Managing Cookie Compliance for Mobile/CTVs Using OneTrust Cookie Consent

In this topic, you will learn how to implement OneTrust Cookie Consent with Brightcove Beacon for Mobile and CTVs apps.

Introduction

Cookies are used to store data on a visitor's computer or mobile device. Cookies are commonly used and sometimes critical to a website's functionality. Cookies can be used to store large amounts of data, store personal data and track online activity so advertisers can target ads. Because of the negatives that are associated with cookies, regulations have evolved around them. The three most common are:

  • California Consumer Privacy Act (CCPA) used in California, Colorado, Utah, Connecticut and Virginia.
  • General Data Protection Regulation (GDPR) used in the EU and United Kingdom.
  • Quebec Law 25 used in Quebec.

This document is an introduction to get you started using OneTrust's Cookie Consent tool with Brightcove Beacon. Brightcove recommends using OneTrust for your Beacon cookie compliance needs.

The main sections in this document are:

  • How OneTrust Cookie Consent works.
  • Implementation steps.
  • What data is collected?

How OneTrust Cookie Consent works

The end result of setting up OneTrust Cookie Consent is that a banner will appear in the Beacon App for geographic locations you choose. Here is an example of what the banner could look like (taken from OneTrust's site):

one trust banner

When a viewer clicks on the Customize Settings link in the banner, a Preference Center dialog appears. This allows your viewers to customize how cookies behave in their app:

one trust preference center

OneTrust welcomes Beacon customers to contact them about the Cookie Consent product.

Overview of implementation process

There are a number of steps to implement OneTrust's cookie compliance with your Beacon app. Here is an overview of that process:

  1. Create your mobile/CTV application.
  2. Associate SDKs with the proper categorizations to the App
  3. Create templates that define your banner and preference center functionality and upload your logo for each template created.
  4. Create a geolocation rule group, which will act as a container for geolocation rules.
  5. Create geolocation rules that:
    • Define the regions in which the cookie compliance will be used.
    • Define the template to be used with the geolocation rule.
    • Define other specifications, like how often re-consent will need to be done.
  6. Assign geolocation rules to the apps created.
  7. Publish the Mobile App Consent SDK that provide the actual cookie compliance in your Beacon app.
  8. Supply published SDK to Brightcove's OTT Delivery Team for implementation.

The major sections following in this document lead you step by step through the implementation process.

Create your mobile/CTV application

You first need to create an application to the platform you want to support, such as Android or iOS.

  1. Log in to your OneTrust account.
  2. From the Welcome page, click the Mobile app Consent or OTT & CTV Consent option according to the case.
    select mobile or ctv
  3. To start the process:
    1. In the left navigation, click Mobile apps or OTT & CTV apps according to the case.
    2. Click Add Mobile App or Add CTV Apps according to the case.
    create mobile app

    or

    create ctv app
  4. Complete the fields.
    fill fields to create the app
  5. Click Create

Associate SDKs to the App

We are now going to create two SDKs, a performance cookie and a targeting cookie.

  1. From the Welcome page, click Categorizations.
  2. Select the SDKs tab.
  3. Click Add SDK.
    create sdk
  4. Complete the fields.
    fill the sdk fields
  5. Select the check boxes for the applications to which you want to assign the SDK.
    select apps to apply the sdk
  6. Confirm and Create
    confirm sdk
  7. Repeat the process to create the Targeting Cookie SDK.

Manage Languages

  1. Open the Template Details screen.
    manage languages
  2. Click Manage Languages. The Manage Languages modal appears.
    select languages
  3. Select the checkboxes for the languages you want to enable.

    You can select a new default language by selecting the check box in the Default column.

  4. Save

The multi-language capabilities of Brightcove provide you with the ability to present your content and apps in the native language of your viewers.

Languages supported by Brightcove

  • English (en)
  • Spanish (es)
  • Italian (it)
  • French (fr)
  • German (de)
  • Mongolian (mn)
  • Japanese (ja)
  • Korean (ko)
  • Chinese (zh)
  • Russian (ru)

For more details see: Using Multiple Languages

Create geolocation rules

Creating geolocation rules first requires that you create a geolocation rule group. The group will act as a container for the rules you create. The actual geolocation rules define cookie compliance behaviors you wish for different geographic regions.

