editing pass, adding npm/snippet instructions

Author: forstisabella

src/privacy/configure-consent-management.md

@@ -3,45 +3,138 @@ title: Configure Consent Management
 ---
 > info "Consent Management is currently in private beta"
 > This means that the Consent Management features are in active development, and some functionality may change before it becomes generally available. [Contact Segment](https://segment.com/help/contact/){:target="_blank"} with any feedback or questions.
->
-> During the private beta, Consent Management only supports website sources and event streaming destinations. All other sources and destinations are not impacted.
 
-After setting up a third-party consent management platform (CMP,) you can enforce the consent collected from your users by configuring consent categories in your your Segment workspace and adding the [consent object](/docs/privacy/consent-management/#consent-object) to your web libraries. After you've configured consent in the Segment app, your events will be routed only to those streaming destinations consented to by your users.
-
-<!--- note to include: how to find your category ID in tools other than onetrust-->
-<!--- Folks need to do some prereq setup, there are two docs - read through and setup ourselves before including information -->
+After setting up a third-party consent management platform (CMP), you can enforce the consent collected from your users by configuring consent categories in your your Segment workspace and adding the [consent object](/docs/privacy/consent-management/#consent-object) to your web libraries. After you've configured consent in the Segment app, your events are routed only to destinations consented to by your users.
 
 ## Prerequisites
 
 Before you can configure consent in Segment, take the following steps:
-- **Access your consent management tool and set up consent categories**. You need a list of your consent categories and the key or ID associated with each topic.
-- **Know how your company maps each destination**. You need to know which destinations map to which categories. 
-- **Update your web libraries with the consent object**. You need access to your web libraries so you can include the consent object in every event.
+- **Set up your third-party consent management tool and create consent categories**. Take note of your consent categories and the key or ID associated with each topic.
+- **Know how your company uses each destination**. You need to know which destinations to map to each category. 
+- **A way to update your web libraries with the consent object**. After you set up consent categories in the Segment app, you need to add the Analytics.js snippet to your web libraries so that Segment can receive your end users' preferences. 
 
-## Step 1: Create consent categories
+## Step 1: Add the analytics-consent-tools package to Analytics.js
 
-<!-- Add note that category ID is case sensitive--->
+Before you can create consent categories in the Segment app, you must add the consent tools to your Analytics.js library. For more information about Analytics.js, see the [Analytics.js documentation](/docs/connections/sources/catalog/libraries/website/javascript/).
 
-1. From the [Segment homepage](https://app.segment.com/goto-my-workspace/){:target="_blank”}, select the Privacy tab and click **Consent Management**.
-2. On the Consent management page, click **Get started**.
-3. 
+Install the `analytics-consent-tools` using either a [snippet](#snippet-users) or [npm](#npm-library-users).
+
+### Snippet users (window.analytics)
+
+To install the package, run the following code in your project:
+
+```ts
+// wrapper.js
+import { createWrapper, resolveWhen } from '@segment/analytics-consent-tools'
+
+export const withCMP = createWrapper({
+  shouldLoad: (ctx) => {
+    await resolveWhen(() => 
+      window.CMP !== undefined && !window.CMP.popUpVisible(), 500)
+
+    if (noConsentNeeded) {
+      ctx.abort({ loadSegmentNormally: true })
+    } else if (allTrackingDisabled) {
+      ctx.abort({ loadSegmentNormally: false })
+    }
+  },
+  getCategories: () => { 
+    // e.g. { Advertising: true, Functional: false }
+    return normalizeCategories(window.CMP.consentedCategories()) 
+  }
+})
+```
+
+### npm library users
+
+To install the package using npm, run the following code in your project:
+
+```ts
+import { withCMP } from './wrapper'
+import { AnalyticsBrowser } from '@segment/analytics-next'
+
+export const analytics = new AnalyticsBrowser()
+
+withCmp(analytics)
+
+analytics.load({
+  writeKey: '<MY_WRITE_KEY'>
+})
+```
+
+### Install the OneTrust consent wrapper
+
+If you're using OneTrust, you can install the OneTrust consent wrapper using a [snippet](#for-snippet-users-windowanalytics) or [npm](#for-npm-library-users). 
+
+#### For snippet users (window.analytics)
+Use the following initialization code: 
+```ts
+import { oneTrust } from '@segment/analytics-consent-wrapper-onetrust'
+
+
+// snippet users
+oneTrust(window.analytics)
+window.analytics.load('<WRITE_KEY>')
+```
+
+Delete the `analytics.load()` line from the snippet
 
