) - -After a user sets their consent preferences on your web or mobile app, Segment requires you to add the [consent object](/docs/privacy/consent-in-segment-connections/#consent-object) to all events. If you are using OneTrust, Segment provides a wrapper for your web and mobile libraries that can add the consent object to your events. If you are using another CMP, you are required to add the consent object to your events by either creating your own wrapper or using another mechanism. For more information, see the [Configure Consent Management documentation](/docs/privacy/configure-consent-management/#step-2-integrating-your-cmp-with-segment). - -The events, stamped with the consent object, are then sent downstream to any destinations in categories that an end user consented to share data with. - -> info "" -> Segment collects consent for both registered users and anonymous users. - -For more information about consent in Segment Connections, see the [Consent in Segment Connections](/docs/privacy/consent-in-segment-connections) documentation. - -If you are a Unify user, you can also see the [Consent in Unify](/docs/privacy/consent-in-unify) for more information about the Segment Consent Preference event, which Segment uses to add consent preference to the Profile. diff --git a/src/privacy/configure-consent-management.md b/src/privacy/consent-management/configure-consent-management.md similarity index 85% rename from src/privacy/configure-consent-management.md rename to src/privacy/consent-management/configure-consent-management.md index 4dd238bf36..2b39fc07a3 100644 --- a/src/privacy/configure-consent-management.md +++ b/src/privacy/consent-management/configure-consent-management.md @@ -2,13 +2,11 @@ title: Configure Consent Management related: - "/privacy/consent-management/" - - "/privacy/consent-in-segment-connections/" - - "/privacy/consent-in-unify/" + - "/privacy/consent-management/consent-in-segment-connections/" +redirect_from: "/privacy/configure-consent-management" --- -> info "Consent Management is in public beta" -> This means that Consent Management features are in active development, and some functionality may change before it becomes generally available. [Contact Segment](https://segment.com/help/contact/){:target="_blank"} with any feedback or questions. -After setting up your consent management platform (CMP), you can enforce the consent collected from your users by adding the [consent object](/docs/privacy/consent-in-segment-connections/#consent-object) to your events. +After setting up your consent management platform (CMP), you can enforce the consent collected from your users by adding the [consent object](/docs/privacy/consent-management/consent-in-segment-connections/#consent-object) to your events. Once you've configured consent in the Segment app and updated your sources to contain consent preference in every event, your events are routed only to the categories your end users consented to share data with. Events without the consent preference will continue to flow to destinations without consent enforcement. @@ -44,8 +42,8 @@ Before you can configure consent in Segment, take the following steps: ## Step 2: Integrating your CMP with Segment Once you've created consent categories in the Segment app, you need to integrate your CMP with Segment. Segment recommends using a CMP wrapper, but you can use any solution provided it meets the following criteria: -- Reads the end user consent preference from your CMP and includes the [consent object](/docs/privacy/consent-in-segment-connections/#consent-object) in every event -- If using Unify and Engage, generates the [Segment Consent Preference](/docs/privacy/consent-in-unify/#segment-consent-preference-event) event every time a user provides or updates their consent preferences with their anonymousId and userId +- Reads the end user consent preference from your CMP and includes the [consent object](/docs/privacy/consent-management/consent-in-segment-connections/#consent-object) in every event +- If using Unify and Engage, generates the [Segment Consent Preference Updated](/docs/privacy/consent-management/consent-in-unify/#segment-consent-preference-updated-event) event every time a user provides or updates their consent preferences with their anonymousId and userId Segment provides a OneTrust wrapper for the following sources: - **Analytics.js**: Please follow the instructions from the README in the [@segment/analytics-consent-wrapper-onetrust](https://github.com/segmentio/analytics-next/tree/master/packages/consent/consent-wrapper-onetrust){:target="_blank"} repository. @@ -60,9 +58,9 @@ If you'd like to integrate with any other CMP, Segment requires you to build you ### Validate your CMP integration -Customers with Analytics.js 2.0 sources can use the [Segment Inspector](/docs/connections/sources/catalog/libraries/website/javascript/#segment-inspector) to confirm that events from their source contain the [consent object](/docs/privacy/consent-in-segment-connections). Unify and Engage users can also verify that the [Segment Consent Preference event](/docs/privacy/consent-in-unify/#segment-consent-preference-event) emits every time end users update their consent preferences. +Customers with Analytics.js 2.0 sources can use the [Segment Inspector](/docs/connections/sources/catalog/libraries/website/javascript/#segment-inspector) to confirm that events from their source contain the [consent object](/docs/privacy/consent-management/consent-in-segment-connections). Unify