1 of 62

Consent management

Overview

Increase brand loyalty by allowing users to control the data collected about them & establish trust through transparency.

As a result of the increasing number of data breaches and the misuse of personal information, privacy management is a growing part of the modern marketing landscape.

The General Data Protection Regulation (GDPR) has largely been perceived as a legal issue, due to the fines that can be imposed because of non-compliance, but it’s also created opportunities for brands to build greater trust with their users. In fact, according to research conducted by iProspect, 88% of global marketers say trust is a priority in 2019, and they are looking to build this trust through credibility, relevancy, and reliability.

Fueled by consumer privacy laws like the GDPR, most marketers are turning to solutions like Commanders Act CMP that alert website and mobile app users of the personal data that’s being captured, stored, and shared with third parties.

This documentation will provide you with an overview of Commanders Act CMP, setup guides per platform, user guides per feature and a knowledge base for frequently asked questions.

Components

Commanders Act CMP consists of following components:

Frameworks

Commanders Act CMP supports following frameworks:

IAB TCF 2.0
Google ACM

Extensions

It is possible to extend Commanders Act CMP with following modules:

These modules are set up and configured by a Commanders Act consultant.

Setup

Please refer to the Setup Guides section for detailed installation instructions of Commanders Act CMP per platform. In case your platform is not listed you can reach out to a Commanders Act consultant for a custom implementation.

Responsability of actors

The collection of personal information is regulated by law at European level with the GDPR.

As a European player, Commanders Act fits into this framework and pays particular attention to the governance of its data.

This page explains the positioning of Commanders Act and that of its customers within this regulatory framework.

Commanders Act

Under RGPD rules, Commanders Act acts as a data processor. Therefore, Commanders Act is responsible for the following obligations:

- maintain data security

- continuously improve security processes

- duty of cooperation, in particular in the event of control by the CNIL

- appointment of a data protection officer

- keep a processing register

- notify any data breach to the data controller

The customer

Customers of Commanders Act, users of the platform, are considered data controllers. Therefore their obligations are:

- decide on the purpose of the processing (reasons for the processing, categories of data)

- decide on the means of processing (retention period, recipient, right of opposition, right of rectification)

Commanders Act puts its technical expertise at the service of its customers in order to guarantee the protection of users' personal data.

As your partner and processor, we are at your disposal for all questions on data protection subjects.

Releases notes

Release 7.90.40 - 15/11/2021

The calculation of the Click reject button statistic has been revised.

The metric is now calculated directly from the raw data to better reflect the mobile applications.

In the old formula this metric was derived from other metrics, which could result in an imprecise measurement on mobile app banners.

The recalculation is retroactive and does not affect other metrics in the report. The raw data from the exports are not changed either.

Setup Guides

Tag Manager

TagCommander

Steps to implement TrustCommander with TagCommander

TrustCommander and TagCommander are natively integrated with each other. This setup requires minimal technical knowledge and can be done entirely in the interface.

Setup

Following you will find the required steps to implement a standard TrustCommander setup.

Choose the default account configuration mode for your account (see ).
Setup your TrustCommander categories & vendors (see ).
Assign your TrustCommander categories & vendors to your TagCommander tags (see )
Create one or multiple banner templates (see )
Deploy your TrustCommander banner templates to the Commanders Act CDN or on premise target (see ).
Connect your privacy banner templates with TagCommander container and implement rules for which the banner should be played out (see below).

Install TrustCommander banner with TagCommander container

To deploy a TrustCommander banner with TagCommander it needs to be linked to a container. TagCommander can then be use to implement detailed rules for which a TrustCommander banner is shown to visitors.

Implement rules to show TrustCommander banner

TAG > Tag Management > Edition (tab RULES)

In TagCommander it is possible to provide exact conditions to decide when each of the linked privacy banners should be shown to visitors. Typical use cases consist of:

Implement different banner for different languages or regions
Avoid to deploy the banner on legal pages (privacy policy) so that users can read them before providing consent.
Implement AB test for two banner designs.

You can create constrains under the PRIVACY BANNERS section to define under which conditions a privacy banner should be shown. Privacy banner constraint work the same way as tag constraints. Please reference constraints in the TagCommander documentation for more information.

Link TrustCommander banner with TagCommander container

TAG > Tag Management > Edition (tab GENERATE)

TagCommander makes it easy to implement TustCommander banner on websites. To link a privacy banner with a TagCommander container it just has to be activated in the GENERATE tab with the ACTIVATION checkbox. This installs the selected privacy banner in the generated container version.

All containers of your website should be re-generated and deployed when installing a new privacy banner.

Google Tag Manager (GTM)

Steps to implement TrustCommander with Google Tag Manager.

TrustCommander provides a plug-in to integrate with Google Tag Manager. The setup requires technical installation steps.

This method to integrate GTM is outdated. See the page “Consent Mode in GTM” for a smoother integration.

Setup

Following you will find the required steps to implement a standard TrustCommander setup.

Choose the default account configuration mode for your account (see Options).
Setup your TrustCommander categories & vendors (see Manage Categories).
Create one or multiple banner templates (see Manage Banner)
Deploy your TrustCommander banner templates to the Commanders Act CDN or on premise target (see Deploy Banner).
Install TrustCommander tag (see below)
Manage GTM tags with TrustCommander (see below).

Install TrustCommander tag

To install TrustCommander with Google Tag Manager you need to add following JavaScript tag to your website. This snippet can be added in the <head> of the website or via a custom HTML tag in Google Tag Manager.

<script type="text/javascript">
    var tCPrivacyTagManager = "gtm";
</script>
<script type="text/javascript" src="{{ privacy_tag_url }}"></script>

tCPrivacyTagManager hast to be set to "gtm". This variable allows TrustCommander to send privacy settings to GTM. It will push a tcConsentChanged event to the GTM data layer that includes the privacy settings of a visitor in the tcCategoriesConsent variable. The event is pushed as soon as TrustCommander loads on a page and in case a visitor updates his privacy settings.

{{ privacy_tag_url }} has to be replaced with your privacy JavaScript tag URL. This URL can be found in the GENERATE & DEPLOY tab of each privacy banner.

Manage GTM tags with TrustCommander

Add tag triggers in Google Tag Manager

Create a new Trigger for each TrustCommander category and sub-category. These trigger can then be used to only fire your tags when a visitor accepts a certain TrustCommander category. Create each trigger with following settings:

Call the Privacy banner

Visitors will be able to activate or deactivate only sub-categories and not the main category in the banner. In case a category has sub-categories then you have to use the sub-category ID instead of the category ID to play out tags.

There are 4 steps to add triggers to tags in Google Tag Manager (GTM).

In the GTM interface, "Variables" tab, create a custom variable to calculate the status of the consent given by the user: no consent, optout, optin or partially optin. Create a "User Defined" variable.

Variable name: tcCategoriesConsent (the name that will appear in your interface, so you can choose another name)
Variable Type: "Data Layer Variable"
Data Layer Variable Name: tcCategoriesConsent (the variable used by Commanders Act Privacy when you add tCPrivacyTagManager = "gtm" in the website’s source code)
Data Layer version: choose the latest data layer version available

function(){
    if (typeof tC.privacy == "undefined") {

        var cookieName = "TC_PRIVACY=";
        var cookieSeparator = "@"

        var privacyCookie = "";
        var cookieCategoryName = cookieName+"_CENTER=";
        var cookieData = null;
        var categories = null;
        var decodedCookie = decodeURIComponent(document.cookie);
        var ca = decodedCookie.split(';');

        for (var i = 0; i <ca.length; i++) {
            var c = ca[i];
            while (c.charAt(0) == ' ') {
                c = c.substring(1);
            }
            if (c.indexOf(cookieName) == 0) {
                privacyCookie = c.substring(cookieName.length, c.length);
            } else if (c.indexOf(cookieCategoryName) == 0) {
                categories = c.substring(cookieCategoryName.length, c.length);
            }
        }

        if (privacyCookie === "") {
            return "no_consent";
        } else if (privacyCookie) {
            cookieData = privacyCookie.split(cookieSeparator);
        } else {
            cookieData = [];
        }

        var optType = parseInt(cookieData[0] || 0);

        if (categories == "ALL") {
            if (optType === 1) {
                return "optout";
            } else {
                return "all_consent";
            }
        }

        return optType === 0 && categories != -1 ? categories : "optout";
    }

    if (tC.getCookie(tC.privacy.getCN()) === "")  {
        return "no_consent";
    } else if (tC.privacy.getOptinCategories().join(",") === ""){
        return "optout";
    } else {
        return tC.privacy.getOptinCategories().join(",");
    }
}

Important: to facilitate the implementation of Privacy rules on your tags that may already have other triggers in place, we recommend that you work with an "exception" logic and follow the implementation process explained below. The logic is to create rules that will not trigger the tag if the category is denied rather than rules that will trigger it if the category is valid.

Configure the trigger as follows:

Trigger name: Retargeting category (this name depends on the category names that you create and the name that you want to be displayed on your interface)
Trigger Type: "Custom Event"
Event name: tcConsentChanged (this is the event sent by the Commanders Act Privacy when you use tCPrivacyTagManager = "gtm" in your website’s source code)
This trigger fires on: "Some Custom Events"
Fire this trigger when an Event occurs and all of these conditions are true: pick the tcCategoriesConsent variable created in the previous step, the operator “equals” (or “contains”), and the name of the category as you declared it in the Commanders Act Privacy interface.

Be careful when you create sub-categories associated to a category: you have to enter the sub-category ID and not the category ID in the Trust commander values, as the user will be able to activate or deactivate only sub-categories and not the main category in the banner:

Be careful in case you use more then 9 categories and sub-categories. In this case there can be a confusion between e.g. category "2" and category "12" as "2" is included in "12". In this case we recommend to only use category IDs above 10. We are working on an improvement to resolve this.

Name of the trigger: "trust_commander".
Trigger Type: "Custom Event"
Event name: "trust_commander"
This trigger fires on: "All Custom Events"

In the "Triggers" section, start by creating the following trigger that allows you to not activate the tags if the user has not yet given his consent :

If you want your site to be in "default optout" mode (blocking of tags when the visitor arrives on your site, in accordance with the General Data Protection Regulations, the GDPR), you must also make the following configuration.

Then create a custom tag that you will trigger on all pages (this is the TrustCommander event listener) in the "Tags" section:

Name of the tag: "Trust commander event listener"
Trigger Type: "Custom HTML"
HTML: copy and paste the following code :

<script>
//No choice expressed by the user yet
if({{Trust commander values}} === "no_consent"){
window.tc_closePrivacyButton = window.tc_closePrivacyButton || function (){
window.dataLayer.push({"event":"trust_commander"});  
}
window.tc_closePrivacyCenter = window.tc_closePrivacyCenter || function (close_type){
if(close_type !== "cross"){  
window.dataLayer.push({"event":"trust_commander"});  
}  
}
} 
//Choice already expressed
else{

}
</script>

Triggering : "All pages"

In the GTM interface, in the Tags section, assign the previously created trigger to your tags to fire them based on the TrustCommander categories. These triggers will replace your normal "pageview" trigger.

Consent Mode in TAG

Steps to configure the "Consent Mode" in TagCommander.

Commanders Act provides a tag template to manage the "Consent Mode" in TagCommander. This seamless integration takes advantage of our TrustCommander OnSite API.

Setup

Summarizing all recommended steps:

Access your Commanders Act account.
Add our tag template.
Configure your tag and rules.
Configure your third-party vendor tags in GTM.
Test and deploy your container(s).

Add our tag template

From the "INTEGRATIONS" side menu, expand(1)"Sources" and select (2)"Web containers".

Select a "Web" container and, from the step (3)"SELECT" (or "EDIT"), click on (4)"Add Tag(s)".

Search for the tag "gtag - Google Consent Mode with TRUST (BETA)" to add it and proceed with its configuration.

Configure your tag and rules

You can now configure your tag and check the (5) "Tag Implementation guide" for more details. See (6) each field for detailed information on how you can map these fields with your datalayer.

Under "RULES", select (7) "Do Not Include In Privacy Scope" as privacy category or select a category that is always ON.

If your website adopts virtual pages, you need to add a trigger for when these pages are loaded. This can be done under the top section "TRIGGER(S)".

You can skip the following steps, completing your configuration, if you don't have any third-party vendor tags hosted in GTM.

To ensure that the consent is correctly managed by GTM with third-party vendor tags, we strongly recommend to enable reactive events by configuring the related fields.

