Chord Commerce Event Tracking
Consent Management

OneTrust

5min

OneTrust presents customers in affected regions with a cookie banner. That banner allows customers to accept cookies, reject cookies, or further customize control.

Segment offers a consent management wrapper that retrieves customer data preferences from OneTrust and adds them to Segment events as the consent object. Within Segment, you can map how data preferences should be applied to Segment destinations. Read more about Segment's approach to consent management.

Follow these steps to configure consent management with OneTrust and Segment:

  1. Configure consent groups in OneTrust.
  2. Configure consent categories in Segment and map to destinations.
  3. Implement Segment's consent management wrapper to include consent in client-side events.
  4. Store that consent object on the customer’s cart/order.
  5. Use the cart/order attribute to include customer preferences in server-side events.

Configuring OneTrust

Configure consent groups in OneTrust. These groups will correspond to Segment consent categories. These groups will have IDs like C0001, etc.

Configuring Segment

Add the consent groups from OneTrust as category mappings in your Segment workspace by navigating to Privacy > Consent Management > Create category. You can customize the “Category name” for these category mappings, but the “Category ID” must be exactly the ID of the OneTrust group to connect preferences from Shopify to Segment:

For each category, choose the mapped destinations. Mapping a destination to a category means that the destination will only receive the Segment event if OneTrust reports that processing if allowed for that category.

Installing on your site

Chord recommends using Segment’s OneTrust consent wrapper. This wrapper:

  1. Delays loading the analytics.js script until OneTrust allows it to load.
    • OneTrust will only allow it to load if:
      • the customer isn’t in an affected region (via OneTrust’s own geolocation), or
      • the customer is in an affected region and has consented.
    • If OneTrust doesn’t allow it to load, both Chord and Segment will silently fail and the events will not be sent.
  2. Reads customer preferences from OneTrust’s global objects (e.g. window.OnetrustActiveGroups) and constructs a consent object.
  3. Adds that consent object to every client-side event sent to Segment.

Installing the OneTrust Segment wrapper

See the OneTrust consent wrapper README for instructions on installing the wrapper.

Adding consent to server events

Managing consent in server sources (e.g., Segment source functions) isn’t as simple. Because preferences are set in the browser, we have to communicate that information to the server. The easiest way to do so is to store it as an attribute on the cart/order.

Source functions will then:

  1. Read that consent object from the cart/order’s attribute
  2. Include it in the properties of events it fires (under context.consent.categoryPreferences, as shown here).

Segment will then use that to honor the same consent group configuration described above.