Merge pull request #5013 from segmentio/consent-management-private-beta

Consent management private beta

Author: forstisabella

src/connections/delivery-overview.md

@@ -23,7 +23,7 @@ The pipeline view shows the following steps:
 - **Successfully received**: Events that Segment ingested from your source
 - **Failed on ingest**: Events that Segment received, but were dropped due to internal data validation rules
 - **Filtered at source**: Events that were discarded due to schema settings or [Protocols](/docs/protocols/) tracking plans
-- **Filtered at destination**: Events that were discarded due to [Destination Filters](/docs/guides/filtering-data/#destination-filters), [filtering in the Integrations object](/docs/guides/filtering-data/#filtering-with-the-integrations-object), or [per source schema integration filters](/docs/guides/filtering-data/#per-source-schema-integrations-filters). Actions destinations also have a filtering capability: for example, if your action is set to only send Identify events, all other event types will be filtered out.
+- **Filtered at destination**: Events that were discarded due to [Destination Filters](/docs/guides/filtering-data/#destination-filters), [filtering in the Integrations object](/docs/guides/filtering-data/#filtering-with-the-integrations-object), or [per source schema integration filters](/docs/guides/filtering-data/#per-source-schema-integrations-filters). Actions destinations also have a filtering capability: for example, if your action is set to only send Identify events, all other event types will be filtered out. <!--- Beta users of [Consent Management](/docs/privacy/consent-management/) also see events discarded due to consent preferences.--->
 - **Failed delivery**: Events that have been discarded due to errors or unmet destination requirements
 - **Successful delivery**: Events that were successfully delivered to the destination
 