Configure your third-party vendor tags in GTM

While Google native product tags, such as "Google Analytics" or "Google Ads" ones, work out of the box, third-party vendor tags, hosted in GTM, require additional settings to properly operate with the user consent. First, open your tag configuration and check under the (8) "Advanced Settings" → (9)"Consent Settings" if a consent type (E.g. "ad_storage") is already preconfigured: if not, you need to add it by selecting the option (10) "Require additional consent for tag to fire" and (11) input the consent type(s) you want to include.

Then, you need to configure its triggers and this is where we're going to use our reactive events we prepared in the previous section (#configure-your-tag-and-rules). Locate the "Triggering" area in your tag configuration and add a Trigger Group.

In the trigger group add (12)any preexisting triggers and (13)a trigger named as your configured reactive event.

The latter has to be configured as a (14)"Custom Event" with the same (15)"Event Name" you used in the previous section (#configure-your-tag-and-rules) and it has to fire on (16)"All Custom Events".

This completes your configuration. You can now start the testing phase, leading to the final deployment in production. Learn more on how you can configure and run tests with your tags in GTM by checking the section "Consent configuration" in the "Help Center".

Consent Mode in GTM

Steps to configure the "Consent Mode" in Google Tag Manager.

Commanders Act provides a tag template to manage the "Consent Mode" in Google Tag Manager. This seamless integration takes advantage of our TrustCommander OnSite API.

Setup

Summarizing all recommended steps:

Access GTM.
Select your "Web" type container.
Add our tag template from the "Community Template Gallery".
Configure the related tag and its trigger.
Configure your third-party vendor tags.
Test and deploy your container.

Following the above steps, adding our template "Commanders Act | OnSite CMP API" from the Google "Community Template Gallery", you're presented with the following "Tag Configuration" which is the core area where you can manage your consent needs with GTM:

First, you need to input your TrustCommander category identifiers for the following 5 categories: "Ad Storage", "Analytics Storage", "Functionality Storage", "Personalization Storage", and "Security Storage". You can find these ids by logging in to our platform and follow the section: (1)"TRUST" → (2)"Categories and Tags" from the navigation sidebar.

Your ids are shown between round parentheses (see highlighted in green below):

If you have sub-categories with the same scope of the five defined by Google, you need to use their ids instead of the main category ones. You can also rename your categories or change their ids by checking the subsection "Managing categories".

If TrustCommander loads asynchronously in your implementation, it might not always run before your GTM container. That’s why you have the option to set a "Wait for update" value in milliseconds to control how long to wait before data is sent. This field is optional and its default value is 0. In case you need to set it, we recommend starting from the base value of 500 milliseconds.

You also need to set the default status, for each of the 5 categories, before users interact with your TrustCommander privacy banner and taking into account region-specific behavior. This is done by clicking the "Add Row" button and selecting either "Denied" or "Granted" to match with your input regions and/or sub-regions.

Ensure that your default command accounts for regional variations in your consent strategy. For more information on customizing the default command, you can see Google’s documentation here.

To make sure that the consent is correctly managed by GTM with third-party vendor tags, we strongly recommend to enable reactive events. Turn on the (3) "Advanced Features", (4) "Activate Reactive Events" and (5) "Activate [Storage-Name] Reactive Event" for each [Storage Name] you're using. Finally, enter their (6) "Event Name". These events will be used in the next section when configuring your third-party vendor tags.

You also have the option to directly inject your Trust CMP script by turning on the (7) "Advanced Features", (8) "Inject CMP Script" and input your (9) "URL".

Disabling the default consent may come handy when you don't want to use the Consent Mode. This is done by turning on the (10) "Advanced Features" and (11) "Disable Default Consent".

As the last step, you need to select the "Consent Initialization - All Pages" trigger in the "Triggering" lower area:

Configure your third-party vendor tags

While Google native product tags, such as "Google Analytics" or "Google Ads" ones, work out of the box, third-party vendor tags require additional settings to properly operate with the user consent. First, open your tag configuration and check under the (12) "Advanced Settings" and (13)"Consent Settings" if a consent type (E.g. "ad_storage") is already preconfigured, if not you need to add it by selecting the option (14) "Require additional consent for tag to fire" and (15) input the consent type(s) you want to include.

Then, you need to configure its triggers and this is where we're going to use our reactive events we prepared in the previous section. Locate the "Triggering" area in your tag configuration and add a "Trigger Group".

In the trigger group add (16) any preexisting triggers and (17)a trigger named as your configured reactive event.

The latter has to be configured as a (18)"Custom Event" with the same (19)"Event Name" you used in the previous section and it has to fire on (20)"All Custom Events".

Adobe Launch

Steps to implement TrustCommander with Adobe Launch.

TrustCommander provides a plug-in to integrate with Adobe Launch. The setup requires technical installation steps.

Setup

Following you will find the required steps to implement a standard TrustCommander setup.

Choose the default account configuration mode for your account (see Options).
Setup your TrustCommander categories & vendors (see Manage Categories).
Create one or multiple banner templates (see Manage Banner)
Deploy your TrustCommander banner templates to the Commanders Act CDN or on premise target (see Deploy Banner).
Implement TrustCommander tag (see below)
Manage Adobe Launch tags with TrustCommander (see below).

Implement TrustCommander tag on website and inside Adobe Launch.

1 - Website configuration

Delay your Adobe container

TrustCommander creates the consent variables when the privacy javascript file is loaded. You have to delay your Adobe container until TrustCommander is ready otherwise the variables containing the consent status will be undefined.

To delay your container, update your <script> tags loading your Adobe container in order to execute it after TrustCommander is loaded.

<script type="text/javascript" src="/path/to/adobe_launch_script.js"></script>

is replaced by :

<script type="text/tc_privacy" src="/path/to/adobe_launch_script.js"></script>

The text/javascript script type has to be replaced by text/tc_privacy. In this way, Adobe is loaded only when TrustCommander is ready Add the TrustCommander javascript file (if possible, call it before Adobe container and after datalayer) :

<script type="text/javascript">    
var tCPrivacyTagManager = "adobe";
</script>
<script type="text/javascript" src="my-privacy.js"></script>

When TrustCommander is loaded and gets the consent, a variable tcCategoriesConsent is created by TrustCommander in the Adobe datalayer :

window.digitalData.user.tcCategoriesConsent = tcCategoriesConsent;

This variable contains the ID of the categories accepted by the user and separated by a coma.

You have to declare this variable in Adobe Launch interface, in the Data Elements configuration. From a Property page, open the Data Elements tab, then click Add Data Element, and add "tcCategoriesConsent" variable.

If your datalayer is not set in the digitalData object, set the path to tcCategoriesConsent (in this case the variable is created in the window scope: window.tcCategoriesConsent)

Then, you have to create the rules that will fire your tags based on the categories ID accepted by the users. You have to create a separate rule for each category you want to use as a firing condition (ex: "Retargeting category accepted", "Analytics category accepted"...).

In the Adobe Launch interface, open the "Rules" tab and click Create New Rule.

Set a rule based on the previously created tcCategoriesConsent. Ex: if you want to trigger a tag based on the Retargeting category (ID 6), you will have to create a rule "if tcCategoriesConsent contains 6", then the Criteo tag has to be triggered.

Websites (Hardcoded)

Steps to hardcode TrustCommander on websites.

TrustCommander can be directly integrated with websites. The setup requires technical installation steps.

Setup

Following you will find the required steps to implement a standard TrustCommander setup.

Choose the default account configuration mode for your account (see Options).
Setup your TrustCommander categories & vendors (see Manage Categories).
Create one or multiple banner templates (see Manage Banner)
Deploy your TrustCommander banner templates to the Commanders Act CDN or on premise target (see Deploy Banner).
Install TrustCommander tag (see below)
Manage onsite tags with TrustCommander (see below).

Install TrustCommander tag

To hardcode TrustCommander on websites you need to add following JavaScript tag to your website. This snippet should be added to the <head> of your website.

<script type="text/javascript" src="{{ privacy_tag_url }}"></script>

{{ privacy_tag_url }} has to be replaced with your privacy JavaScript tag URL. This URL can be found in the GENERATE & DEPLOY tab of each privacy banner.

Manage onsite tags with TrustCommander

Add tag triggers

TrustCommander can manage onsite JavaScript tags by wrapping them in a script tag with a custom MIME type.

This approach only works when you install TrustCommander in the <head> of the document (e.g. not when injecting the TrustCommander tag via Google Tag Manager)!

This TrustCommander wrapper does only fire that wrapped JavaScript code in case a visitor provided consent for the specified privacy category ID.

<script type="text/tc_privacy" data-category="{{ category_or_sub-category_id }}" data-vendor="{{ vendor_id }}">
    {{ tag_javascript_code }}
</script>

The <script> has to have type="text/tc_privacy" .

{{ tag_javascript_code }} has to be replaced with the JavaScript code of the tag you want to manage with TrustCommander.

{{ category_or_subcategory_id }} has to be replaced with the category or sub-category of the TrustCommander category that should manage this tag (see Manage Categories). Be careful when you create sub-categories associated to a category: you have to enter the sub-category ID in the attribute, not the category ID, as the user will be able to activate or deactivate only sub-categories and not the main category in the banner:

{{ vendor_id }} has to be replaced with the vendor ID of the vendor related to the tag (Only available when native vendors are activated for the account).

Example

Following examples shows how you would manage a Criteo Tag based on a TrustCommander category named "Retargeting".

Retargeting was assigned to sub-category ID 6. In case a sub-category is used you should never use the main category (4 in this case) to manage tags.

The Tag wrapper for the Criteo JavaScript tag might look like this (example shortened):

<script type="text/tc_privacy" data-category="6" src="//static.criteo.net/js/ld/ld.js" async="true">
</script>

<script type="text/tc_privacy" data-category="6">
    window.criteo_q = window.criteo_q || [];
    window.criteo_q.push(...);
</script>

Mobile apps

iOS

Having the user consent is essential to send sensible information like the IDFA/AAID. To prevent having to manually save the consent asked to the user and manually using it with our SDKs, we created a module helping you do it automatically.

This module will gather the consent and will:

Display a consent page (if needed)
Save consent and reload it every time the application is launched.
Save and check the validity of the consent. The validity duration is set to 13 months.
Send a hit to our servers to record the consent.
Enable or disable the SDK. (if used alongside the SDK)
Add the categories automatically to the hits the SDK sends. (if used alongside the SDK)

Privacy's Implementation Guide:

https://github.com/TagCommander/pods/tree/master/TCPrivacy

ATT - App Tracking Transparency (iOS 14.5+)

Since April 2021, Apple requires that your app provide a transparency popup to ask user permission for tracking, beginning with iOS 14.5 () and the ATT framework.

When and how should you request permission from the ATT?

Before attempting to use the IDFA from an iOS device, you must first display the ATT tracking permission alert, according to Apple's guidelines. If permission is not requested or if the user declines, the IDFA will be unavailable to your app and any embedded third-party SDKs. Third-party SDKs may not function properly in this case.

To really complies with both Apple and GDPR requirements, you must open the ATT popup to get user permission as well as open CMP popup to get user consent for GDPR purpose.

ATT isn't currently compliant with the IAB TCF or with GDPR prerequisites, so it can't be utilized as the lone consent collection system and should be utilized with the TrustCommander CMP.

Our recommended solutions

1. Most accepted solution : ATT first

From customer's experiences, the most accepted solution by Apple is to :

Open the ATT popin
Depending of user's choice on ATT :
1. if the user choose to allow the tracking, then open the TrustCommander popin to collect the consent
2. If the user refuse the tracking in the ATT popin, the user has to be considered as optout without opening the TrustCommander popin

2. ATT after TrustCommander

For some customer's this solution worked also :

Open the TrustCommander popin
Whatever the consent, open the ATT popin just after

This setup offers the advantage of allowing the user to consent certain purposes whatever his choice regarding the popin ATT tracking. Neverthe less this implementation is some time refused by some Apple reviewers

To go further, here a for France customers the position of the competition authority on this subject: https://www.autoritedelaconcurrence.fr/fr/communiques-de-presse/ciblage-publicitairemise-en-place-par-apple-de-la-sollicitation-att-lautorite

Android

This module will gather the consent and will:

Display a consent page (if needed)
Save consent and reload it every time the application is launched.
Save and check the validity of the consent. The validity duration is set to 13 months.
Send a hit to our servers to record the consent.
Enable or disable the SDK. (if used alongside the SDK)
Add the categories automatically to the hits the SDK sends. (if used alongside the SDK)

Privacy's Implementation Guide:

https://github.com/TagCommander/android/tree/master/TCPrivacy

User Guides

Categories & Tags

Manage Categories

Management of TrustCommander privacy categories.