  1. To start the process, create a new rule group by:
    1. In the left navigation, click Geolocation Rules.
    2. Click Create New.
      geo rules index
  2. In the Create New Rule Group dialog, supply a group name, organization and description.
    create rule group
  3. Click Create.
  4. To set the Global rule, start by clicking the edit button.
    edit global rule
  5. Clear the Template input box and begin typing the name of your global template, created earlier, then select it.
    select generic template
  6. For the Cookie Categories, select Opt-out.
    opt out
  7. For Capture Records of Consent change the following:
    • Enable Capture Records of Consent
    • Set Advanced Analytics to Strictly Necessary Cookies
    • Consider checking the Use this consent model if site visitor's IP address is unknown checkbox if this rule acting in a global capacity.
    capture consent
  8. Click Save.
  9. To create your first actual geolocation rule, from the rule group details page, click Add Rule.
    geo add rule
  10. You will now create the CCPA rule. The following table provides settings you need to make to be compatible with Beacon. Other changes can be made based on regulations for your targeted geographies.
    Form element Value
    Rule Name Provide a name
    Regions

    Select the geo-locations in which the rule should be applied. This can be regions, countries, or states.

    For CCPA, you would most likely want to include California, then any other desired regions like Colorado, Utah, Connecticut and Virginia.

    Template Choose the template created that was based on the CCPA framework.
    Cookie Categories Opt-out
    Capture Records of Consent Enabled
    Advanced Analytics Strictly Necessary Cookies
  11. Create the GDPR rule. Be sure to supply the following values to insure compatibility with Beacon. Other values can be set as needed to meet other regulations.
    Form element Value
    Rule Name Provide a name
    Regions

    Select the geo-locations in which the rule should be applied. This can be regions, countries, or states.

    For GDPR, you would most likely want to include Eu and United Kingdom, then any other desired regions.

    Template Choose the template created that was based on the IAB framework.
    Cookie Categories Opt-in
    Capture Records of Consent Enabled
    Advanced Analytics Strictly Necessary Cookies
  12. Create the Quebec Law 25 rule. Be sure to supply the following values to insure compatibility with Beacon. Other values can be set as needed to meet other regulations.
    Form element Value
    Rule Name Provide a name
    Regions

    Select the geo-locations in which the rule should be applied. This can be regions, countries, or states.

    For Quebec Law 25 include Quebec, then any other desired regions.

    Template Choose the template created that was based on the Quebec Law 25 framework.
    Cookie Categories Opt-in
    Capture Records of Consent Enabled
    Advanced Analytics Strictly Necessary Cookies
  13. Check to be sure your rules appear as follows, except of course, using your rule names.
    geo rules

Assigning Geolocation Rule Groups to Applications

  1. In the left navigation, click Geolocation Rules.
  2. For the Geolocation Rule Group you created, click the ellipses icon and select Assign to Mobile Apps or Assign to CTV Apps according to the case.
    geolocalization mobile
  3. Select the appropriate apps you would like to assign this policy to.
    geolocalization assign mobile
  4. click Assign.

Publishing OneTrust SDKs

  1. On the Cookies Compliance menu.
    1. select SDKs.
    2. Click the link in the Name column for the application you want to edit.

    3. select app
  2. On the app detail page you can see the SDKs you created earlier and associated with this app and you also can see the ids you will need to provide for the App to function correctly : “Mobile/CTV App ID” and “CDN Location”.
    app details
  3. Select the SDK tab.
    select sdk tab
  4. Click Publish.

    publish app
  5. Select the SDK type Native SDK.
  6. Enable the Publish individual languages setting to publish them separately. If left disabled, all languages will be published.
  7. Check the box next to Do you require users to re-consent? setting if you wish to allow users to re-consent.
  8. Click the View Details link to review any release note updates before publishing to your live production SDK.
  9. Click either the Publish Test SDK button or Publish Production SDK button to complete the action.

What data is collected?

Data is collected for the these main purposes:

  • App behavior
  • Analytics
  • Ad targeting

The steps above configured your system to address these general purposes:

Data Use(s)
Geo-filtering Location services
Device information (model, type, OS version) Login, trace actions, analytics, record favorites, etc.
Ad targeting Specified ads
Locale Number and date formatting, currencies
App information (name, version, errors) Reports on versions used, aggregated errors for proactive corrections, etc.
User navigation and use patterns Google analytics (navigation patterns), sign ups, count search, page opens, etc.
Local storage Persist credentials and login info, user application state, user settings, etc.

Standards body purpose definitions

The purposes for cookie data collection are very thoroughly defined in the IAB Europe Transparency & Consent Framework v2.0. The definitions can be found in Appendix A: Purposes and Features Definitions of the IAB Europe Transparency & Consent Framework Policies document.

The IAB Europe Transparency & Consent Framework v2.2 defines 11 purposes. The following table displays those used by Beacon.

Purpose Name
1 Store and/or access information on a device.
3 Create profiles for personalized advertising.
4 Use profiles to select personalized advertising.
7 Measure advertising performance.
8 Measure content performance