1. What is the difference between cookie consent and opting out?
This is a frequently asked question, so we are making product updates to improve this workflow.
Here's some information to clarify the differences:
What is consent?
In UCP, consent means the
_evidon_cookie_consent_ cookie is dropped. This is triggered when,
- Consent is required (show application)
- User clicks Accept in the consent banner
On the backend, this also means any scripts or tag managers configured to run with the
priorConsentCallback function will be triggered.
What is opting out?
Through the cookie consent form, users can manage consent with individual vendors, will be sent directly to the vendor to manage the relationship, or will be informed when it is an essential function that they cannot control. This does not impact prior consent.
What's the difference?
When a user consents, they are only saying yes to enabling cookies and scripts that can collect their data.
This is separate from when a user opts out in the cookie consent tool. For here, they are managing their privacy preferences with the vendor directly.
2. Do we restrict reading of cookies if the cookie is already present in the browser but user has not yet provided consent (for first party and third party cookies)?
Once the cookie is there it’s there. There isn’t anything we can do about it.
3. If a user opts out of certain cookies, how is it ensured that the cookie is not read or written?
It is not ensured. It is the responsibility of the vendor to honor the opt-out request. From the banner, the user can’t opt-out of “certain” cookies - prior consent is all or nothing. For the IAB, the user can opt out of purposes but it is up to the vendors to honor those opt-outs.
As for opt outs, the third party opt outs drop the specific vendor cookies (which will be different for every vendor).
However we also drop our cookie '
ba_opt_out' so we can determine to show the checkboxes empty/checked (opted out/not opted out).