Managing Cookie Compliance Using OneTrust Cookie Consent

Introduction

Cookies are used to store data on a visitor's computer or mobile device. Cookies are commonly used and sometimes critical to a website's functionality. Cookies can be used to store large amounts of data, store personal data and track online activity so advertisers can target ads. Because of the negatives that are associated with cookies, regulations have evolved around them. The two most common are:

• California Consumer Privacy Act (CCPA)
• General Data Protection Regulation (GDPR) used in the EU and United Kingdom

This document is an introduction to get you started using OneTrust's Cookie Consent tool with Brightcove Beacon. Brightcove recommends using OneTrust for your Beacon cookie compliance needs.

The main sections in this document are:

• How OneTrust Cookie Consent works
• Implementation steps (comprised of four sections)
• What data is collected?
• Implementation architecture

How OneTrust Cookie Consent works

The end result of setting up OneTrust Cookie Consent is that a banner will appear in the Beacon App for geographic locations you choose. Here is an example of what the banner could look like (taken from OneTrust's site):

When a viewer clicks on the Customize Settings link in the banner, a Preference Center dialog appears. This allows your viewers to customize how cookies behave in their app:

OneTrust welcomes Beacon customers to contact them about the Cookie Consent product.

Overview of implementation process

There are a number of steps to implement OneTrust's cookie compliance with your Beacon app. Here is an overview of that process:

1. Define the domain from where your apps will be served.
2. Create templates that define your banner and preference center functionality and upload your logo for each template created.
3. Create a geolocation rule group, which will act as a container for geolocation rules.
4. Create three geolocation rules that:
   • Define the regions in which the cookie compliance will be used.
   • Define the template to be used with the geolocation rule.
   • Define other specifications, like how often re-consent will need to be done.
5. Assign geolocation rules to the domains from which your Beacon app is served.
6. Generate the scripts that provide the actual cookie compliance in your Beacon app.
7. Supply the scripts to Brightcove's OTT Delivery Team for implementation.

The major sections following in this document lead you step by step through the implementation process.

Define app domain

Later in the implementation process, you need to use the domain(s) from which your apps are served. The steps in this section define that.

1. Log in to your OneTrust account.
2. From the Welcome page, click the Cookie Compliance option.

   

3. To start the process:
   1. In the left navigation, click Websites
   2. Click Add Website

   

4. Enter the Website URL from where your app will be served, which is supplied by your DNS provider. Enter the Organization, then click Scan Only.

   

5. You will be returned to the COOKIE COMPLIANCE configuration page.

Create three templates

A template defines how your banner and preferences dialog appear, and function, for your users. In the following steps you will create two templates, one for CCPA, one for GDPR and a generic one for all other regions.

1. In the left navigation, click Templates.

   

2. Click Add New

   

3. Select the CCPA Template (California) for the Framework.

   

4. Click Next.
5. Complete the form then click Create.

   

6. The Template Details page opens to the Banner tab. Click Preference Center.

   

7. In the Preference Center:
   1. Open the Styling options
   2. Enable Override Banner Styling
   3. Upload a new logo

   

8. Note that the logo is updated in the preview.

   

9. Click Save Template.

   

10. Click Templates in the left navigation.
11. Click Add New to start creation of your second template.
12. Select the IAB Transparency and Consent Framework 2.0 for the Framework.

    

13. Click Next.
14. Read the IAB TCF information then click I Agree.

    

15. Complete the form then click Create Template.

    

16. Supply your company's logo for the banner, as shown in steps 11-13 above.
17. While still in the Preference Center, open the Advanced Configuration options.

    

18. A number of changes must be made here for use with Brightcove Beacon. The changes are listed, then a video follows showing the process how to implement those changes.
    1. Move Social Media Cookies to the Strictly Necessary Cookies subgroup.
    2. Move Targeting Cookies to the Strictly Necessary Cookies subgroup.
    3. Move Functional Cookies to the Strictly Necessary Cookies subgroup.
    4. Move Performance Cookies to the Strictly Necessary Cookies subgroup.
    5. From the Personalised ads and content, ad and content measurement, audience insights and product development group, perform the following:
       1. Remove Create a personalised content profile as a subgroup, then choose Disable IAB Purpose.
       2. Remove Select personalised content as a subgroup, then choose Disable IAB Purpose.
       3. Remove Measure content performance as a subgroup, but do NOT disable.
       4. Remove Apply market research to generate audience insights as a subgroup, then choose Disable IAB Purpose.
       5. Remove Develop and improve products as a subgroup, then choose Disable IAB Purpose.
    6. For Use precise geolocation data, choose Disable IAB Purpose.
    7. For Actively scan device characteristics for identification, choose Disable IAB Purpose.
    8. For Match and combine offline data sources, choose Disable IAB Purpose.
    9. For Link different devices, choose Disable IAB Purpose.
    10. For Receive and use automatically-sent device characteristics for identification, choose Disable IAB Purpose
19. Check your configuration by comparing your results to the following, making corrections as needed:

    

20. Click Save Template.
21. Click Templates in the left navigation.
22. Click Add New to start creation of your third template.
23. Select the Generic Cookie Banner for the Framework.