TRUST> Categories & Tags (tab MANAGE CATEGORIES)

In this section you can manage your TrustCommander privacy categories and sub-categories. These categories will be used by your privacy center to provide users with detailed privacy management options.

Category options

Each TrustCommander privacy category has following options:

Managing categories

Default category

In case you use TrustCommander with TagCommander you can select a default category with a dropdown on the top left of the interface. New tags in TagCommander will automatically receive the default category as their privacy category. The default category has a * in the category list.

Creating categories

To add a new category press ADD CATEGORY on the the top right of the interface.

TrustCommander supports up to 10 categories.

Editing categories

You can edit a TrustCommander category by pressing the pencil icon to the right of the category.

Deleting categories

You can delete TrustCommander categories by pressing the x icon to the right of the category.

You need to regenerate your privacy banners after adjusting privacy categories. In case you install TrustCommander with TagCommander you will also need to regenerate your TagCommander container so that your tags have access to the updated categories.

IAB categories

TrustCommander is compliant with IAB TCF 2.0 (Link to official listing). To enable IAB categories go to TRUST > Options and activate the IAB option.

TrustCommander is compliant with IAB TCF 2.0 (Link to official listing) and can use predefined IAB TCF purposes instead of manually configuring categories. Go to TRUST > Options tab to activate IAB TCF 2.0 option for your account.

IAB TCF 2.0 purposes, special purposes, features and special features are automatically added to the CATEGORIES tab depending the vendors you add in the MANAGE VENDORS tab. You can still add custom categories that you can use side by side with the predefined IAB categories.

The description of IAB TCF 2.0 categories is automatically loaded from the IAB TCF 2.0 framework.

Manage Vendors

Management of TrustCommander privacy vendors.

TRUST> Categories & Tags (tab MANAGE VENDORS)

In this section you can manage your TrustCommander privacy vendors. These vendors will be used by your privacy center to provide users with detailed privacy management options.

Vendors

To enable native vendors go to TRUST > Options and activate the custom vendors option.

Click ADD VENDOR to add vendors to your TrustCommander installation. You can select vendors available on TagCommander (Predefined Vendors) or add custom vendors (Custom Vendor) by selecting the respective tab. A Commanders Act vendor is available by default.

Each vendor can be mapped to TrustCommander categories with the respective dropdown. This allows users to provide consent to all vendors of a category at once in the privacy center. A PEN icon allows to edit information of the vendor that is displayed in the privacy center. Following fields are available per vendor. A TRASH icon allows to remove the vendor.

It is possible to map vendors to multiple categories for stand-alone installation of TrustCommander. Tags in TagCommander can only be mapped to one category and vendor.

It is necessary to generate and deploy new version of privacy banners to deploy updates in the vendor section.

IAB vendors

TrustCommander is compliant with IAB TCF 2.0 (Link to official listing). To enable IAB vendors go to TRUST > Options and activate the IAB option.

Click ADD IAB TCF 2.0 VENDORS to manage the IAB vendors with your TrustCommander installation. You can either select all vendors or select specific vendors that are relevant for your setup.

The description of IAB TCF 2.0 vendors is automatically loaded from the IAB TCF 2.0 framework.

TrustCommander automatically configures purposes, special purposes, features and special features in the CATEGORIES tab depending on the selected vendors.

Google ACM vendors

To enable Google ACM vendors go to TRUST > Options and activate the IAB option and the Google ACM vendors.

Google Additional Consent Mode (ACM) allows to manage consent for Google Ad Technology Providers (ATP) (that are not part of the IAB TCF Global Vendors List) alongside IAB TCF vendors.

Add Google ACM vendor allows to add Google ACM vendors to add a Google ATP to your TrustCommander installation. Each vendor has to be mapped to a TrustCommander category.

Descriptions for the ATP that are shown in the TrustCommander privacy center are automatically loaded from the Google ACM list.

Google ACM vendor management only works with IAB TCF 2.0 banner templates.

Assign Categories

Assign TagCommander tags to TrustCommander categories.

TRUST > Categories & Tags (tab ASSIGN TAGS)

TagCommander tags can be assigned to TrustCommander categories & vendors in following locations.

In ASSIGN TAGS section of TrustCommander.
In the EDIT tab of TagCommander.

This section is only available in case you use TrustCommander with TagCommander.

Assign categories & vendors in TrustCommander interface

Categories & vendors are managed per TagCommander container. You can select a TagCommander container in the left column. Then you can manage following TrustCommander setting per tag on the right side of the interface.

This option enables TrustCommander to block a tag depending on a visitors privacy setting. It is possible to activate or deactivate this setting for all tags via the all and none buttons on top of the column.

You can assign one TrustCommander category to each tag. This allows visitors to block tags by deactivating the related categories in the privacy center.

You can assign one TrustCommander vendor to each tag. This allows visitors to block tags by deactivating the related vendor in the privacy center.

This option allows you to bypass the default behaviour of tags that are managed with TrustCommander. e.g. TrustCommander blocks tags that are included in the privacy scope until a visitor provides his consent in case the default account configuration is set to optout. Bypassing this option would allow you to therefore load tags before the visitor provided his privacy settings (e.g. on the first page). In case such tags are included in the privacy scope they can still be deactivated by the user depending on his privacy settings.

It is possible to activate or deactivate this setting for all tags via the all and none buttons on top of the column.

Additionally you can also manage these TrustCommander settings for following elements:

Containers have to be re-generated and deployed to apply these changes.

Assign categories in TagCommander interface

For convenience it is also possible to directly assign TrustCommander categories & vendors inside the Edit tab of TagCommander. Assigning a category & vendor also includes the tag in the privacy scope.

In case a new vendor is added to the account the tag will not be fired when a user provided an optin for the corresponding category. Therefore it is necessary to activate the "Re-activate privacy" option during the generation of a new banner version to re-ask consent. The option "Don't re-ask the consent to trigger this tag" will change this default behaviour so that the vendor will receive an automatic optin based on the corresponding category.

IAB TCF V2.0 option

In case you choose to manage tags with IAB 2.0 you do not need to assign IAB compliant tags in the category assignation tab. IAB compliant tags are automatically controlled by the IAB framework.

It is still possible to assign tags to categories to allow TrustCommander to manage them directly with TagCommander.

Privacy Banners

Banner Templates

A list of available banner templates in TrustCommander

TrustCommander offers multiple banner templates for different kind of privacy workflows.

Accessibility Template

WCAG standards : offer a privacy fully functional for people with disabilities

Among the available templates, one is dedicated to accessibility. It ensures compatibility with RGAA and WCAG 2.0 level AA standards.

Web Content Accessibility Guidelines (WCAG) is developed through the W3C process in cooperation with individuals and organizations around the world, with a goal of providing a single shared standard for web content accessibility that meets the needs of individuals, organizations, and governments internationally.

More information here : https://www.w3.org/WAI/standards-guidelines/wcag/

What is Web Accessibility ?

When websites and web tools are properly designed and coded, people with disabilities can use them. However, currently many sites and tools are developed with accessibility barriers that make them difficult or impossible for some people to use.

Making the web accessible benefits individuals, businesses, and society. International web standards define what is needed for accessibility.

Web accessibility means that websites, tools, and technologies are designed and developed so that people with disabilities can use them. More specifically, people can:

perceive, understand, navigate, and interact with the Web
contribute to the Web

With this template the main key point is to offer a privacy fully functional for people with disabilities.

Translation

The Accessibility template provides an automatic translation of different labels. This translation is based on navigator language. Currently, it supports : Italian, English, German, French and Russian.

Options :

1. Personalize translation

Banners

You can either add new translation or override aria labels by using the function tC.privacy.addTranslation() in the custom JS.

Labels available :

iframeTitle : Title attribute of the iframe

privacyLabel : Aria Label of the footer

acceptAria : Aria Label of the accept button

refuseAria : Aria Label of the refuse button

showPcAria : Aria Label of the “Show Privacy Center“ Button

Exemple :

tC.privacy.addTranslation({
  en : {
    // overriding
    iframeTitle : 'the iframe title you want',
    privacyLabel : 'the aria label you want',
    acceptAria: 'the aria label you want for accept button',
    refuseAria: 'the aria label you want for refuse button',
    showPcAria: 'the aria label you want for display the pc button'
  },
  ru: {
    // add new translation
    iframeTitle : 'the iframe title you want',
    privacyLabel : 'the aria label you want',
    acceptAria: 'the aria label you want for accept button',
    refuseAria: 'the aria label you want for refuse button',
    showPcAria: 'the aria label you want for display the pc button'
  }
})

Privacy Center

⚠️ To translate the privacy you must use another function: pc.addTranslation()

Available keys and their values :

var en = {
    "pcAria":"Cookie settings",
    "closePrivacyCenter":"Close the cookie setting dialog",
    "acceptAll":"Accept all",
    "refuseAll":"Refuse all",
    "saveLabel":"Save",
    "saveAria":"Save the current cookie settings",
    "acceptAllAria":"Accept all cookies",
    "refuseAllAria":"Refuse all cookies",
    "showVendors":"Show vendors",
    "showPurposes":"Show purposes",
    "vendors":"Vendors",
    "enableCookieLabel":"Enabled:",
    "enableCookieAria":"{label} cookies enabled",
    "disableCookieAria":"{label} disabled cookies",
    "turnOnSubCategoriesAria":"Enable {label} cookies",
    "turnOffSubCategoriesAria":"Disable {label} cookies",
    "cookieAlwaysOnSrPrefix":"",
    "cookieAlwaysOnSrSuffix":"",
    "cookieSrPrefix":"",
    "cookieSrSuffix":"",
    "showRelatedVendors":"Show related vendors",
    "privacyPolicy":"Privacy policy",
    "categories":"Categories"
}

Some of the translation accept a label as {label}. The label here is always the label of the category.

The last keys with SrPrefix/SrSuffix have empty translation by default. These keys are used for “sr-only” text which are prefixing and suffixing the category name. These text are only readable by a screen reader.

cookieSr are used when the category isn’t locked

cookieAlwaysOnSr replaces cookieSr if the category is blocked to on

Example:

pc.addTranslation({
  en : {
    // Override english Aria Label
    closePrivacyCenter: 'Close the privacy center', 

  },
  ru : {
    // you can also add a new language
    closePrivacyCenter: 'Close the privacy center',
      },
})

2. Force Translation

By default, texts provided to screen readers is translated depending on the navigator language. In some case you may want to display a privacy in english for example even if the navigator language is another one. ie : with an ISO language code in the url

You can force the privacy to take a language by using the function setLocale in the Privacy Center > Custom JS field > JS Block Before :

pc.setLocale("fr");

Value can be : fr, it, de, ru or en

Note : this function must be placed after the translation declaration.

3. Focus Trap

The focus trap is an accessibility option designed so that keyboard user have their navigation locked to the banner. Pressing the TAB key would cycle between the different navigation elements of the banner without going on your website. This is an accessibility recommendation when using modal on a webpage.

You can deactivate the focus trap by adding the following JavaScript snippet to the custom JS of the accessibility template banner:

tC.privacy.enableFocusTrap(false);

Manage Banner

Options to create and edit banner templates.

TRUST > Privacy banners

Creating Privacy Banner

Click ADD PRIVACY BANNER in the top right of the interface to add a new banner to your account. Each template has following options:

Update Privacy Banner

You can open and edit the privacy banner settings via the gear icon on the top left of the interface.

Changing banner templates might not work for customised privacy banner templates. Please contact your Commanders Act consultant or support in case you are unsure if your banner was customised before using this option.

Customise banner content

TRUST > Privacy banners (tab EDIT BANNER)

Options for banner customisation

All banner templates can be customised with a WYSIWYG editor. Following options are available for all banners (except IAB TCF and Popin with Categories templates).

Options to manage the main text content of your banner.

Content: Text content (supports HTML formatting and links).
Font color: Text color.
Background color: Background color of the content area.

Options to manage up to two buttons.

Label: Button text.
Font color: Color of the button text.
Background color: Background color of the button.
Button action: Action the button performs (e.g. optin to all categories or open privacy center).
Button Position: Change Button Position to Top/Bottom of the banner. Only one button can be positioned to top.

Custom CSS that can be used by advanced users to customise the banner style. This CSS is applied globally to your website, avoid to use global selectors and use the HTML ID attribute of the banner elements instead.

Advanced customisation options. Please contact your Commanders Act consultant or support before using these.

Changes have to be saved with the SAVE button.

Options for privacy center customisation

Following options are available for the privacy center and "Popin with categories" templates.

Options to manage the main text content of your banner.

Categories introduction: Introductory text of the category tab (supports HTML formatting and links)
Vendors introduction: Introductory text of the vendor tab (supports HTML formatting and links, only visible in case IAB TCF 2.0 or custom vendors were activated)
Font color: Text color.
Background color: Background color of the content area.

