About Consent Orchestration
This article provides an overview of Tealium Consent Orchestration.
The Consent Orchestration feature is currently in Early Access and available only by request. If you are interested in trying this feature and helping us improve it, please contact your Customer Success Manager.
Tealium Consent Orchestration lets you centrally control consent conditions for event-level activations. It enforces user consent in real-time, ensuring that data processing aligns with user preferences and legal requirements.
Currently, only event-level enforcement is available, and manual enforcement in Audiences is required.
How it works
You can organize consent rules into purpose groups with Consent Orchestration on the server-side. These purpose groups help you ensure that your event-level activations comply with user consent and privacy rules. When necessary, you can use exemptions to track essential data without explicit user consent.
Event-level activations
Consent Orchestration provides centralized control over consent rules for the following features:
- EventStream connector actions
- Event functions
- EventStore
- EventDB
- Events that AudienceStream is allowed to process
Currently, Consent Orchestration does not control AudienceStream activations; this functionality will be introduced in a later phase.
Purpose Groups and Consent Policies
A purpose group is used to define and apply a consent policy which contains specific purposes for data collection or processing. Purpose groups ensure that your event-level activations only process consented data. Within each purpose group is a list of data processing purposes which are mapped to event-level activations to ensure that user consent is respected. Common examples of purposes include categories like Marketing and Necessary, or vendor-specific purposes such as Google Analytics, depending on what consent choices you offer users.
Enforcement rules
You can use enforcement rules to manage multiple purpose groups or exemptions if you have more than one policy to enforce. For more info on what happens if more than one enforcement rule applies, see Handling conflicts in enforcement conditions.
Exemptions
An exemption allows data tracking under specific conditions without data privacy controls. Create exemptions for specific, explicit exceptions to consent enforcement based on regulatory requirements or operational needs. This approach provides flexibility while ensuring compliance with data protection regulations.
Some examples of exemptions include:
- Geographical exemptions: For countries where there are no data privacy controls, an exemption will apply that allows data processing without enforcing consent controls. For other countries with data privacy laws such as the US (California with CCPA) and Europe (with GDPR), the respective policies (implemented as purpose groups) would apply.
- Data source key: An exemption based on the data source key, such as when data comes from a specific file import that is already consented, and no further consent controls are needed.
Replaces legacy enforcement
This feature disables Server-side consent management, but you can still use the consent_categories array in your purpose rules.
Consent Orchestration flow
This page was last updated: October 15, 2024