+```diff
+- analytics.load("<MY_WRITE_KEY>");
+```
 
-## Step 2: Map destinations to consent categories
+<!---Ask what the preceding step means in context--->
+
+
+#### For npm library users
+
+```ts
+import { oneTrust } from '@segment/analytics-consent-wrapper-onetrust'
+import { AnalyticsBrowser } from '@segment/analytics-next'
+
+export const analytics = new AnalyticsBrowser()
+
+oneTrust(analytics)
+
+analytics.load({ writeKey: '<MY_WRITE_KEY'> })
+```
+
+
+## Step 2: Create consent categories in the Segment app
+
+> info "Limited availability of sources and destinations during private beta"
+> During the private beta, you can send events from web sources to consent categories. Enforcement of consent preferences is only available for event streaming destinations, webhooks, and functions. All other sources and destinations are not impacted by consent mappings.
+
+1. From the [Segment homepage](https://app.segment.com/goto-my-workspace/){:target="_blank”}, select the Privacy tab and click **Consent Management**.
+2. On the Consent management page, click **Create categories**.
+3. Confirm that you have completed the required prerequisites, and click **Next**.
+4. On the Create consent categories page, add the following information to the category form:
+  - **Category name**: Enter a name that describes your use case for the data sent to this destination
+  - **Category ID**: In OneTrust, this is a string of up to five alphanumeric characters. Other CMPs may have a different format. This field is case sensitive.
+  - **Mapped destinations**: Select one or more of your destinations to map to this category.
+  <br/><br/>**Optional**: Click **Add category** to create another category. You can map one destination to multiple categories.
+5. Once you have finished setting up your category or categories, click **Save**.
 
-<br/>
 > warning "Segment recommends mapping all destinations to a category"
-> Any destination that doesn't have a mapping won't receive events with a consent object. 
+> For more fine-grained control of your end user consent, Segment recommends that you map all destinations to a consent category. 
+> 
+> Any destinations without a mapping will receive all events containing a consent object. 
 
 
 ## Step 3: Add the consent object to your web libraries
 
-
 > error "After adding the consent object to your events, your data is immediately impacted"
 > If you disable a consent category, events are not sent to mapped destinations.
 >  
-> If a destination is mapped to multiple categories, and the end user has conflicting preferences, data will be sent to the destination.
-> 
-> If Segment receives an API call with both an integrations object and a consent object, the consent object takes preference.
+> If a destination is mapped to multiple categories and the end user has conflicting preferences, data will not be sent to the destination.
 
-## Ingesting consent data
+1. 
+
+## Editing consent categories
+
+If you need to make changes to your consent categories, you can edit them on the Consent Management page. 
+
+1. From the [Segment homepage](https://app.segment.com/goto-my-workspace/){:target="_blank”}, select the Privacy tab and click **Consent Management**.
+2. On the Consent Management page, navigate to the consent category you'd like to edit and click **Edit**.
+3. On the Edit consent category page, you can make changes to the consent category name, ID, and the destinations connected to a category.
+4. When you have made your changes, click **Save**. 

src/privacy/consent-management.md

@@ -7,30 +7,26 @@ related:
 > info "Consent Management is currently in private beta"
 > This means that the Consent Management features are in active development, and some functionality may change before it becomes generally available. [Contact Segment](https://segment.com/help/contact/){:target="_blank"} with any feedback or questions.
 
-Segment works with your third-party consent management platform (CMP) to capture the categories consented to by an end user and route events to the streaming destinations in the categories consented to by a user. 
-
-![Diagram outlining information flowing from an end user to Segment destinations](/docs/privacy/images/consent-overview.png)
-
 When an end user visits your site, they set **consent preferences**, or make decisions about the types of data they want you to collect, use, and share. These consent preferences are typically presented as a set list of categories that describe how your company intends to use that data. Common categories include personalization, advertising, and site performance.
 
-Segment captures and then enforces an end user's consent preferences. To collect your users' preferences, you must use a third-party CMP like OneTrust.
+Segment works with your third-party consent management platform (CMP) or bespoke consent solution to capture an end user's consent preferences and enforce those preferences by routing events to the categories consented to by an end user. 
+
+![Diagram outlining information flowing from an end user to Segment destinations](/docs/privacy/images/consent-overview.png)
 
-After a user sets their consent preferences, Segment updates the [consent object](#consent-object) with that information. The events are then sent downstream to any streaming destinations in categories that a user consented to share data with.
+After a user sets their consent preferences, Segment captures them with the [Analytics.js Consent Tools wrapper](https://github.com/segmentio/analytics-next/tree/master/packages/consent/consent-tools) and updates the [consent object](#consent-object). The events are then sent downstream to any streaming destinations in categories that a user consented to share data with.
 
 > success ""
 > Segment collects consent for both registered users and anonymous users.
 
