Consent Experiences

Transcend Consent Management includes the ability to define consent experiences. Consent experiences are a mapping of consent banners and consent purposes based on a site visitor's location. In this way, consent experiences let you select the consent banner and consent purposes for relevant privacy regimes, and map them to geographical regions. This allows for flexibility to decide which consent rights to give site visitors in different locations.

Consent experiences can be thought of as a way to group, define and configure a set of privacy rights a website user should have. Consent experiences are often synonymous with privacy regimes, like GDPR, CPRA, etc., where the experience groups display, banner and consent choices accordingly and can be mapped to desired geographical regions.

It's worth noting that while consent experiences commonly represent a legal privacy regime, that's not the only use case. For example, it's also possible to define the experience for users that don't fall under any legal privacy regime, or don't have any legal consent rights. Consent experiences are extensible and flexible to meet a variety of use cases.

Consent Regional Experiences include many configuration options. The table below explains each setting and how it contributes to the experience.

Experience AttributeDescriptionExample Use Case
NameThe name of the Consent Experience. This is required.A common use is to define consent experiences for each legal privacy regime that should be supported. Naming consent experiences GDPR and CPRA are common examples.
In/Not InThe In/Not In setting applies for the regions, languages, and timezones settings. The setting is used to denote whether the defined region(s), language and timezone should be included or excluded for the consent experience. This is required.As an example, this setting set to Not in with a region California would mean the consent experience would apply to website visitors that are not in California.
RegionThe geographical locations this experience applies to. A user's geographical location is inferred by their IP address. This is required.As an example, let's take a Consent Experience called CPRA. The region could be set to include California, as well as any other regions where users should have a CPRA-experience.
LanguagesThe browser languages this experience applies for. When left empty, the site visitor's browser language will not factor in when resolving which consent experience to show. This is optional.This is a helpful setting for GDPR-like experiences where there may be an obligation to give EU residents the GDPR experience, even when they are not physically in Europe. In the case where an EU resident is traveling abroad, their timezone and IP address will not show them to be in the EU. Including the browser language can help to ensure EU residents are appropriately identified even when they are not in the EU.
TimezonesThe time zones this experience applies for. The timezone is retrieved from the browser. This is optional.Use the Timezone setting to further identify which consent experience to show a user.
UI View StateThe UI View State is the consent banner that will display to users for this experience. Select one of the out of the box banners according to the regime and desired experience. Use the Hidden option when no consent banner should be displayed automatically to users. This is required.Different view states are designed for compliance in different regimes and according to different levels of risk tolerance. As an example, the Notice and Do Not Sell banner is designed for CPRA compliance.
Applicable Consent PurposesThe consent purposes that are included for this experience. A site user will be given the option to opt-in or opt-out of the consent purposes listed here. Users will not be able to make a consent choice for purposes not included here.As an example, if the only purpose listed is SaleOfInfo, users will only be able to opt-out or in to Sale of Info. This is an example use case for CCPA-like experiences.
Default Disallowed Consent PurposesThis setting defines which consent purposes a user will be opted-out of by default. Consent purposes set in the Applicable consent purposes setting that are not included here will be treated as opt-in by default.Some legal privacy regimes require that a user give consent (opt-in) to applicable consent purposes before associated data flows and trackers are allowed to run on the site. This most notably applies for GDPR-like experiences.
Display PriorityThis setting allows to define the priority of how similar experiences will display to users. If the user matches multiple experiences, the experience with the lower number will take precedence. This is required.A consent experience with a display priority of 1 will display over one with 2, given that both experiences apply for the user.
Consent ExpiryThe time in months after which a user's opt-in consent should be considered expired. Set to 0 to disable consent expiration.A consent experience with a consent expiry of 1 will consider collected consent expired after 1 month, at which point we will apply the configured Consent Expiry Behaviour (see below).
Consent Expiry BehaviorWhat happens when the user's consent expires.Prompt will only trigger existing auto-prompt banners to show again, but will not change any consent preferences. Reset Opt-Ins only resets the consent preferences for aplicable purposes that were opted in.

A website user's location is inferred from their IP address, and optionally their browser language and browser timezone. The IP address is used to identify if the user falls in one of the regions mapped to a consent experience. Browser language and timezone settings are optional, but can be used to further identify when to show someone a consent experience. Transcend supports these additional options beyond IP address to locate someone for compliance with privacy laws that give consent rights to users beyond their current physical location. For example, under GDPR law, you may be required to provide the same consent experience to EU users even when they are not physically in the EU. Relying only on IP address to identify the user's location could leave compliance gaps in this example, but incorporating the user's browser language can help identify when EU users are not in the EU.