Options to manage the privacy categories of the privacy center. These categories are based on the categories managed in the Categories & Tags part of the interface.

Order: Drag and Drop sorting of Categories.
edit icon that allows to overwrite the default name and description of categories and sub-categories that have been provided in the
Categories & Tags section of the interface for this banner (used for localisation).
Checkbox that allows to hide a category (below edit icon).
Categories Blocked On: Checkbox that permanently enables a category that can not be deactivated by visitors (e.g. for an "essential cookies" category)
IAB TCF 2.0 option: IAB purposes, special purposes, features and special features are automatically displayed on the basis of selected vendors in Categories & Tags / Manage vendorssection. The categories translation is done automatically depending on the user’s browser language settings. Non-IAB categories will be displayed after the official IAB categories in the banner.

Options to manage and translate descriptions of custom vendors. IAB TCF 2.0 vendor descriptions and translations are managed automatically by the IAB TCF 2.0 framework.

Vendor Description: Description displayed in the vendor tab.
Hide Vendor: Options to hide the vendor from the banner.
Order of vendors can be changed via drag & drop. (IAB TCF 2.0 vendors are always displayed before custom vendors).

Options to manage the save button, and the category controls of the privacy center.

Label: Button text.
Font color: Color of the button text.
Background color: Background color of the button.
Default status of buttons (IAB and non-IAB) to accept or refuse categories and sub-categories:
- "On": "On" is chosen by default for categories/sub-categories (IAB and non-IAB) in the Privacy Center. When the visitor leaves it as such, their status for browsing is “optin”.
- "Off": "Off" is chosen by default for categories/sub-categories in the Privacy Center. When the visitor leaves it as such, their status for browsing is “optout”.
- "Neutral position": In this position, neither "On" nor "Off" is chosen by default for categories/sub-categories in the Privacy Center. The user must choose “On” or “Off” for each of the categories and sub-categories to be able to save their preferences and continue browsing. The “Warning message” field allows you to personalise the message that will appear to the left of the save button in the Privacy Center: this will inform the user that they must give or refuse their consent for all the categories before saving.
Default status of buttons to accept or refuse vendors (IAB and non-IAB):
- "Off": The default status of vendors is "Off". When a new visitor accepts consent categories in the privacy center for the first time the vendors are not not activated based on their linked categories.
Label for "Off for all": "Off for all" button text if the user wants to give their choice for all of a category’s sub-categories in one click.
Label for "Off" button: "Off" button text which appears in the Privacy Center (e.g. you can replace it by “No”).
Label for "On for all": "On for all" button text if the user wants to give their choice for all of a category’s sub-categories in one click.
Label for "On" button: "On" button text which appears in the Privacy Center (e.g. you can replace it by “Yes”).
"ON blocked" look & feel: Styling of on blocked Categories (Checkbox or Text)

Custom CSS that can be used by advanced users to customise the banner style.

Advanced customisation options. Please contact your Commanders Act consultant or support before using these.

Changes have to be saved with the SAVE button.

Advanced Options for IAB TCF Banner

Customise Publisher Country Code Field

Option to manage the publisherCC field of the IAB TCF API.

TrustCommander sets this value to "FR" by default in the IAB response. The publisher country code field can be customised with following JavaScript snippet (should be implemented in the first container on the website.).

Example to set the publisher country code field to a German country code:

Customise Purpose One Treatment Field

Option to manage the purposeOneTreatment field of the IAB TCF API.

IAB TCF offers this field to specify how purpose one should be treated in specific scenarios.

true: Purpose 1 not disclosed at all. CMPs use publisherCC to indicate the publisher's country of establishment to help Vendors determine whether the vendor requires Purpose 1 consent.

false: There is no special Purpose 1 treatment status. Purpose 1 was disclosed normally (consent) as expected by TCF Policy

TrustCommander sets this value to false by default in the IAB response. The purpose one treatment field can be customised with following JavaScript snippet (should be implemented in the first container on the website.).

Neutral vendor buttons

You can change the vendor button type to neutral if you choose the neutral position as the default status.

You can't choose a neutral position for IAB categories (purposes) as it's not allowed by the framework policy

Synchronisation mode between vendors and categories

You can choose to synchronise vendors status with categories, choosing to do it only for neutral buttons or always. If you use an IAB TCF template, this option will not have any effects on TCF vendors, as the TCF framework doesn't allow this.

IAB TCF Stacks `Beta`

Only available for IAB TCF 2.0 banner.

Right now IAB TCF Stacks are in beta in TrustCommander. They are activated with a JavaScript command that needs to be added to the privacy center CUSTOM JS field JS BLOCK BEFORE.

TrustCommander offers two options to activate Stacks:

This option uses an algorithm to automatically find the tightest Stack combination for the configured vendors. This option is the recommended approach.

Purposes may only be included in one Stack. In case of a bad configuration TrustCommander ignores IAB Stack configuration and provides an error in the browser console.

Move native Categories above IAB Purposes

Per default IAB Purpose controls are placed above native category controls. It is possible to display native categories above IAB TCF Purpose controls by adding following JavaScript snippet to the CUSTOM JS field JS BLOCK BEFORE of the privacy center.

The "Other" headline of the native category controls can be translated by adding following configuration snippet to the CUSTOM JS field JS BLOCK BEFORE of the privacy center.

Deploy Banner

Options to generate and deploy banner.

TRUST > Privacy banners ( tab GENERATE & DEPLOY)

Generate Banner Versions

To deploy a new or updated banner it is first necessary to generate a new version of the banner. Click GENERATE to open the modal dialogue.

You will have following option when generating a new container version.

Preview New Banner Versions

You can preview and test new banner versions by clicking the TEST option on the right site of the banner version in the banner version list. This will preview the banner on a demo website.

It is recommended to test new banner on a test environment of the real website before deploying it.

Banner Deployment Options

The deployment process of a new banner version varies depending on the selected hosting method of the privacy banner. You can select the hosting method of a banner in the privacy banner settings that can be accessed with the gear icon on the top left of the interface (beside the privacy banner name).

Commanders Act CDN

Commanders Act CDN ensures a reliable and performant hosting of your banner. It allows to deploy banners automatically and in real-time.

Click DEPLOY to deploy a banner to the Commanders Act CDN.

On premise (self-hosted)

This option allows to self-host privacy banner. It therefore requires manual effort on each update. For on premise hosting it is necessary to provide the URL of the folder where the on premise banner is hosted. Example:

http(s)://www.mydomain.com/myfolder/

Click DOWNLOAD to download on the right side of the new banner files and manually update them on your server.

Container vs. Banner Deployment

In case both TagCommander and TrustCommander are used to manage tags it is important to understand what needs to be generated and deployed for different update scenarios. Following table lists the elements that needs a generation and deployment for common scenarios.

Copy Banner

Options to copy privacy banner with the Commanders Act copy management.

Admin > Copy management.

Commanders Act copy management allows to copy privacy banner. Privacy banners can be copied within the same account or transferred to another account.

Copying a Banner

Steps to copy a banner with copy management.

Step 1

Select Privacy banner(s) in the Elements to copy dropdown.

Step 2

Use the Site containing the privacy banner(s) to copy dropdown to select the site where the privacy banner is located that you want to copy.

Step 3

Select one or more privacy banner that you would like to copy in the Privacy banner(s) to copy dropdown.

Step 4

Choose one or multiple target sites where you want to copy the selected privacy banner with the Destination site(s) dropdown.

Step 5

You can copy your privacy banner to a new template by selecting Yes in the Copy the privacy content to a new template option.

After this you will be able to select the new template in the Destination template dropdown.

This will keep the content (text, selected color, etc.) of the banner and change the template.

This option might not work for customised privacy banner templates. Please contact your Commanders Act consultant or support in case you are unsure if your banner was customised before using this option.

Step 6

Click COPY in the top right corner of the interface to copy the banner with the selected options.

Dashboard

The TrustCommander performance dashboard provides insights into critical KPIs of your consent management setup.

Interface

The dashboard provides KPIs for each individual TrustCommander banner. You can customise the dashboard by adjusting filter settings at the top left of the interface. TrustCommander provides the following filters:

Configures which privacy banners are displayed in the dashboard table.

Allows to filter dashboard metrics for typical device types. Depending on the browser settings of your website visitors, device recognition might not be 100% accurate.

Allows to filter dashboard metrics for data inside and outside the EU.

Time selection

On the top right you will find options to filter data for a specific time range by specifying a start and end date. The dashboard will show metrics including the selected start and end date.

To select only one day, the day has to be clicked twice in the date picker so that both the start and end date are set to the needed day.

Export options

It is possible to export CSV reports via the EXPORT option on the top right in the interface. Reports will only include data for the selected timeframe.

Data collection is done in real-time, but metrics calculation is updated overnight, therefore no data is available in the dashboard for the current day (if you need immediate data, you can export the raw consent data via the "Options" page).

Measurement approach

TrustCommander measures privacy banner interactions to calculate consent KPIs.

All metrics are visitor/ traffic based and not user based. TrustCommander therefore sets a 1st party cookie TCPID on website visitors. It deduplicates certain metrics (e.g. opt-in actions) of a visitor based on this cookie. TrustCommander identifies visitors as new visitors in case they delete this cookie.

Optin vs. optout action

To understand dashboard metrics it is important to understand how TrustCommander measures optin and optout actions.

An optin action occurs when a visitor...

clicks the accept button of the privacy banner.
saves the privacy center with at least one category set to "on".
navigates to a second page (only in case implicit "on navigation" consent was installed).
scrolls on the landing page (only in case implicit "on scroll" consent was installed).
clicks any element on the website (only in case implicit "on click" consent was installed).

An optout action occurs when a visitor...

clicks the reject button of the privacy banner.
saves the privacy center with all categories off.

Examples

Following examples outline a hypothetical scenario with only one website visitor to explain the measurement approach:

Example 1

A new visitor arrives at a website with a TrustCommander privacy banner.
He accepts the privacy banner and immediately navigates to the privacy policy page.
There he re-opens the privacy center and revokes his prior consent.

This would lead to one optin action and one optout action and two banner views. TrustCommander deduplicates action and therefore only uses the last action of a visitor to calculate the consent KPIs per day. Additionally it deduplicates the banner views per visitor per day therefore only counts one banner view in this scenario. This user journey leads to an optin rate of 0%, a no choice rate of 0%, and optout rate of 100%.

Example 2

A new visitor arrives at a website with a TrustCommander privacy banner.
He does not interact with the banner and leaves the site immediately.
On the next day he returns to the website.
He accepts the privacy banner and immediately navigates to the privacy policy page.
There he re-opens the privacy center and revokes his prior consent.

On the first day this would lead to no action and one deduplicated banner view. On the second day this leads to one deduplicated optout action (see Example 1) and one deduplicated banner view.

For a selected timeframe that only includes the first day this would result in a no choice rate of 100%. For a selected timeframe that only includes the second day this would result in a optout rate of 100%. For a selected timeframe that includes both days this would result in an optin rate of 0%, a no choice rate of 50%, and an optout rate of 50%.

This measurement approach and the following metrics are based on the standard usage of TrustCommander banner templates. In case of a banner customisation or custom workflow, part of the metrics might have a different meaning.

Dashboard metrics

Following you will find detailed descriptions of each metric in the dashboard. When available you can expand the line to get the break down by categories.

Global

Metrics are deduplicated each day. On 23/09/2021 the calculation method has changed to take into account both banner displays and Privacy Center displays (previously, only banner displays were taken into account). When displaying the dashboard after this date, every date range will take into account Privacy Center display.

How engaged visitors react to CMP?

How visitors interact with the CMP banner?

How visitors use the privacy center?

Understanding metrics

No choice vs. Bounce rate

In an optin configuration (no tracking before a user provides consent), bounce rate tracking is not possible anymore as bouncers usually won't interact with the website and therefore won't provide consent for analytic services. The no choice metric of TrustCommander can help to get an idea on your bounce rate, but it is not the same metric!

In a default optin configuration, the "no choice" is expected to include:

Normal cases:

Visitors who do not provide an optin and leave the website (bounce)
Visitors who do not provide an optin and continue to browse the website without closing the privacy consent message (possible with header/ footer banner templates, less likely with a popin template that blocks website navigation)
Visitors who do not provide an optin who continue browsing the website after closing the privacy consent message with the closing cross

Special cases:

Visitors that are redirected by an internal redirect of the website (for example due to a language redirect on the landing page)
Mobile visitors who are redirected to the mobile app when arriving on the landing page in a mobile browser
Visits of bots like web crawlers. Common bot traffic is excluded but industry specific crawlers might increase "no choice" percentage

At the time of the first release of TrustCommander the no choice rate is expected to be close to your bounce rate. The metrics will then start to differ over the following time.