-If a user changes the categories they consent to or if they consent using a different device or identifier, any new events will contain the updated consent information. 
-
-<!--- rewrite above sentence. Also need to note that they need to make these changes available to Segment, new events are generated that will send updated consent--->
+If a user changes the categories they consent to or if they consent using a different device or identifier, any events they generate after updating their consent preferences will contain the updated consent information. 
 
-For example: 
+For example, if a user agreed to share their information with you for functional and advertising purposes, but not for analytics or data sharing, a [Track call](/docs/connections/spec/track/) demonstrating their new consent preferences would have the following format:
 
 ``` json
 {
   "anonymousId": "23adfd82-aa0f-45a7-a756-24f2a7a4c895",
   "type": "track",
-  "event": "Consent Change",
+  "event": "Segment Consent Preference",
   "userId": "u123",
   "traits": {
      "email": "[email protected]",
@@ -39,7 +35,7 @@ For example:
   "timestamp": "2023-01-01T00:00:00.000Z",
   "context": {
     "consent": {
-      "categoryPreferences" : {
+      "consentPreferences" : {
    "Advertising": true,
    "Analytics": false,
    "Functional": true,
@@ -50,21 +46,18 @@ For example:
 }
 ```
 
-<!--- UNHIDE DURING PUBLIC BETA: Segment sends the information about their consent, using a [Track call](/docs/connections/spec/track), to your downstream destinations and storage destinations.
-
-This will be added to the profile and used in Engage for auditing purposes. Every message is stamped with preferences.
-
-If a **consent conflict** exists (for example, one user on two different devices consented to two different categories), Segment resolves the conflict according to the [Reconcile Consent]() documentation. --->
-
-Consent information and a consent conflict flag are visible as traits on a user's profile in Unify.
+> info "Segment Consent Preference is a reserved event name"
+> Segment has standardized a series of reserved event names that have special semantic meaning and maps these events to tools that support them. 
+>
+> See the [Semantic Events](/docs/connections/spec/semantic/) docs for more details.
 
 ## Consent object
 
 Segment requires every event from all of your sources to include the end-user consent preferences, captured by your consent management tools or your application logic, in the form of the **consent object**. The consent object is a JSON object with the following format:
 
 ```json
 {
-  "categoryPreferences" : {
+  "consentPreferences" : {
     "Advertising": true,
     "Analytics": false,
     "Functional": true,
@@ -74,4 +67,24 @@ Segment requires every event from all of your sources to include the end-user co
 
 ```
 
-To learn more about configuring consent management in your workspace, see the [Configure Consent Management docs](/docs/src/privacy/configure-consent-management).
+The consent information and a consent conflict flag are visible as traits on a user's profile in Unify.
+
+### Reconcile consent object and integrations object conflicts
+
+You can add both the integrations object and the consent object to your Segment payloads for greater control over how Segment routes data to your downstream destinations. 
+
+> success " "
+> For more information about the Integrations object, please see [Filtering your Segment Data](/docs/guides/filtering-data/#filtering-with-the-integrations-object).
+
+If the consent object and integrations object have conflicting destination information, Segment routes data according to the following table:
+
+| Consent Object                                                                                                  | Integration Object                          | Result |
+| --------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | ------ |
+| Not provided or empty object                                                                                    | Not provided or empty object                | Message delivered to all enabled destinations |
+| Not provided or empty object                                                                                    | `{facebook: true,`<br>`amplitude: false}`   | Message and metadata delivered to Facebook |
+| `{ad: true,` <br>`analytics: false}`<br> <br>//ad = facebook, google ads                                        | Not provided or empty object                | Message delivered to the destinations mapped to the consented category. In this case, the message would be delivered to the Ad category (Facebook and Google Ads). No data is delivered to destinations mapped to the analytics category. |
+| `{ad: true,` <br>`analytics: false}`<br> <br>//ad = facebook, google ads                                        | `{facebook: true,`<br>`amplitude: false}`   | Message delivered to all ad destinations even though google-ads is not provided in the integrations object. Use metadata if provided for Facebook (the current behavior). No data is delivered to analytics destinations. |
+| `{ad: true,` <br>`analytics: false}`<br> <br>//ad = facebook, google ads                                        | `{facebook: false,`<br>`amplitude: false}`  | Message delivered to all ad destinations (Google Ads) but NOT to Facebook. <br> No data delivered to analytics destinations |
+| `{ad: true,` <br>`analytics: false}`<br> <br>//ad = facebook, google ads<br> //analytics = facebook, snowflake |  `{facebook: false,`<br>`amplitude: false}` | Message delivered to all ad destinations (even though Facebook belongs to analytics and user is not consenting to analytics.) Use metadata if provided for Facebook (current behavior)<br>No data delivered to analytics destinations (Snowflake) |
+
+To learn more about configuring consent management categories in your workspace, see the [Configure Consent Management documentation](/docs/src/privacy/configure-consent-management).