src/privacy/configure-consent-management.md

@@ -0,0 +1,104 @@
+---
+title: Configure Consent Management
+hidden: true
+---
+> info "Consent Management is in private beta"
+> This means that Consent Management features are in active development, and some functionality may change before it becomes generally available. [Contact Segment](https://segment.com/help/contact/){:target="_blank"} with any feedback or questions.
+
+After setting up a third-party consent management platform (CMP), you can enforce the consent collected from your users by configuring consent categories in your your Segment workspace and adding the [consent object](/docs/privacy/consent-management/#consent-object) to your web libraries. 
+
+Once you've configured consent in the Segment app, your events are routed only to the categories your end users consented to share data with.
+
+## Prerequisites
+
+> info "Consent management edit and update capabilities limited to Workspace Owners"
+> Only users with the Workspace Owner role are able to create, edit, and disable consent categories. All other users have read-only access to Consent Management features. 
+
+Before you can configure consent in Segment, take the following steps:
+- **Set up your third-party consent management tool and create consent categories**. Take note of your consent categories and the key or ID associated with each category.
+- **Know how your company uses each destination**. You need to know which destinations to map to each category. 
+- **Access to your web libraries**. After you set up consent categories in the Segment app, you need to add a wrapper to your Analytics.js snippet so that Segment can receive your end users' preferences. Segment provides a [wrapper for OneTrust](#step-2-add-the-consent-wrapper-to-analyticsjs), or if you're using a different CMP, you can create your own wrapper using the [instructions provided in the analytics-next repository](https://github.com/segmentio/analytics-next/tree/master/packages/consent/consent-tools){:target="_blank”}. 
+
+## Step 1: Create consent categories in the Segment app
+
+> info "Limited availability of sources and destinations during private beta"
+> During private beta, you can send events from web sources to consent categories. Enforcement of consent preferences is only available for event streaming destinations, webhooks, and functions. You can map one event streaming destination, webhook, or function to multiple consent categories. All other source and destination types are not impacted by consent mappings.
+>
+> Storage, RETL, and Engage destinations do not enforce consent preferences. 
+
+1. From the [Segment homepage](https://app.segment.com/goto-my-workspace/){:target="_blank”}, select the Privacy tab and click **Consent Management**.
+2. On the Consent management page, click **Create categories**.
+3. Confirm that you have completed the required prerequisites, and click **Next**.
+4. On the Create consent categories page, add the following information to the category form:
+  - **Category name**: Enter a name that describes your use case for the data sent to this destination. This field only accepts category names that are 20 characters or less.
+  - **Category ID**: In OneTrust, this is a string of up to five alphanumeric characters, but other CMPs may have a different format. This field is case sensitive.
+  - **Mapped destinations**: Select one or more of your destinations to map to this category. Category mappings apply to all instances of a destination. 
+  <br/><br/>**Optional**: Click **Add category** to create another category.
+5. Once you've finished setting up your category or categories, click **Save**.
+
+> warning "Segment recommends mapping all destinations to a category"
+> Segment assumes all destinations without a mapping do not require user consent and will receive all events containing a consent object. 
+
+## Step 2: Add the consent wrapper to Analytics.js
+
+If you're using OneTrust as your CMP, you can install the OneTrust integration consent wrapper (`@segment/analytics-wrapper-onetrust`) using a [snippet](#onetrust-for-snippet-users-windowanalytics) or [npm](#onetrust-for-npm-library-users).
+
+If you have a CMP other than OneTrust, you can install the `@segment/analytics-consent-tools` package using the [instructions in the analytics-next repository](https://github.com/segmentio/analytics-next/tree/master/packages/consent/consent-tools){:target="_blank”}. 
+
+> error "After adding the consent object to your events, your data is immediately impacted"
+> If you disable a consent category, end user consent preferences for that category will not be enforced.
+>  
+> If a destination is mapped to more than one other consent category, and an end user's consent preferences is "false" for either category, data will not get sent.
+>
+> If an event includes both an integrations object and a consent object, Segment will look at the consent object first, and then take into account the integrations object.
+
+### OneTrust for snippet users (window.analytics)
+Delete the `analytics.load()` line from the snippet in the header of your website:
+
+```diff
+- analytics.load("<MY_WRITE_KEY>");
+```
+
+Run the following initialization code in your project, replacing `<MY_WRITE_KEY>` with your write key:<sup>1</sup> 
+```ts
+import { oneTrust } from '@segment/analytics-consent-wrapper-onetrust'
+
+
+// snippet users
+oneTrust(window.analytics)
+window.analytics.load('<WRITE_KEY>')
+```
+
+### OneTrust for npm library users
+
+Initialize the OneTrust wrapper by running the following code on your command line, replacing `<MY_WRITE_KEY>` with your write key:<sup>1</sup> 
+
+```ts
+import { oneTrust } from '@segment/analytics-consent-wrapper-onetrust'
+import { AnalyticsBrowser } from '@segment/analytics-next'
+
+export const analytics = new AnalyticsBrowser()
+
+oneTrust(analytics)
+
+analytics.load({ writeKey: '<MY_WRITE_KEY'> })
+```
+
+<sup>1</sup>: You can find your write key by navigating to Connections > Sources > [Source Name] > Settings.
+
+## Edit consent categories
+
+If you need to make changes to your consent categories, you can edit them on the Consent Management page. You may experience some latency between making the changes and having the changes take effect.
+
+1. From the [Segment homepage](https://app.segment.com/goto-my-workspace/){:target="_blank”}, select the Privacy tab and click **Consent Management**.
+2. On the Consent Management page, navigate to the consent category you'd like to edit and click **Edit**.
+3. On the Edit consent category page, you can make changes to the consent category name, ID, and the destinations connected to a category.
+4. When you've made your changes, click **Save**.
+
+## Disable consent categories
+
+Disabling a consent category means that Segment no longer enforces end user consent preferences for the destinations in the disabled category. Other consent categories aren't affected.  
+
+1. From the [Segment homepage](https://app.segment.com/goto-my-workspace/){:target="_blank”}, select the Privacy tab and click **Consent Management**.
+2. On the Consent Management page, disable the toggle for the category you'd like to disable. 
+3. On the "Disable [category-name]?" popup, enter the category name in the Consent category name field and click **Disable category**.