and Engage users can also verify that the [Segment Consent Preference Updated event](/docs/privacy/consent-management/consent-in-unify/#segment-consent-preference-updated-event) emits every time end users update their consent preferences. -All users can validate that events contain the consent object and that the Segment Consent Preference event is present using Segment's [Source Debugger](/docs/connections/sources/debugger/). +All users can validate that events contain the consent object and that the Segment Consent Preference Updated event is present using Segment's [Source Debugger](/docs/connections/sources/debugger/). You can also confirm your events flow to destinations or are blocked from destinations according to the consent categories you created in [Step 1: Create consent categories in the Segment App](#step-1-create-consent-categories-in-the-segment-app), if already connected to the destination. diff --git a/src/privacy/consent-in-segment-connections.md b/src/privacy/consent-management/consent-in-segment-connections.md similarity index 92% rename from src/privacy/consent-in-segment-connections.md rename to src/privacy/consent-management/consent-in-segment-connections.md index 4237beed3e..0158d99165 100644 --- a/src/privacy/consent-in-segment-connections.md +++ b/src/privacy/consent-management/consent-in-segment-connections.md @@ -2,20 +2,18 @@ title: Consent in Segment Connections related: - "/privacy/consent-management/" - - "/privacy/configure-consent-management/" + - "/privacy/consent-management/configure-consent-management/" +redirect_from: "/privacy/consent-in-segment-connections" --- -> info "Consent Management is in public beta" -> This means that Consent Management features are in active development, and some functionality may change before it becomes generally available. [Contact Segment](https://segment.com/help/contact/){:target="_blank"} with any feedback or questions. - Segment Connections users can add the [consent object](#consent-object) to their sources to stamp events with the end user consent preferences captured by your consent management platform (CMP) and send them downstream to destinations in categories that an end user consented to share data with. Events without the consent object continue to flow to destinations without consent enforcement. -For more information about configuring consent categories, see the [Configure Consent Management](/docs/privacy/configure-consent-management/#step-1-create-consent-categories-in-the-segment-app) documentation. +For more information about configuring consent categories, see the [Configure Consent Management](/docs/privacy/consent-management/configure-consent-management/#step-1-create-consent-categories-in-the-segment-app) documentation. If your sources also contain the integrations object, Segment will look at the consent object first, and then take into account the integrations object according to the table in the [Reconcile consent object and integrations object](#reconcile-consent-object-and-integrations-object-conflicts) documentation. > info "Unify users must send an additional event to add consent preferences to Profiles" -> If you use Unify, see the [Consent in Unify](/docs/privacy/consent-in-unify) documentation for more information about the Segment Consent Preference event, which Segment uses with the consent object to add consent preference to Profiles. +> If you use Unify, see the [Consent in Unify](/docs/privacy/consent-management/consent-in-unify) documentation for more information about the Segment Consent Preference Updated event, which Segment uses with the consent object to add consent preference to Profiles. ## Consent object @@ -76,4 +74,4 @@ If there is a category configured in Segment (`functional`) that is not mapped i ## Content observability -Events discarded due to consent preferences appear in [Delivery Overview](/docs/connections/delivery-overview/) at the "Filtered at destination" step with the discard reason *Filtered by end user consent*. \ No newline at end of file +Events discarded due to consent preferences appear in [Delivery Overview](/docs/connections/delivery-overview/) at the "Filtered at destination" step with the discard reason *Filtered by end user consent*. diff --git a/src/privacy/consent-management/consent-in-unify.md b/src/privacy/consent-management/consent-in-unify.md new file mode 100644 index 0000000000..8159d872dc --- /dev/null +++ b/src/privacy/consent-management/consent-in-unify.md @@ -0,0 +1,49 @@ +--- +title: Consent in Unify +related: + - "/privacy/consent-management/" + - "/privacy/consent-management/configure-consent-management/" + - "/privacy/consent-management/consent-in-segment-connections/" +redirect_from: "/privacy/consent-in-unify/" +--- + +> info "Consent in Unify and Twilio Engage is currently unavailable." +> However, Segment's OneTrust consent wrappers automatically generate the Segment Consent Preference Updated Track event, which will be required for future integrations with Unify and Twilio Engage. + +Segment uses Profiles in [Unify](/docs/unify/) as the source of truth of an end user's consent preference when enforcing consent in Twilio Engage. To get consent preference on the Profile, Segment requires the use of the [Segment Consent Preference Updated event](#segment-consent-preference-updated-event) and [Identify](/docs/connections/spec/Identify) events to route events to Unify. The Segment Consent Preference Updated and Identify events should include the [consent object](/docs/privacy/consent-management/consent-in-segment-connections/#consent-object). + +## Segment Consent Preference Updated event +Every time an end user provides or updates their consent preferences, Segment requires you to generate a **Segment Consent Preference Updated** event. If you are using [Segment's OneTrust consent wrappers](/docs/privacy/consent-management/configure-consent-management/#step-2-integrating-your-cmp-with-segment), Segment automatically generates a Segment Consent Preference Updated event. This event is required to add the end user’s consent preference on their Profile in Unify. + +For example, if an end user agreed to share their information for functional and advertising purposes but not for analytics or data sharing, the Segment Consent Preference Updated [Track call](/docs/connections/spec/track/) demonstrating their new consent preferences would have the following format: + +``` json +{ + "anonymousId": "23adfd82-aa0f-45a7-a756-24f2a7a4c895", + "type": "track", + "event": "Segment Consent Preference Updated", + "userId": "u123", + "traits": { + "email": "peter@example.com", + "phone": "555-555-5555", + } + "timestamp": "2023-01-01T00:00:00.000Z", + "context": { + "consent": { + "categoryPreferences" : { + "Advertising": true, + "Analytics": false, + "Functional": true, + "DataSharing": false + } + } + } +} +``` + +If you use Protocols, the Segment app automatically adds the Segment Consent Preference Updated event to all your existing Tracking Plans and for every new Tracking Plan. Segment recommends you don’t edit or delete the default fields in the Segment Consent Preference Updated events, but you can add new fields as needed. + +> info "Segment Consent Preference Updated is a reserved event name" +> Segment has standardized a series of reserved event names that have special semantic meaning and maps these events to tools that support them. +> +> See the [Semantic Events](/docs/connections/spec/semantic/) docs for more details. diff --git a/src/privacy/images/consent-overview.png b/src/privacy/consent-management/images/consent-overview.png similarity index 100% rename from src/privacy/images/consent-overview.png rename to src/privacy/consent-management/images/consent-overview.png diff --git a/src/privacy/consent-management/index.md b/src/privacy/consent-management/index.md new file mode 100644 index 0000000000..11b4dede74 --- /dev/null +++ b/src/privacy/consent-management/index.md @@ -0,0 +1,23 @@ +--- +title: Consent Management Overview +related: + - "/privacy/consent-management/configure-consent-management/" + - "/privacy/consent-management/consent-in-segment-connections/" +--- + +When an end user visits your web or mobile app, they set **consent preferences**, or make decisions about the types of data they want you to collect, use, and share. These consent preferences are typically presented as a set list of categories that describe how your company intends to use that data. Some common categories include personalization, advertising, and site performance. + +Segment integrates with your commercial third-party or bespoke consent management platform (CMP) that captures an end user's consent preferences and enforces those preferences by only routing events to the categories consented to by an end user. + +![Diagram outlining information flowing from an end user to Segment destinations](/docs/privacy/consent-management/images/consent-overview.png) + +After a user sets their consent preferences on your web or mobile app, Segment requires you to add the [consent object](/docs/privacy/consent-management/consent-in-segment-connections/#consent-object) to all events. If you are using OneTrust, Segment provides a wrapper for your web and mobile libraries that can add the consent object to your events. If you are using another CMP, you are required to add the consent object to your events by either creating your own wrapper or using another mechanism. For more information, see the [Configure Consent Management documentation](/docs/privacy/consent-management/configure-consent-management/#step-2-integrating-your-cmp-with-segment). + +The events, stamped with the consent object, are then sent downstream to any destinations in categories that an end user consented to share data with. + +> info "" +> Segment collects consent for both registered users and anonymous users. + +For more information about consent in Segment Connections, see the [Consent in Segment Connections](/docs/privacy/consent-management/consent-in-segment-connections) documentation. + +If you are a Unify user, you can also see the [Consent in Unify](/docs/privacy/consent-management/consent-in-unify) for more information about the Segment Consent Preference Updated event, which Segment uses to add consent preference to the Profile. diff --git a/src/segment-app/iam/audit-trail.md b/src/segment-app/iam/audit-trail.md index f2bf2320bb..740113d57d 100644 --- a/src/segment-app/iam/audit-trail.md +++ b/src/segment-app/iam/audit-trail.md @@ -21,6 +21,7 @@ The Audit Trail returns information about the following Segment product areas: - Warehouses - Destinations - Storage +- Consent Management - Tracking Plans - Destination Filters - Transformations @@ -33,7 +34,6 @@ The Audit Trail returns information about the following Segment product areas: - Journeys - Broadcasts - Workspace - To view a list of all events Segment surfaces in the Audit Trail, open the Audit Trail, click **Filters**, and select the **Events** dropdown.