AB testing

The performance of privacy banner is crucial for the success of any data driven marketing activity. Therefore it is especially important to perform AB tests of your privacy banner to improve the user experience of your website visitors and to improve your consent KPIs. For AB tests it is common to set a goal to minimise the no choice and optout KPIs.

TrustCommander dashboard makes it very easy to compare metrics of two banners set up for AB test side by side by adding the AB test banners via the PRIVACY filter option.

Please contact your Commanders Act consultant in case you need support in setting up AB tests for your TrustCommander setup.

Exports

Export raw consent data

Manual or Scheduled export

You can export the raw consent data in the Options menu.

You can download consent data once, or schedule a recurrent export, by email or FTP.

Export fields

The export includes the following fields:

In case vendors are activated for the account, it is possible to include vendor optins in the export by switching the "Include Vendors in Export" toggle. This will increase export size considerably.

IP address is not stored

Storage retention

The option "Consent storage duration in database" allows to set a duration (in month) the consent data is stored in the consent database (which is used to prove consent). Be careful when changing the setting to not lose old consents by accident! You will be shown a prompt after changing the value to confirm the new duration. The maximum storage duration is 13 months. In case you need a longer storage duration, please contact your Commanders Act support or consultant.

Options

Global TrustCommander settings.

TRUST > Options.

Only administrators can view and change these account configurations.

Account Default Configuration

Default optout / optin

This setting allows you to handle how tags should be handled in case no consent was yet provided by a user.

Your tags are not loaded when a user visits your site. They will be fired when the user continues browsing, unless they refuse cookies beforehand.

With the General Data Protection Regulation (GDPR), this is the default setting you should choose.

Your tags are loaded when a user visits your site. They are only disabled if the user explicitly refuses cookies.

This setting is not compatible with the General Data Protection Regulation (GDPR).

By default, accounts are configured in optout mode since it is the most popular and is GDPR compliant.

IAB TCF compliancy

This option enables the IAB TCF 2.0 framework for your account. This will enable IAB TCF 2.0 banner, categories and vendors.

This option enables the Additional Consent Mode (ACM) for Google Ad Technology Providers (ATP) for your account. This will enable Google ACM vendor management in the Categories & Tags section and extends the IAB TCF API according to the ACM specification.

Vendor management

This option activates vendors. This will enable vendor management options in the Categories & Tags section and enables a vendor management screen in your privacy centers that allows users to manage consent per vendor (requires re-deployment or banners).

Localisation

This option allows to select country codes (e.g. fr for French) that are used to localise the cookie notice of the cookie scanner feature. It is possible to add default country codes by clicking in the white area and selecting a country code from the dropdown. Additionally custom country codes can be added by clicking in the white area and typing the custom country code. The custom country code is saved after pressing Enter.

It is recommended to use the default country codes listed in the auto-complete dropdown. This allows to localise the cookie notice based on language settings of browsers.

See dedicated documentation here.

These settings allow you to modify the default name, separator and subdomain of your privacy cookie.

Changing the cookie name, separator or subdomain can have unwanted side-effects depending on your TrustCommander setup. Please contact your Commanders Act consultant or support before applying changes.

Extensions

Cookie Scanner

The cookie scanner module allows TrustCommander users to monitor cookies on their website and to provide users with an automated cookie notice.

Overview

TrustCommander offers a cookie scanner that continuously monitors websites for cookies in realtime. The scanner has access to a database of common analytics and marketing cookies and can therefore provide ready to use descriptions and information. This cookie information can be used to install a dynamic cookie notice on the website that provides transparent information about the used cookies and their purpose to visitors.

Scan Cookies

Mechanisms

Cookie scanner combines three mechanisms to identify cookies on websites:

Cookie Scanner uses a JavaScript tag that is directly deployed on the website (e.g. with TagCommander). The JavaScript tag scans cookies of website users in realtime. This allows to identify cookies that are set in very specific scenarios e.g. it allows to identify cookies that are only set for a specific geolocation or behind a log-in form.

The tag also monitors the 3rd party domains the website communicates with (e.g. for an Analytics service). This information is used to infer 3rd party cookies via the cookie scanner cookie database.

JavaScript tags have limited access to cookie information—therefore cookie scanner enriches the information identified with the JavaScript tag with information received with the Chrome extension and cookie database.

Not all cookies are accessible to JavaScript tags. The Commanders Act Assistant Chrome extension has more technical capabilities to scan missing cookie information. To use the Chrome extension it just needs to be installed in an up to date Chrome browser. After that it starts scanning cookies while surfing the website. This provides a powerful mechanism to identify cookies in all areas of the website, no matter they require a log-in.

Commanders Act recommends to install the Chrome extension on multiple team members across different country teams to cover a wide range of use cases.

Some technical systems (like Drupal) create dynamic cookie names. Cookie Scanner therefore groups cookies when 5 or more cookies start with the same 4 characters. (e.g. abcd123, abcd2345, abcd3456, etc.)

Cookie scanner can scan following types of cookies:

Cookie Scanner scans following fields per cookie:

Cookie scaner doesn't store cookie's values

TRUST > Cookie Scanner > EDIT (Tab)

In the edit step of the cookie notice it is possible to investigate, edit and enrich cookie information.

Sections

All identified cookies are listed in three groups:

New lists new Cookies that have not yet been manually investigated
Active lists Cookies that should be shown in the cookie notice
Ignored lists (internal) Cookies that should not be shown in the cookie notice

It is possible to edit the information of each cookie by pressing the Pen icon to the right on the table. This will open a cookie dialogue with following options:

It is possible to add custom cookies by pressing the ADD COOKIE button on the top right of the interface. This will open a cookie dialogue that has the same fields as the edit cookie information dialogue. Additionally it has a Name field that allows to set the name of the custom cookie.

Activate, Deactivate or Delete Cookies

New cookies and inactive cookies can be activated via the Checkmark icon. This adds them to the Active cookies list.

Active cookies and be deactivated by clicking the Stop sign icon. This adds them to the Inactive cookies list.

Inactive cookies can be deleted with the Trash can icon. This removes the cookie from the list entirely.

Cookies that should not be shown in the cookie notice should be kept in the inactive list and not deleted. Otherwise they will re-appear as soon as the cookie scanner identifies them again.

Localisation is not available yet.

It is possible to localise cookie information. This allows to translate important information of each cookie for the cookie notice that can be embedded on a website.

To localise cookie information it is first necessary to select supported languages. To select supported languages go to TRUST > Options and select the country codes of the languages the cookie notice should be made available in. It is recommended to select country codes from the dropdown, but it is also possible to add custom country codes. Cookie Scanner offers automatic translation of predefined information for common languages (EN, FR, DE, IT).

After selecting the needed country codes the cookie information can be translated in the EDIT step of the interface. To translate a cookie click the Pen icon to open the edit modal. There it is possible to select a country code via a dropdown. Then adjust the setting the fields to translate them. You can preview the cookie list in a specific language by using the country code dropdown in the top right of the interface.

Following fields support localisation:

Vendor Label
Category Label
Description
Custom Fields

Labels

The cookie list displays optional labels for each cookie in the cookie list to inform about important information and notifications.

TRUST > Cookie Scanner > DEPLOY (Tab)

The DEPLOY (Tab) interface is used to install, create and deploy a cookie notice on a website. It provides a versioned list of cookie notices that were created within the account.

After all cookie information was setup in the EDIT (Tab) it is possible to install the cookie notice on a website. The cookie notice is available in 3 versions:

1. Javascript snippet

Copy/past the js code on your legal page to automatically build the cookies list table.

2. HTML Table

The HTML table is the recommended way to install a dynamic cookie notice on websites.

For this it is recommended to setup both a JavaScript tag (e.g. tag template 'TRUST | Install Cookie Notice' in TagCommander) and a placeholder <div> on the website (e.g. in the Content Management System). The placeholder is a slot where the table should be inserted and the tag loads the table and inserts it into the slot.

Both the <div> and the tag need to be configured with a common id. e.g. in case the placeholder <div> has following id: <div id="ca-slot--cookie-notice"></div> it is necessary to set the parameter #PLACEHOLDER_DIV_ID# of the tag template TRUST | Install Cookie Notice to ca-slot--cookie-notice .

Endpoint of the HTML file:

https://cdn.tagcommander.com/cookie-scanner/<site_id>/v1/cookies-<language_code>.html

site_id: Commanders Act site ID (e.g. 1234).

language_code: Language of the cookie notice (e.g. fr, default language is en).

The HTML table uses semantic and accessible table HTML. This ensures that the table uses the default styling of your website. The style of the table can be directly adjusted with the CSS of the website. In case you need help styling you can reach out to your Commanders Act consultant.

3. JSON API

The JSON API provides a method to install a cookie notice for advanced use cases. It provides all cookie information in a structured data format that can be used by technical users to create custom functionalities. The JSON API can e.g. be used to inject a custom cookie notice into a native App.

Endpoint of the json file:

https://cdn.tagcommander.com/cookie-scanner/<site_id>/v1/cookies-<language_code>.json

site_id: Commanders Act site ID (e.g. 1234).

language_code: Language of the cookie notice (e.g. fr, default language is en).

Before it is possible to deploy updates to the cookie notice it is necessary to create a new version. To create a new cookie notice version click the NEW VERSION button on the top right of the interface. This will take all cookies in the Active list of the EDIT (Tab) to create the cookie notice. In the new version dialogue it is possible to provide a comment that explains changes in the new version for internal reference.

The Play button to the right of a cookie notice version can be used to preview a cookie notice. This will not apply any styling of the website so the look will differ compared to the cookie notice on the website.

A Down Arrow button is available for each cookie notice version. It allows to download the cookie notice in all localisations in HTML, JSON, CSV and XSLX format. In the XSLX one tab is included per language. For all other formats a ZIP will be provided that includes one file per language.

The DEPLOY button to the right of each cookie notice version can be used to deploy a cookie notice to the website. This allows to deploy new versions, but allows to roll back to older version in case of issues.

Options

Custom Fields

Cookie Scanners allows to add custom fields to provide additional details per cookie. These fields can be added inside of the feature settings accessible via the Gear icon. It is possible to re-arrange the fields by changing their order via drag and drop.

User Rights

User Rights for Cookie Scanner are not yet available.

Cookie Scanner offers following user rights:

Filters

You can filter your cookie's list by host (website) and language

TagFirewall

TagFirewall can whitelist or blacklist tags.

TagFirewall is a paid extension that can be installed with TagCommander or run in standalone mode. Please contact a Commanders Act consultant or account manager to activate it.

Overview

TagFirewall blocks unauthorised tags (domains) in real time. This can e.g. help to block and reduce the risk of piggybacking tags. TagFirewall is highly dynamic and can therefore enrich an existing Content Security Policy (CSP) setup to resolve critical issues with tags in minutes or replace the need for a Content Security Policy (CSP) entirely. TagFirewall offers two modes:

Blacklist Mode

This mode blocks tag communication with a configurable list of domains. Communication with all other domains is still permitted.

Whitelist Mode

This mode blocks tag communication with all domains except a configured whitelist.

Setup

TagCommander

TagFirewall can be set up and configured with the tag template "TagCommander - TagFirewall" in TagCommander.

Standalone

TagFirewall can be set up and configured with a custom JavaScript tag for all other installations. The tag has following options.

Examples

The tag should be included in the <head> of your document. It can only block tags that are loaded after the TagFirewall tag and JavaScript library file.

Tag Hierarchy

Tag mapping: View all your site's tags and their relationships on a map.

Focus by page type: Filter by page type (conversion page, product page, cart, etc.) and optimize the orchestration of your different tags for these pages in particular.

Marketing Preferences Center

Marketing Preferences Center (additional module)

What is our Marketing Preferences Center?

Marketing Preferences Center is part of our Consent management Premium offer. It allows you to build a personalized Preferences Center where online and offline consents are merged around unified users and stored in the same database.

Then, you can easily create and customize a web page to display this information to visitors who want to manage their consents and personal information.

It turns a legal page into a preference center that is way more valuable for a customer as it is more like a sharing space between the brand and their visitors/clients rather than just a way to collect the consent.

How it works?

Marketing Preferences Center is a realtime searchable nosql database. We provide also a dedicated API to read and/or write consents on this database (https://community.commandersact.com/trustcommander/api/get-consents)

· Consents are collected through our Trust Commander CMP solution (native integration)

· Consents coming from a CRM database could be added with our FTP importer files or our API (https://community.commandersact.com/trustcommander/api/get-consents)

· Our customers can personalize the look and feel of their marketing preferences center page, we don’t host the webpage.