src/privacy/consent-management.md

@@ -0,0 +1,135 @@
+---
+title: Consent Management Overview
+hidden: true
+related:
+  - "/privacy/account-deletion/"
+  - "/privacy/complying-with-the-gdpr/"
+---
+> info "Consent Management is in private beta"
+> This means that Consent Management features are in active development, and some functionality may change before it becomes generally available. [Contact Segment](https://segment.com/help/contact/){:target="_blank"} with any feedback or questions.
+
+When an end user visits your site, they set **consent preferences**, or make decisions about the types of data they want you to collect, use, and share. These consent preferences are typically presented as a set list of categories that describe how your company intends to use that data. Common categories include personalization, advertising, and site performance.
+
+Segment works with your third-party consent management platform (CMP) or bespoke consent solution to capture an end user's consent preferences and enforce those preferences by only routing events to the categories consented to by an end user. 
+
+![Diagram outlining information flowing from an end user to Segment destinations](/docs/privacy/images/consent-overview.png)
+
+After a user sets their consent preferences, Segment captures them with the [Analytics.js Consent Tools wrapper](https://github.com/segmentio/analytics-next/tree/master/packages/consent/consent-tools) and updates the [consent object](#consent-object). The events are then sent downstream to any streaming destinations in categories that a user consented to share data with.
+
+> info ""
+> Segment collects consent for both registered users and anonymous users.
+
+## Enforce consent
+Segment routes events with a consent object to the destinations in categories consented to by a user and to destinations that do not have a consent category.
+
+If an end user changes the categories they consent to (or if they consent using a different device or identifier,) any events they generate after updating their consent preferences will contain the updated consent information. Segment only sends events to the destinations in the categories that are currently consented to.
+
+> warning "Segment recommends mapping all destinations to a category"
+> Segment assumes any destinations without a mapping do not require user consent and will receive all events containing a consent object. 
+
+
+<!--- out of scope for Q2: For example, if a user agreed to share their information with you for all categories on their first visit to your site, and then on their next visit to the site only consented to sharing data for functional and advertising purposes but not for analytics or data sharing, a [Track call](/docs/connections/spec/track/) demonstrating their new consent preferences would have the following format:
+
+``` json
+{
+  "anonymousId": "23adfd82-aa0f-45a7-a756-24f2a7a4c895",
+  "type": "track",
+  "event": "Segment Consent Preference",
+  "userId": "u123",
+  "traits": {
+     "email": "[email protected]",
+     "phone": "555-555-5555",
+  }
+  "timestamp": "2023-01-01T00:00:00.000Z",
+  "context": {
+    "consent": {
+      "consentPreferences" : {
+   "Advertising": true,
+   "Analytics": false,
+   "Functional": true,
+   "DataSharing": false
+}
+    }
+  }
+}
+```
+
+> info "Segment Consent Preference is a reserved event name"
+> Segment has standardized a series of reserved event names that have special semantic meaning and maps these events to tools that support them. 
+>
+> See the [Semantic Events](/docs/connections/spec/semantic/) docs for more details.
+
+--->
+
+To learn more about configuring consent categories in your workspace, see the [Configure Consent Management documentation](/docs/privacy/configure-consent-management/).
+
+## Consent object
+
+Segment requires every event from all of your sources to include the end-user consent preferences, captured by your consent management tools or your application logic, in the form of the **consent object**. The consent object is a JSON object with the following format:
+
+```json
+{
+"context": {
+  "consent": {
+    "consentPreferences": {
+        "Advertising": true,
+        "Analytics": false,
+        "Functional": true,
+        "DataSharing": false
+      }
+   }
+  }
+}
+
+```
+<!--- Q3 scope: 
+
+### Consent policy version
+
+add to snippet above:"     "version": 1,"
+
+Segment assigns a `version` to your consent object. The `version` describes the version of Segment's consent schema that message used.
+
+A consent conflict flag and the categories consented to by a user are both pulled from the consent object and are visible as traits on a user's profile in Unify. --->
+
+
+## Reconcile consent conflicts
+
+Segment resolves conflicts between your [consent object and your integration object](#reconcile-consent-object-and-integrations-object-conflicts) and between your [CMP and the consent categories you configured in the Segment app](#reconcile-cmp-and-segment-consent-category-conflicts). 
+
+### Reconcile consent object and integrations object conflicts
+
+You can add both the integrations object and the consent object to your Segment payloads for greater control over how Segment routes data to your downstream destinations. 
+
+> success " "
+> For more information about the Integrations object, please see [Filtering your Segment Data](/docs/guides/filtering-data/#filtering-with-the-integrations-object).
+