    

24. Click Next.
25. Complete the form then click Create Template.

    

26. Supply your company's logo for the banner, as shown in steps 11-13 above.
27. Note that your banner now contains three buttons.

    

28. You will now alter the look of your banner:
    1. Click the Banner tab
    2. Click Content
    3. Click Button Set

    

29. In the Button Set dialog, disable the following buttons:
    • Show Cookie Setting Button
    • Show Reject All Button

    

30. Click Save.
31. Note that the banner contains only the Accept All Cookies button and the close button (X).

    

32. Click Save Template.

You have now created your three templates. Note that your Generic Global template will be used in regions NOT assigned to other templates.

Create geolocation rules

Creating geolocation rules first requires that you create a geolocation rule group. The group will act as a container for the rules you create. The actual geolocation rules define cookie compliance behaviors you wish for different geographic regions.

1. To start the process, create a new rule group by:
   1. In the left navigation, click Geolocation Rules.
   2. Click Create New.

      

2. In the Create New Rule Group dialog, supply a group name, organization and description.

   

3. Click Create.
4. To set the Global rule, start by clicking the edit button.

   

5. Clear the Template input box and begin typing the name of your global template, created earlier, then select it.

   

6. For the Cookie Categories, select Opt-out.

   

7. For Capture Records of Consent change the following:
   • Enable Capture Records of Consent
   • Set Advanced Analytics to Strictly Necessary Cookies
   • Consider checking the Use this consent model if site visitor's IP address is unknown checkbox if this rule acting in a global capacity.

   

8. Click Save.
9. To create your first actual geolocation rule, from the rule group details page, click Add Rule.

   

10. You will now create the CCPA rule. The following table provides settings you need to make to be compatible with Beacon. Other changes can be made based on regulations for your targeted geographies.

    Form element	Value
    Rule Name	Provide a name
    Regions	For CCPA, you would most likely want to include California, then any other desired regions.
    Template	Choose the template created that was based on the CCPA framework.
    Cookie Categories	Opt-out
    Capture Records of Consent	Enabled
    Advanced Analytics	Strictly Necessary Cookies

11. Create the GDPR rule. Be sure to supply the following values to insure compatibility with Beacon. Other values can be set as needed to meet other regulations.

    Form element	Value
    Rule Name	Provide a name
    Regions	For GDPR, you would most likely want to include Eu and United Kingdom, then any other desired regions.
    Template	Choose the template created that was based on the IAB framework.
    Cookie Categories	Opt-in
    Capture Records of Consent	Enabled
    Advanced Analytics	Strictly Necessary Cookies

12. Check to be sure your rules appear as follows, except of course, using your rule names.

    

Assign geolocation rules to domains

1. In the left navigation, click Geolocation Rules.
2. For the Geolocation Rule Group you created, click the ellipses icon and select Assign to Domains.

   

3. Select the appropriate domains, then click Assign. These domains should match the URLs supplied by your DNS provider.

   

Create and copy scripts

You will go through the process of generating the scripts twice. Once for test scripts, which are used in the non-production test CDN. Then once for the production CDN.

1. From the Cookie Compliance index page:
   1. In the left navigation, click Scripts.
   2. Click the domain where your cookie compliance will be implemented.

   

2. In the details screen for your domain, click Publish Test.

   

3. In the Test Website dialog:
   1. Set the script version to 6.32.0 (or the latest version).
   2. Click Confirm.

   

4. Ensure the settings are those in the following screenshot, then click Publish Test Scripts.

   

5. If a Live Preview dialog displays, click Cancel.
6. Now in the top-right of the screen, click Publish Production.
7. Update the script version to the latest, and click Confirm.
8. Confirm settings as show in step 56, then click Publish.
9. Click the Test Scripts tab, if not already selected.

   

10. Click Copy Scripts.

    

11. Provide the scripts to Brightcove's OTT Delivery Team for proper deployment.

What data is collected?

Data is collected for the these main purposes:

• App behavior
• Analytics
• Ad targeting

The steps above configured your system to address these general purposes:

Standards body purpose definitions

The purposes for cookie data collection are very thoroughly defined in the IAB Europe Transparency & Consent Framework v2.0. The definitions can be found in Appendix A: Purposes and Features Definitions of the IAB Europe Transparency & Consent Framework Policies document.

The IAB Europe Transparency & Consent Framework v2.0 defines 10 purposes. The following table displays those used by Beacon.