· Paid option: our customers can choose to receive regularly a full consents database copy to have a backup on their side

Limitations:

The API accepts a maximum of 20 preferences

Knowledge Base

Consent Object

Description of the Consent Object format that is used by the onsite API to receive and update consent.

The Consent Object is a standardised way to represent consent throughout all methods of the onsite JavaScript API (similar to the IAB TCF consent string). The object holds a meta property that includes metadata like the validity of the cookie and a consent property that holds that current consent settings stored on the browser.

The onsite API and Consent Object is the official way to access the consent settings of TrustCommander with JavaScript. The direct usage of the Consent Cookie is deprecated.

{
    meta: {
        version: "1.0",
        tcfPolicyVersion: "2",
        siteId: "1234",
        bannerId: "12",
        bannerVersion: "50",
        consentId: "183049723840253",
        dateCreated: 1614174067000,
        dateUpdated: 1614185078030,
        dateExpires: 1614236789942
    },
    consent: {
        status: "all-on|all-off|mixed|unset",
        categories: {
            "1": {
                status: "on",
                required: true
            },
            "2": {
                status: "on|off|unset"
            },
            "tcf2_1": {
                status: "on|off|unset"
            },
            "tcf2_2": {
                status: "on|off|unset",
                legIntStatus: "on|off|unset"
            },
            "tcf2_sf_1": {
                status: "on|off|unset"
            }
        },
        vendors: {
          "1": {
                status: "on|off|unset"
          },
          "tcf2_1": {
                status: "on|off|unset"
          },
          "tcf2_2": {
                status: "on|off|unset",
                legIntStatus: "on|off|unset"
          },
          "acm_1": {
                status: "on|off|unset"
          }
        }
    }
}

Meta Properties

The meta property includes metadata and context for the consent that was provided on a browser.

The consent property includes detailed information about the consent provided on the browser.

Category and Vendor IDs are prefixed with an identifier in case they are managed by a consent framework.

Consent cookies exemption

For its own operations, our Consent Module sets 1st party cookies to store the user's consent and to report anonymous consent statistics.

These cookies are necessary for the proper functioning of the collection of consent and the reporting of anonymous statistics. To this regard they are exempt from the obligation of consent.

Consent storage cookies differ depending on the banner template used:

standard templates: TC_PRIVACY & TC_PRIVACY_CENTER
IAB TCF templates (local storage) : TC_PRIVACY_IAB_VENDORLIST & TC_PRIVACY_TCF

A 1st party cookie is set to be able to collect anonymous statistics of consent: TCPID. We have worked together with the CNIL France to design the setting and processing of this cookie to strictly comply with the rules of the RGPD and in particular the rules enacted by the CNIL in 2019.

In order to be exempt from consent in accordance with article 82 of the Data Protection Act, these tracers must:

have a purpose strictly limited to measure the audience of the site or application (performance measurement, detection of navigation problems, optimization of technical performance or its ergonomics, estimation of the power of the necessary servers, analysis of content consulted) for the exclusive account of the publisher
be used to produce anonymous statistical data only

Conversely, to be exempt from consent, these tracers must not:

lead to a cross-checking of the data with other processings or the data to be transmitted to third parties
do not allow the aggregate tracking of the user's navigation across different applications or websites. Any solution using the same identifier across several websites (for example via cookies placed on a third-party domain loaded by several websites) to cross, split or measure a unified coverage of a content is excluded.

CNIL recommendations

To put in place solutions that respect people's rights, the CNIL also recommends that:

users are informed of the implementation of these tracers, for example via the privacy policy of the site or the mobile application
the lifespan of the tracers is limited to a period allowing a relevant comparison of audiences over time, as is the case with a period of 13 months, and that it is not automatically extended on new visits
the information collected through these tracers is kept for a maximum period of 25 months
the above-mentioned retention periods are subject to periodic review in order to be limited to what is strictly necessary
for FR market : link the Consent Statistics to a category of cookies which can be turn off by the users on 'refuse all'
for FR market : if you decide to do not link the Consent Statistics to a cookies category, you will be must to provide to your users another way to be optout of Consent Statistics. We provide an FR implementation guide for Optout statistics, as recommended for CNIL compliance

A subcontractor can provide a benchmarking service to multiple publishers if:

the data is collected, processed and stored independently for each publisher
tracers are completely independent from each other

Implementation guide for exempted consent statistics FR market

Please download our implementation guide for Trust exempted statistics for CNIL compliance of France market

Consent Cookie

Format of the TrustCommander consent cookie.

The received via the onsite API is now the official way to access the consent settings of TrustCommander with JavaScript. The direct usage of the consent cookie is deprecated.

TrustCommander stores the consent of website visitors in a 1st party cookie.

This article only explains the consent cookie. you can find a list of all TrustCommander cookies.

Name

The default name of the consent cookie is TC_PRIVACY. It can be configured in TRUST > Options.

Domain

The cookie is set as a 1st party cookie. The subdomain/domain of the cookie can be configured in TRUST > Options

Value

The value consist of multiple fields separated by @ symbols. The separator can be configured in TRUST > Options .

The consent cookie format is not 100% guaranteed to stay stable. We try to keep the format as stable as possible and extend it with "append only approach (adding new information with a new @)", but changes might happen in the unforeseeable future due to limited storage space in cookies.

The cookie value follows following pattern (optional elements are wrapped in []).

<status>@<privacy_version>[|<tcf_version>]|<banner_id>|<site_id>@<consent_categories>@<blocked_on_categories>@<updated_timestamp>,<creation_timestamp>,<to_expire_timestamp>[@<tcf_vendor_consent_string>]

Examples

Example1: Optin for some categories

0@002|12|3441@1%2C3@4@1592900933049@1592900933049

Example 2: Optout for all categories

1@012|26|4221@@4@1592900933049@1592900933049

/!\ good to know : special caracters such as "@" or "|" are encoded in the cookie value %2C = "," %7C = "|" %40 = "@"

IAB TCF V2.2 Release details

Introduction

In February last year, the Belgian Data Protection Authority (APD, “Autorité de Protection des Données”) issued a decision against IAB Europe related to the Transparency and Consent Framework (TCF), fining the organization 250k€ and instructing it to come up with a plan to solve the issues that were identified.

Since then, IAB Europe has come up with a plan to update its TCF, which will come into action over the following months. In this article, we review the context surrounding the APD decision, catching you up on the events from last before presenting IAB Europe’s action plan, and finally going over what these changes will mean in practice for Commanders Act users.

March 2023 update: On March 15th, 2023, IAB Europe confirmed that the Belgian APD has voluntarily suspended the six-month implementation period of IAB Europe’s action plan. As a result, the July 2023 deadline no longer applies. It’s now reported for Q4 2023

For more details and pending additional information, read the official IAB communication here.

More than a year ago, on February 2nd, 2022, the Belgian APD issued a decision against IAB Europe citing 4 issues with its Transparency and Consent Framework (what’s the TCF? Learn more here). According to the Belgian APD:

The Transparency & Consent (TC) string, the consent signal stored by players in the advertising industry, is personal information. As such, participants should establish a legal basis.

IAB Europe is a data controller of that information, whether or not it processes the consent information

IAB Europe is a joint controller with TCF participants (vendors, CMPs, publishers)

Security measures in place to protect the integrity of the consent signal were not sufficient

IAB Europe was subsequently fined and instructed to come up with an action plan to solve these issues. The IAB Europe, along with some TCF participants, has worked on the action plan and submitted it to the APD in April 2022. Despite additional procedural events in September, the action plan was reviewed on January 11th by the Belgian APD.

Of course, we will communicate with Commanders Act customers with specific action points before then.

What is going to change in 2023 for the TCF?

Here are the main changes and obligations that will impact your Consent Management Platform if you’re using the TCF after April 2023:

New TC string special purpose

Users of the TCF will be required to add a new (special) purpose to the classification of purposes in the TCF, informing their users that they are capturing and sharing data subject choices via the TC String.

No more legitimate interest for targeted advertising

Going forward, users won’t be able to rely on legitimate interest for personalized advertising.

Specifically, the purposes impacted will be purpose 3 (create a personalized ads profile), purpose 4 (select personalized ads), purpose 5 (create a personalized content profile), and purpose 6 (select a personalized content profile).

Mandatory disclosures in the second layer of the CMP

After April, users of the TCF will be required to disclose new information in their CMP second layer:

The legitimate interests at stake
The categories of data collected and/or already held by Vendors
The retention periods (in the Vendors’ description)

Vendor-related changes

Publishers will be presented with a warning about the impact that a large number of vendors can have on the ability of users to make informed choices.

Additionally, the number of vendors will need to be disclosed in the first layer of the CMP. Finally, we will recommend using event listeners to ensure proactive communication of changed TC String to vendors.

As a Commanders Act customer, what am I supposed to do?

As a Commanders Act customer, what do these changes in the TCF mean and what are you supposed to do? Don’t worry, we’ve got it all planned out.

Not a lot will be expected from Commanders Act customers. However, if you decide to continue using the Transparency and Consent Framework, you must know that consent notices/consent banners will be changing slightly (based on the changes listed in the previous section), and you should therefore be ready for it.

The migration from the TFC v2.2 will take place in September 30, 2023 serving as the hard deadline for the change. You will be must to regenerate your consent banners TCF before this deadline.

Once the migration will be complete, we will recommend that you recollect consent from your customers, as previously collected consent was deemed invalid following the Belgian APD decision. Additionally, you’ll most likely have to reduce your vendor list, and updating mobile SDK versions to get the new TCF various updates will be compulsory.

But don’t worry, we will remind you about this before the deadline.

Conclusion

To conclude, and while it’s important to be aware of the upcoming changes following this important industry decision, the impact on Commanders Act customers should be minimal, and we’re hoping to provide thorough assistance to everyone along the way If you wish to go further, you will be able to verify your TCF compliancy, since IAB Europe has released a new CMP Validator Chrome Extension available here that includes all requirements of TCF v2.2.

IAB TCF v2.2 CMP requirements

The IAB TCF v2.2 has new requirements. This page listing the new elements of the CMP IAB TCF UI standard.

This is an informative page. Almost every listed points above are automatically managed by our Consent Module (only the buttons "accept all" and "refuse all" are not automatically added). Simply follow our Migration guides and to update you banner with these new requirement

1st Layer

The standard text has evolved with more precise list of usage of datas, and the total number of IAB TCF vendors must be displayed

If your banner has a custom text, you can use this function to display the number of vendors on the first layer tC.privacy.getNbIabVendors()

Buttons Accept All/Refuse All are required

The automatic text of Purposes has evolved

There's no more "Legal Description" it is replaced by "Examples"

New TC string special purpose

The TCF will add a new (special) purpose to the classification of purposes in the TCF, informing their users that they are capturing and sharing data subject choices via the TC String. The name of this new special purpose is "Use limited data to select content" (ID 11)

Legitimate interest buttons will be removed on the following Purposes:

purpose 3 (create a personalized ads profile)
purpose 4 (select personalized ads)
purpose 5 (create a personalized content profile)
purpose 6 (select a personalized content profile)

3 major changes for the informations provided by the Vendors

They can provide a cookie policy url in multiple languages (the displayed url will be the same then the browser language)
They must show the data retention period for each purpose
They must show data they will collect

IAB TCF v2.2 Migration guide Web

Step by step guide to remains compliant on the Web for TCF v2.2

Here's the 5 steps to follow to remains compliant with the TCF on your website

Verify/Update your IAB Vendors The Vendors List has evolved, we recommend to verify your IAB Vendors selected. Data Governance > Consent Management > Vendors
Setup an Accept All/Refuse all buttons in your privacy center Sources > Privacy Banners > Edit (select your banner) > Privacy Center tab > Buttons*don't forget to save your changes !
Generate a new version of your Consent banner Sources > Privacy Banners > Edit (select your banner) > Generate*We recommend to check the option 'reactivate the privacy', so all you users will have the new consent string format, including the new purpose and the updated vendors
Generate a new version of the Web Container related to you Consent Banner Sources > Web Containers > Edit (select your container) > Generate
Deploy your latest versions of Web Container and Consent Banner

The deadline to migrate is September 30, 2023

IAB TCF v2.2 Migration guide App

This page is to the attention the customers using the Commanders Act SDK with the IAB Consent Module in their mobile application

Introduction

Here's the 2 steps to follow to remains compliant with the TCF on your mobile application

Requirements To be allowed to migrate on IAB TCF v2.2, your application must use the v5 of our SDKs If you're still using the v4, please refer to the main

Please note: this documentation is a user friendly step by step guide. For technical details please refer to our GitHub and

1-Update the SDK Module

Simply download the latest versions of our TCIAB SDK Modules

2-Update the json files

Upload the latest version to update your offline json's

(required if you're using other languages then EN, this link example is for FR language)
your privacy json file updated (needs to be modified, following the step "Update the content of your privacy json file")

Upload your CDN json file

Your privacy json file updated needs to be uploaded on CDN Commanders Act, please contact your consultant or our support team to upload the latest version of your json on our servers. (the content of this json file needs to be updated, following the next step.)