+If an event includes both an integrations and consent object, Segment will look at the consent object first, and then take into account the integrations object according to the following table:
+
+| Consent Object                                                                                                  | Integration Object                          | Result |
+| --------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | ------ |
+| Not provided <br><br> `"context": {` <br>`}`                                                                    | Not provided or empty object                | Data flows to all destinations |
+| Empty consent object <br><br> `"context": {`<br>`     "consent": {`<br>`     }`<br>`}` <br> OR <br> `"context": {`<br>`     "consent": {`<br>`           "categoryPreference": {` <br>`           }`<br>`     }` <br> `}`| Not provided or empty object | Data does **NOT** flow to any mapped destinations - consent is considered to be `false` for all categories. <br> <br> Data flows to all destinations **NOT** mapped to a consent category. |
+| Not provided <br><br> `"context": {` <br>`}`                                                                   | `{facebook: true,`<br>`amplitude: false}`   | Data flows to the destinations that are `true` in the integrations object (Facebook). Any metadata provided in the integrations object also flows to your downstream destinations.  |
+| Empty consent object <br><br> `"context": {`<br>`     "consent": {`<br>`     }`<br>`}` <br> OR <br> `"context": {`<br>`     "consent": {`<br>`           "categoryPreference": {` <br>`           }`<br>`     }` <br> `}`| `{facebook: true,`<br>`amplitude: false}` | Data does **NOT** flow to any mapped destinations - consent is considered to be `false` for all categories. <br><br> Data flows to all destinations **NOT** mapped to a consent category, destinations set to `true` in the integrations object, and destinations not included in the integrations object.   |
+| `{ad: true,` <br>`analytics: false}`<br> <br>_Segment has no category-to-destination mapping for ad and analytics_ | Provided, not provided, or empty object | Data flows to all destinations, as all destinations are unmapped. If the integrations object is present, data flow may be impacted. |
+| `{ad: true,` <br>`analytics: false}`<br> <br>_ad = facebook, google-ads_ <br>                                   | Not provided or empty object                | Data flows to destinations that map to a consented purpose. In this case, data flows to all ad destinations (Facebook and Google Ads).<br><br> No data flows to analytics destinations. |
+| `{ad: true,` <br>`analytics: false}`<br><br>_ad = facebook, google-ads_ <br> _analytics = amplitude_ | `{facebook: true,`<br>`amplitude: false}` | Data flows to all ad destinations, even though Google Ads is not present in the integrations object.<br><br> Data does **NOT** flow to analytics destinations. |
+| `{ad: true,` <br>`analytics: false}`<br><br>_ad = facebook, google-ads_ <br> _analytics = amplitude_  | `{facebook: false,`<br>`amplitude: false}` | Data only flows to Google Ads and not to Facebook, which is `false` in the integrations object. <br><br> Data does **NOT** flow to analytics destinations. |
+| `{ad: true,` <br>`analytics: false}`<br><br>_ad = facebook, google-ads_ <br> _analytics = facebook, amplitude_  | `{facebook: true,`<br>`amplitude: false}` | When destinations are mapped to multiple categories, data only flows if consent is `true` for all categories. In this case, data only flows to Google Ads and not to Facebook. <br><br>Data does **NOT** flow to analytics destinations. |
+| `{ad: true,` <br>`analytics: true}`<br><br>_ad = facebook, google-ads_ <br> _analytics = facebook, amplitude_  | `{facebook: true,`<br>`amplitude: false}` | When destinations are mapped to multiple categories, data only flows if consent is `true` for all categories. In this case, data flows to Google Ads and Facebook. No data flows to Amplitude because it is `false` in the integrations object. |
+| `{ad: false,` <br>`analytics: true}` <br><br>_ad = facebook, google-ads_ <br> _analytics = facebook, amplitude_ | `{facebook: true,`<br>`amplitude: false}` | When destinations are mapped to multiple categories, data only flows if consent is `true` for all categories. <br><br>In this example, data does **NOT** flow to any destination because of the interaction between the integrations and consent objects. |
+
+### Reconcile CMP and Segment consent category conflicts
+
+If you have a category configured in your consent management tool (for example, `advertising`) and there is no category with the same ID in Segment, the data will flow to unmapped destinations. If destinations are mapped to a different category in the Segment app, data flow will honor end user consent for that category.
+
+If there is a category configured in Segment (`functional`) that is not mapped in your CMP, data will not flow to destinations mapped to the `functional` category. 
+
+## Consent observability
+
+<!--- You can view consent preference events in your [Tracking Plan](/docs/protocols/tracking-plan/create/) and view discarded events in [Delivery Overview](/docs/connections/delivery-overview/). ---> 
+<!---### Tracking Plan
+### Delivery Overview
+out of current scope--->
+Events discarded due to consent preferences appear in [Delivery Overview](/docs/connections/delivery-overview/) at the "Filtered at destination" step with the discard reason __Filtered by end user consent__.