The Region setting defined for a consent experience uses the website visitor's IP address to determine a match. If the consent experience includes settings for browser language and Timezone, only one of three has to be matched for a user to be shown the consent experience. For example, if a consent experience has these settings and the user is identified as:

Region (Based on IP)Browser LanguageTimezone
Consent ExperienceEUFrench, German, etc.N/A
UserUS:CaliforniaFrenchPacific Standard Time (Los Angeles)

Then the user will be shown this consent experience, as they match at least one of the region/language/timezone settings.

Transcend Consent’s default UI includes ready to use, compliant regional experiences. The table below shows the default experiences.

ExperienceRegionBrowser LanguageTimezonesView State (Consent Banner)Applicable Consent PurposesDefault Disallowed Consent Purposes
UnknownnonenonenoneHiddennonenone
CPRAUnited States: CalifornianonenoneHiddenSale/Sharing of Personal Informationnone
GDPREuropean Union, United Kingdom, Norway, Iceland, LiechtensteinBulgarian (Bulgaria), Croatian (Croatia), Czech (Czech Republic), Danish (Denmark), Dutch (Belgium), Dutch (Netherlands), English (Ireland), Estonian (Estonia), Finnish (Finland), French (Belgium), French (France), French (Luxembourg), German (Austria), German (Germany), German (Liechtenstein), German (Luxembourg), Greek (Greece), Hungarian (Hungary), Icelandic (Iceland), Irish (Ireland), Italian (Italy), Latvian (Latvia), Lithuanian (Lithuania), Maltese (Malta), Norwegian (Norway), Norwegian Bokmål (Norway), Norwegian Nynorsk (Norway), Polish (Poland), Portuguese (Portugal), Romanian (Romania), Slovak (Slovakia), Slovenian (Slovenia), Spanish (España), Swedish (Finland), Swedish (Finland), Swedish (Sweden)noneQuick OptionsAdvertising, Analytics, Functional, Sale/Sharing of Personal InformationAdvertising, Analytics, Functional, Sale/Sharing of Personal Information
LGPDBrazilPortuguese (Brazil)noneQuick OptionsAdvertising, Analytics, Functional, Sale/Sharing of Personal InformationAdvertising, Analytics, Functional, Sale/Sharing of Personal Information
CDPAUnited States: VirginianonenoneHiddenSale/Sharing of Personal Informationnone
CPAUnited States: ColoradononenoneHiddenSale/Sharing of Personal Informationnone
NEVADA_SB220United States: NevadanonenoneHiddenSale/Sharing of Personal Informationnone
nFADPSwitzerlandGerman (Switzerland), French (Switzerland), Italian (Switzerland), English (Switzerland), Portuguese (Switzerland), Swiss German (Switzerland)noneQuick OptionsAdvertising, Analytics, Functional, Sale/Sharing of Personal InformationAdvertising, Analytics, Functional, Sale/Sharing of Personal Information
US_DNSSUnited States: California, United States: Virginia, United States: Colorado, United States: Nevada, United States: Texas, United States: Connecticut, United States: Oregon, United States: Montana, United States: UtahnonenoneHiddenSale/Sharing of Personal Informationnone

The following default experiences are available out of the box: GDPR, LGPD, nFADP, US_DNSS and Unknown. The U.S. state specific experiences, CPRA, CDPA, CPA and NEVADA_SB220 are also available, but are not automatically enabled given their overlap with U.S. Do Not Sell/Share (US_DNSS). These experiences can be enabled in the Transcend Dashboard Consent Management > Regional Experiences > Add Experience Form via Experience Presets.

The default consent experience represents refers to the case when no defined consent experience applies for a user. This typically applies where no applicable privacy legal regime is detected for a user. This is also referred to as the "Unknown" consent experience. It's worth noting that unknown doesn't mean that the user's location is unknown. In this case no Consent UI is shown by default. This is reflected in the table above for the “Unknown” experience.

The default experiences can be customized and further configured from the out of the box settings. The consent experience attributes for default experiences can be adjusted directly in the Transcend Dashboard. The available view state options (consent banners) are available for preview here. New consent experiences can also be created to fit additional use cases in the Dashboard.

To create a new regional consent experience, navigate to the Regional Consent Experiences page in the Transcend Dashboard and select + Add Experience and configure the experience attributes as desired.

Consent experiences can be edited in-line from the dashboard.