Update the content of your privacy json file

Verify your vendor list "vendors": "15,48,501,506,520,539,512,895",*if you left the "vendors" empty, it will be considered as ALL vendors by our SDK Pay attention to your Vendor List, some Vendors aren't existing anymore in the GVL v3
Add the new required fields texts -> generic -> "illustationsButton": "illustrations"
texts -> generic -> "dataCategoriesDef" : "Data Categories"

Full json example:

The value {total_number} in the "purposeTitle" is a dynamic field. The total number of your IAB vendors will be displayed here

The deadline to migrate is September 30, 2023

CCPA & Global Privacy control

Introduction to CCPA

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:

The right to know about the personal information a business collects about them and how it is used and shared;
The right to delete personal information collected from them (with some exceptions);
The right to opt-out of the sale or sharing of their personal information; and
The right to non-discrimination for exercising their CCPA rights.

In November of 2020, California voters approved Proposition 24, the CPRA, which amended the CCPA and added new additional privacy protections that began on January 1, 2023. As of January 1, 2023, consumers have new rights in addition to those above, such as:

The right to correct inaccurate personal information that a business has about them; and
The right to limit the use and disclosure of sensitive personal information collected about them.

Businesses that are subject to the CCPA have several responsibilities, including responding to consumer requests to exercise these rights and giving consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.

Changes for CCPA in 2023 due to CPRA

It is required under CPRA to retain a minimum amount of data that is only essential for the organization to fulfill its requirements. In addition, businesses should not keep data for longer than necessary; if they do, a justification must be presented, and they must notify the user. The criteria to Comply with CPRA remained almost the same as in CCPA, but with a slight change:

Businesses should comply if they obtain a revenue of more than $25 million or gain 50% from selling personal data.
Businesses should comply if they process data of more than 100,000 users instead of 50,000.

The California Privacy Protection Agency was created to enforce the CPRA starting July 1, 2023. It is responsible for raising awareness about data privacy and ensuring that consumers’ rights are protected while implementing penalties on non-compliant entities.

For more information, please visit the official CCPA website https://oag.ca.gov/privacy/ccpa

As a Commanders Act customer, what should I'm supposed to do ?

To to be compliant with CCPA, simply follow these steps:

Create a dedicated ccpa banner: use the "footer with privacy center" template
- Add your text about cookies: must list the categories of personal information businesses collect about consumers and the purposes for which they use the categories of information. Don't forget to integrate a link for your cookie policy.
- Add a button with this exact text : “Do Not Sell My Personal Information” This button should Optout the user (value refuse all) or open a privacy center with one category “Personalized advertisement”. Please note: this category is a requirement (must contains all tags that can sell personal information).
- Set your consent duration for at least 12 months
Enable the Global Privacy Control option on your Commanders Act site
Integrate in your website footer a link or a button to manage consent choices example of html code to integrate: <a href="#" onclick="tC.privacyCenter.showPrivacyCenter();return false">privacy center</a>
Update your Privacy Policy: Businesses that sell personal information about California residents, or allow information to be collected on their websites or apps, need to provide information in their privacy policies about that collection or sale. The CA Attorney General has provided draft regulations on how and what information should be included in privacy policies, which you can find here.

What is Global Privacy Control ?

The Global Privacy Control is an initiative aimed at enabling users to easily exercise their privacy preferences across multiple websites and online services. It is designed to give users more control over how their personal information is collected, used, and shared online.

The GPC operates through a browser signal or an HTTP header that users can activate to indicate their privacy preferences. When a user enables the GPC signal in their browser, it sends a request to websites and online services, indicating that the user wishes to opt out of the sale or sharing of their personal information.

For more information, you can visit their website

How to enable the Global Privacy Control ?

Simply follow these 2 easy steps:

1 - Enable on the option Global Privacy Control directly on your CCPA Banner

Sources > Privacy Banners > Settings

2- Regenerate and Deploy your Consent Banner

Sources > Privacy Banners > Generate

Rest data API

GET/PUT Consents / preferences

Get/put user consent stored in DataCommander

User Consents

GET https://api.commander1.com/engage/user/

This endpoint allows you to get categorie's consent for one specific user

Query Parameters

Name

Type

Description

{
    "message": "Person not found"
}

Visitor Consents

GET https://api.commander1.com/v1.0/engage/visitors/

This endpoint allows you to get categorie's consent for one specific visitor

Query Parameters

{
    "user_privacy_optin": 1,
    "user_privacy_categories": [
      "11",
      "12",
      "13"
    ]
}

{
    "user_privacy_optin": 0,
    "user_privacy_categories": []
}

{
    "message": "visitor not found"
}

User

PUT https://api.commander1.com/engage/user/

Insert or update a preference in the database (require to have the DataCommander module activated)

Query Parameters

{"success":true}

Syntax and limitations

The json playload is represented by a key/value for each preference.
Each preference property (key) start with "preferences." followed by the preference name : preferences.your_preference_name
The preference name should not contain white space, dot or special characters. Its format is [A-Za-z0-9_-]
The preference value can contain white space, dot but not special characters.
The API accepts a maximum of 20 preferences

Example Request

PUT

https://api.commander1.com/engage/user/?site=1234&user_id=1234&token=WvNIX8955cnZ7WF0f632s0Wb99Ql3rtA

{
  "preferences": {
    "news_monthly": true,
    "news_sales": true
  }
}

Onsite API

PLATFORM API

IAB TCF V2.0 Consent

Description of how to interact with IAB consent API

If you are using IAB TCF option (see this page to setup IAB TCF on your account), you will be able to use IAB TCF's __tcfapi where your privacy banner is deployed.

That function is defined in your container and in your privacy banner so that you can use it before your privacy banner has finished loading. It is sometimes referred by IAB as the TCF API stub.

IAB TCF consent is encoded in a format called the Consent-String.

How to use the TCF API

The recommended way of getting the value of TCF's consent-string (tcData.tcString in the example below) is by using the addEventListener command.

__tcfapi('addEventListener', 2, function(tcData, success) {
  if(success &&
    (tcData.eventStatus === 'tcloaded' || tcData.eventStatus === 'useractioncomplete')) {

    // do something with tcData.tcString

  } else {

    // do something else

  }
});

Sometimes you do not want to be notified of consent updates. You can achieve this by using the more advanced code below:

__tcfapi('addEventListener', 2, function(tcData, success) {
  if(success &&
    (tcData.eventStatus === 'tcloaded' || tcData.eventStatus === 'useractioncomplete')) {

    // do something with tcData.tcString

    // remove ourselves to not get called more than once
    __tcfapi('removeEventListener', 2, tcData.listenerId);

  } else {

    // do something else

  }
});

Reference: IAB TCF commands

You can use this copy-paste a Consent-String on this page: https://iabtcf.com/#/decode.

Reference: IAB TCF Consent-String format

This an optional extension to IAB TCF. Once setup in TrustCommander Options, an additional addtlConsent property will be available on the tcData object.

__tcfapi('addEventListener', 2, function(tcData, success) {
  if(success &&
    (tcData.eventStatus === 'tcloaded' || tcData.eventStatus === 'useractioncomplete')) {

    // do something with tcData.addtlConsent

  } else {

    // do something else

  }
});

Reference: Google Additional Consent Mode Technical Specification

consent.get

Method to receive TrustCommander consent and consent metadata OnSite via JavaScript.

The Commanders Act OnSite API stub has to be installed before using any of the OnSite API functions.

cact('consent.get', function (result) { ... });

The consent.get method takes one callback JavaScript function as an argument that gets called with the Consent Object that is currently stored on the browser. The callback is called once after TrustCommander JavaScript loaded and validated the stored consent.

The OnSite API works asynchronous. In case you need the consent synchronous (e.g. in the <head> of a document for AB Testing or personalisation solutions) it is recommended to cache the object in the localStorage of the browser. In this case it is crucial to implement the consent.onUpdate method to keep the cached consent in sync.

Examples

In this example the Analytics category was configured with the consent category id 2 in TrustCommander.

cact('consent.get', function (result) {

   const ANALYTICS_ID = 2;
   const analyticsCategory = result.consent.categories[ANALYTICS_ID] || {};
   
   if (analyticsCategory.status === 'on') {
         
      // Consent was provided for the category. 
      
   } else {
      
      // Consent was not provided for the category.
   
   }
        
});

In this example the Analytics category was configured with the consent category id 2 and the vendor Google with vendor id 5 in TrustCommander.

cact('consent.get', function (result) {
   
   const ANALYTICS_ID = 2;
   const analyticsCategory = result.consent.categories[ANALYTICS_ID] || {};

   const GOOGLE_ID = 5;
   const googleVendor = result.consent.vendors[GOOGLE_ID] || {};
   
   if (analyticsCategory.status === 'on' && googleVendor.status === 'on') {
         
      // Consent was provided for the category. 
      
   } else {
      
      // Consent was not provided for the category.
   
   }
        
});

cact('consent.get', function (result) {
   
   if (result.consent.status === 'unset') {
         
      // Consent was not yet provided.
      
   } else {
      
      // Consent was accepted or refused.
   
   }
        
});

cact('consent.get', function (result) {

    const dateExpires = result.meta.dateExpires;
                
});

consent.revoke

Method to revoke TrustCommander consent OnSite via JavaScript.

The Commanders Act OnSite API stub has to be installed before using any of the OnSite API functions.

cact('consent.revoke')

consent.revoke is called with no options and no callback function. It resets the consent, consent id and initiates two consen.onUpdate events, one with the updateEvent set to changed, and a second one set torevoked that allows to perform cleanup tasks like removing cookie identifiers.

IAB TCF V2.0 and Google FAQ

Google is a TCF 2.0 member, and Google Ad Manager (GAM), Adsense, and Admob can use the IAB TCF API to get the user consent status (the TC string) from TrustCommander.

How to enable Google ACM Vendors

To enable Google ACM vendors go to TRUSTCOMMANDER > Options and follow this instruction

Common issues encountered while using the TCF 2 to integrate with Google Advertising Products

GAM's recorded errors

GAM's recorded errors GAM displays an error message in your GAM Console if it is unable to collect a TC string from the CMP:

The specific errors found are detailed in a report, which you can compare to the GAM documentation in the Troubleshooting TCF 2 implementation post.

We've mentioned some of the most common error codes we've seen while integrating with GAM below.

1.x (1.1 or 1.2 or 1.3) : Google is not approved as a vendor regarding consent or legitimate interest. 1.x errors are to be anticipated, it's normal to expect a certain amount of these errors as they mean that the user has refused permission for Google, main Google purposes, or that you have publisher restrictions that prohibit Google from running.

The rate of negative consent for a given website or mobile app should be approximately matched by the 1.x errors.

Checklist for determining why 1.x errors are so common:

Verify that your 1.x errors as a percentage of all ad requests are approximately equal to your negative consent rate (within a 5 points margin). For instance, if TrustCommander reports a 90% consent rate per page view, a typical 1.x error rate is beetween 5% to15%.
Examine whether the IAB TCF 2 was implemented on your website or mobile app prior to September 2020.
Check to see if there are publisher restrictions. If so, make sure they don't affect Google or do so in a way that's compliant with Google's requirements : https://support.google.com/admanager/answer/9805023?hl=en.

Errors are found in the following ways:

1.1 Errors: Google is not permitted as a vendor along with consent or legitimate interest.

1.2 errors: For EEA countries and the UK, there is no consent for Purpose 1. Before determining whether or not the TC string causes an error, Google will always check whether Purpose 1 has permission before determining whether or not Google, as a vendor, is allowed.

Getting Started

Overview on the TrustCommander OnSite API.

The TrustCommander OnSite API is used to interact with TrustCommander with JavaScript. It currently only offers methods to receive and update consent, but it will be improved with additional methods in the future.

API Stub

It is necessary to install a JavaScript stub before any of the OnSite API methods can be used. The stub is used to buffer all methods in a JavaScript array until TrustCommander JavaScript is loaded and ready to process the methods. This allows to use the OnSite API before TrustCommander JavaScript was loaded.

window.caReady = window.caReady || []; 
window.cact = function() { window.caReady.push(arguments); };

window.caReady is a JavaScript array that buffers the interactions with the API. window.cact is a JavaScript function used to interact with the OnSite API.

In case you work in a big team and are unsure the stub was already installed it is ok to install the JavaScript stub multiple times.

Methods

After installing the stub it is then possible to use any of the OnSite API methods via the window.cact function.

The available methods are listed on the documentation under ONSITE API.

Each method follows a strict signature:

cact(command, [options,] [callback])

Below you will find an example method that is used to receive the TrustCommander consent with the OnSite API. This example only provides a callback to receive the consent without providing any options.

cact('consent.get', function (result) {
    
    if (result.consent.status === "all-on") {
        
        // Consent available for all categories.
        
    }
    
});

The OnSite API methods are called asynchronously. In case e.g. you need information synchronous in the <head> of the document it is recommended to cache and retrieve the result of the API in localStorage.

Get statistics

Get data from the consent dashboard (aggregated data)

Get Statistics

GET https://api-internal.commander1.com/v2/{siteId}/privacy/statistics

This endpoint allows you to get the data from the consent dashboard on a specific date range

Path Parameters

Name

Type

Description

Query Parameters

Name

Type

Description

How to get the token

For each API, you'll have to ask a token to your account manager or support team.

How to use additional parameters

Device filters&filter[sup_filters][device][]=2&filter[sup_filters][device][]=3&filter[sup_filters][device][]=0 1 = Mobile 2 = Tablet 3 = Desktop 0 = Others (in the example above, mobile device is excluded) Location filters &filter[sup_filters][location][]=0 1 = EU 0 = Out of EU (in the example above, EU user's location is excluded)

Result example

{
    "data": [
        {
            "type": "privacy/statistic",
            "id": "1",
            "attributes": {
                "nb_banner_views": 198,
                "nb_banner_clicks_button": 32,
                "nb_optin": 34,
                "nb_optin_all": 33,
                "nb_optin_all_on_click_banner": 23,
                "nb_banner_clicks_links_not_PC": 1,
                "nb_PC_views": 1,
                "nb_optin_all_on_browsing": 10,
                "optin_rate": 0.1717171717171717,
                "optout_rate": 0,
                "nb_optin_category_1": 35,
                "optin_rate_category_1": 0.17676767676767677,
                "nb_optin_category_2": 35,
                "optin_rate_category_2": 0.17676767676767677,
                "nb_optin_category_3": 35,
                "optin_rate_category_3": 0.17676767676767677,
                "nb_optin_category_4": 35,
                "optin_rate_category_4": 0.17676767676767677,
                "nb_optin_category_5": 14,
                "optin_rate_category_5": 0.0707070707070707,
                "nb_optin_category_10001": 7,
                "optin_rate_category_10001": 0.03535353535353535,
                "nb_optin_category_10003": 7,
                "optin_rate_category_10003": 0.03535353535353535,
                "nb_optin_category_10005": 7,
                "optin_rate_category_10005": 0.03535353535353535,
                "nb_optin_category_10007": 7,
                "optin_rate_category_10007": 0.03535353535353535,
                "nb_optin_category_10009": 7,
                "optin_rate_category_10009": 0.03535353535353535,
                "nb_optin_category_10011": 7,
                "optin_rate_category_10011": 0.03535353535353535,
                "nb_optin_category_10013": 7,
                "optin_rate_category_10013": 0.03535353535353535,
                "nb_optin_category_10015": 7,
                "optin_rate_category_10015": 0.03535353535353535,
                "nb_optin_category_10017": 7,
                "optin_rate_category_10017": 0.03535353535353535,
                "nb_optin_category_10019": 7,
                "optin_rate_category_10019": 0.03535353535353535,
                "nb_optin_category_13001": 7,
                "optin_rate_category_13001": 0.03535353535353535,
                "nb_optin_category_13003": 7,
                "optin_rate_category_13003": 0.03535353535353535
            }
        },
        {
            "type": "privacy/statistic",
            "id": "20",
            "attributes": {
                "nb_PC_views": 1,
                "optin_rate": 0,
                "optout_rate": 0
            }
        }
    ]
}

{
    "errors": [
        {
            "status": 401,
            "title": "Unauthenticated.",
            "detail": "The access token provided is expired, revoked, malformed, or invalid.",
            "context": []
        }
    ]
}

cact('consent.onReady', function (result) { 
    
    const ANALYTICS_ID = 2;
    const analyticsCategory = result.consent.categories[ANALYTICS_ID] || {};
     
    if (analyticsCategory.status === 'on') {
    
        // Consent was provided for the category. 
    
    } else {
        
        // Consent was not provided for the category. 
           
    }
    
});

cact('consent.onUpdate', function (result) { 
    
    const ANALYTICS_ID = 2;
    const analyticsCategory = result.consent.categories[ANALYTICS_ID] || {};
     
    if (analyticsCategory.status === 'on') {
    
        // Consent was provided for the category. 
    
    } else {
        
        // Consent was not provided for the category. 
           
    }
    
});

cact('consent.onUpdate', function (result) { 

    const ANALYTICS_ID = 2;
    const analyticsCategory = result.consent.categories[ANALYTICS_ID] || {};

    if (result.updateEvent === "changed" && analyticsCategory.status === 'on') {
    
        // Consent was provided for the category during an update.
    
    } 
    
});

https://api-internal.commander1.com/v2/siteId/privacy/statistics?token=XXXXXX&filter%5Bbegin_date%5D=YYYY-MM-DD&filter%5Bend_date%5D=YYYY-MM-DD&filter%5Bsup_filters%5D%5Bdevice%5D%5B%5D=1&filter%5Bsup_filters%5D%5Blocation%5D%5B%5D=0&filter%5Bsup_filters%5D%5Blocation%5D%5B%5D=1

{
    "data": [{
        "type": "privacy\/statistic",
        "id": "2",
        "attributes": {
            "nb_visitors_exposed_to_privacy": 11448,
            "nb_banner_views": 11445,
            "nb_banner_clicks_button": 10478,
            "nb_PC_views": 1863,
            "nb_PC_vendor_views": 100,
            "nb_PC_clicks_save": 1089,
            "nb_optin_PC_save": 373,
            "nb_optin": 8724,
            "nb_explicit_optin": 8776,
            "nb_optout": 2769,
            "nb_optout_on_click_banner": 2075,
            "optin_rate": 0.7620545073375262,
            "optout_rate": 0.2418763102725367,
            "nb_optin_category_1": 8718,
            "optin_rate_category_1": 0.7615303983228512,
            "nb_optin_category_3": 8708,
            "optin_rate_category_3": 0.7606568832983928,
            "nb_optin_category_5": 8708,
            "optin_rate_category_5": 0.7606568832983928
           
        }
    }, {
        "type": "privacy\/statistic",
        "id": "4",
        "attributes": {
            "nb_visitors_exposed_to_privacy": 17623,
            "nb_banner_views": 17618,
            "nb_banner_clicks_button": 15029,
            "nb_PC_views": 2377,
            "nb_PC_vendor_views": 465,
            "nb_PC_clicks_save": 1917,
            "nb_optin_PC_save": 713,
            "nb_optin": 13280,
            "nb_explicit_optin": 13460,
            "nb_optout": 3484,
            "nb_optout_on_click_banner": 2282,
            "optin_rate": 0.7535606877376156,
            "optout_rate": 0.19769619247574194,
            "nb_optin_category_1": 13331,
            "optin_rate_category_1": 0.7564546331498609,
            "nb_optin_category_3": 13318,
            "optin_rate_category_3": 0.7557169607898768,
            "nb_optin_category_5": 13302,
            "optin_rate_category_5": 0.7548090563468195,
            "nb_optin_category_7": 13303,
            "optin_rate_category_7": 0.7548658003745106,
            "nb_optin_category_9": 13308,
            "optin_rate_category_9": 0.755149520512966
        }
    }]
}

consent.update

Method to update TrustCommander consent OnSite via JavaScript.

The Commanders Act OnSite API stub has to be installed before using any of the OnSite API functions.

cact('consent.update', consentObject)

The consent.update method allows to update the consent with JavaScript. It has to be called with a Consent Object that includes the updated settings. TrustCommander will deep merge the status fields of the current Consent Object with the provided object and automatically update all meta properties and the consent.status property automatically. In case a consent.status field is provided with value all-on, all-off or unset all other updates are ignored and all categories and vendor settings will be set to on, off or unset accordingly.

All unconfigured categories and vendors are ignored when deep-merging the consent objects.

Examples

Update categories and vendors

cact('consent.update', {
    categories: {
        '2': { status: 'on' }
    },
    vendors: {
        '1': { status: 'on' }
    }
});

Below you can see how the Consent Object is affected by this update.

/* Consent Object Before Update
{
    meta: { ... },
    consent: {
        status: "mixed",
        categories: {
            "1": { status: "on" },
            "2": { status: "off" }
        },
        vendors: {
            "1": { status: "off" },
            "2": { status: "on"}
        }     
    }
}
*/

// Update
cact('consent.update', {
    categories: {
        '2': { status: 'on' }
    },
    vendors: {
        '1': { status: 'on' }
    }
});

/* Consent Object After Update
{
    meta: { ... }, // automatically updated
    consent: {
        status: "all-on", // automatically updated
        categories: {
            "1": { status: "on" },
            "2": { status: "on" } // updated
        },
        vendors: {
            "1": { status: "on" }, // updated
            "2": { status: "on"}
        }     
    }
}
*/

Update IAB TCF/ACM categories and vendors

cact('consent.update', {
    categories: {
        '1': { // non-IAB category
            status: 'on' 
        },
        'tcf2_1': { // TCF purpose 1
            status: 'on' // no legintStatus for purpose 1
        },
        'tcf2_2': { // TCF purpose 2
            status: 'off',
            legIntStatus: 'on'
        },
        'tcf2_sf_1': { // TCF special feature 1
            status: 'on'
        }
    },
    vendors: {
        'tcf2_1': { // TCF vendor 1
            status: 'on',
            legIntStatus: 'off'
        },
        'tcf2_2': { // TCF vendor 2
            status: 'on',
            legIntStatus: 'on'
        },
        'acm_1': { // ACM vendor 1
            status: 'on'
        }
    }
});

Accept all categories and vendors

cact('consent.update', { 
    status: 'all-on'
});

Specifying a category or vendor will not have any effect.

cact('consent.update', { 
    status: 'all-on', 
    categories: {
        '2': { status: 'unset' } // ignored as global status is specified
    }
});

Below you can see how the Consent Object is affected by this update.

/* Consent Object Before Update
{
    meta: { ... },
    consent: {
        status: "unset",
        categories: {
            "1": { status: "unset" },
            "2": { status: "unset" }
        },
        vendors: {
            "1": { status: "unset" },
            "2": { status: "unset"}
        }     
    }
}
*/

// Update Method
cact('consent.update', { 
    status: 'all-on'
});

/* Consent Object After Update
{
    meta: { ... }, // automatically updated
    consent: {
        status: "all-on",
        categories: {
            "1": { status: "on" }, // automatically updated
            "2": { status: "on" } // automatically updated
        },
        vendors: {
            "1": { status: "on" }, // automatically updated
            "2": { status: "on"} // automatically updated
        }     
    }
}
*/

Refuse all categories and vendors

cact('consent.update', { 
    status: 'all-off'
});

Specifying a category or vendor will not have any effect.

cact('consent.update', { 
    status: 'all-off', 
    categories: {
        '2': { status: 'on' } // ignored as global status is specified
    }
});

Below you can see how the Consent Object is affected by this update. Note: required categories are not affected.

/* Consent Object Before Update
{
    meta: { ... },
    consent: {
        status: "mixed",
        categories: {
            "1": { status: "on" },
            "2": { status: "off" },
            "3": { status: "on", required: true }
        },
        vendors: {
            "1": { status: "on" },
            "2": { status: "on"}
        }     
    }
}
*/

// Update Method
cact('consent.update', { 
    status: 'all-off'
});

/* Consent Object After Update
{
    meta: { ... }, // automatically updated
    consent: {
        status: "all-off",
        categories: {
            "1": { status: "off" }, // automatically updated
            "2": { status: "off" }, // automatically updated
            "3": { status: "on", required: true } // unchanged
        },
        vendors: {
            "1": { status: "off" }, // automatically updated
            "2": { status: "off"} // automatically updated
        }     
    }
}
*/

Specify update action

You can specify an action inside the update parameters:

cact('consent.update', {
    action: 'banner_button',
    categories: {
        '2': { status: 'on' }
    },
    vendors: {
        '1': { status: 'on' }
    }
});