Managing Cookie Compliance Using OneTrust Cookie Consent

In this topic, you will learn how to implement OneTrust Cookie Consent with Brightcove Beacon.

Introduction

Cookies are used to store data on a visitor's computer or mobile device. Cookies are commonly used and sometimes critical to a website's functionality. Cookies can be used to store large amounts of data, store personal data and track online activity so advertisers can target ads. Because of the negatives that are associated with cookies, regulations have evolved around them. The three most common are:

  • California Consumer Privacy Act (CCPA) used in California, Colorado, Utah, Connecticut and Virginia.
  • General Data Protection Regulation (GDPR) used in the EU and United Kingdom.
  • Quebec Law 25 used in Quebec.

This document is an introduction to get you started using OneTrust's Cookie Consent tool with Brightcove Beacon. Brightcove recommends using OneTrust for your Beacon cookie compliance needs.

The main sections in this document are:

  • How OneTrust Cookie Consent works
  • Implementation steps (comprised of four sections)
  • What data is collected?
  • Implementation architecture

How OneTrust Cookie Consent works

The end result of setting up OneTrust Cookie Consent is that a banner will appear in the Beacon App for geographic locations you choose. Here is an example of what the banner could look like (taken from OneTrust's site):

one trust banner

When a viewer clicks on the Customize Settings link in the banner, a Preference Center dialog appears. This allows your viewers to customize how cookies behave in their app:

one trust preference center

OneTrust welcomes Beacon customers to contact them about the Cookie Consent product.

Overview of implementation process

There are a number of steps to implement OneTrust's cookie compliance with your Beacon app. Here is an overview of that process:

  1. Define the domain from where your apps will be served.
  2. Create templates that define your banner and preference center functionality and upload your logo for each template created.
  3. Create a geolocation rule group, which will act as a container for geolocation rules.
  4. Create geolocation rules that:
    • Define the regions in which the cookie compliance will be used.
    • Define the template to be used with the geolocation rule.
    • Define other specifications, like how often re-consent will need to be done.
  5. Assign geolocation rules to the domains from which your Beacon app is served.
  6. Generate the scripts that provide the actual cookie compliance in your Beacon app.
  7. Supply the scripts to Brightcove's OTT Delivery Team for implementation.

The major sections following in this document lead you step by step through the implementation process.

Define app domain

Later in the implementation process, you need to use the domain(s) from which your apps are served. The steps in this section define that.

  1. Log in to your OneTrust account.
  2. From the Welcome page, click the Cookie Consent option.
    cookie compliance
  3. To start the process:
    1. In the left navigation, click Websites
    2. Click Add Website
    add website
  4. Enter the Website URL from where your app will be served, which is supplied by your DNS provider. Enter the Organization, then click Scan Only.
    scan website
  5. You will be returned to the COOKIE COMPLIANCE configuration page.

Manage Languages

  1. Open the Template Details screen.
    manage languages
  2. Click Manage Languages. The Manage Languages modal appears.
    select languages

  3. Select the checkboxes for the languages you want to enable.

    You can select a new default language by selecting the check box in the Default column.

  4. Save

The multi-language capabilities of Brightcove provide you with the ability to present your content and apps in the native language of your viewers.

Languages supported by Brightcove

  • English (en)
  • Spanish (es)
  • Italian (it)
  • French (fr)
  • German (de)
  • Mongolian (mn)
  • Japanese (ja)
  • Korean (ko)
  • Chinese (zh)
  • Russian (ru)

For more details see: Using Multiple Languages

Create geolocation rules

Creating geolocation rules first requires that you create a geolocation rule group. The group will act as a container for the rules you create. The actual geolocation rules define cookie compliance behaviors you wish for different geographic regions.

  1. To start the process, create a new rule group by:
    1. In the left navigation, click Geolocation Rules.
    2. Click Create New.
      geo rules index
  2. In the Create New Rule Group dialog, supply a group name, organization and description.
    create rule group
  3. Click Create.
  4. To set the Global rule, start by clicking the edit button.
    edit global rule
  5. Clear the Template input box and begin typing the name of your global template, created earlier, then select it.
    select generic template
  6. For the Cookie Categories, select Opt-out.
    opt out
  7. For Capture Records of Consent change the following:
    • Enable Capture Records of Consent
    • Set Advanced Analytics to Strictly Necessary Cookies
    • Consider checking the Use this consent model if site visitor's IP address is unknown checkbox if this rule acting in a global capacity.
    capture consent
  8. Click Save.
  9. To create your first actual geolocation rule, from the rule group details page, click Add Rule.
    geo add rule
  10. You will now create the CCPA rule. The following table provides settings you need to make to be compatible with Beacon. Other changes can be made based on regulations for your targeted geographies.
    Form element Value
    Rule Name Provide a name
    Regions

    Select the geo-locations in which the rule should be applied. This can be regions, countries, or states.

    For CCPA, you would most likely want to include California, then any other desired regions like Colorado, Utah, Connecticut and Virginia.
    Template Choose the template created that was based on the CCPA framework.
    Cookie Categories Opt-out
    Capture Records of Consent Enabled
    Advanced Analytics Strictly Necessary Cookies
  11. Create the GDPR rule. Be sure to supply the following values to insure compatibility with Beacon. Other values can be set as needed to meet other regulations.
    Form element Value
    Rule Name Provide a name
    Regions

    Select the geo-locations in which the rule should be applied. This can be regions, countries, or states.

    For GDPR, you would most likely want to include Eu and United Kingdom, then any other desired regions.
    Template Choose the template created that was based on the IAB framework.
    Cookie Categories Opt-in
    Capture Records of Consent Enabled
    Advanced Analytics Strictly Necessary Cookies
  12. Create the Quebec Law 25 rule. Be sure to supply the following values to insure compatibility with Beacon. Other values can be set as needed to meet other regulations.
    Form element Value
    Rule Name Provide a name
    Regions

    Select the geo-locations in which the rule should be applied. This can be regions, countries, or states.

    For Quebec Law 25 include Quebec, then any other desired regions.
    Template Choose the template created that was based on the Quebec Law 25 framework.
    Cookie Categories Opt-in
    Capture Records of Consent Enabled
    Advanced Analytics Strictly Necessary Cookies
  13. Check to be sure your rules appear as follows, except of course, using your rule names.
    geo rules

Assign geolocation rules to domains

  1. In the left navigation, click Geolocation Rules.
  2. For the Geolocation Rule Group you created, click the ellipses icon and select Assign to Domains.
    rule group assign to domains
  3. Select the appropriate domains, then click Assign. These domains should match the URLs supplied by your DNS provider.
    rule group assign to domains confirm

Create and copy scripts

You will go through the process of generating the scripts twice. Once for test scripts, which are used in the non-production test CDN. Then once for the production CDN.

  1. From the Cookie Compliance index page:
    1. In the left navigation, click Scripts.
    2. Click the domain where your cookie compliance will be implemented.
      3. scripts index
  2. In the details screen for your domain, click Publish Test.
    publish test
  3. In the Test Website dialog:
    1. Set the script version to 6.32.0 (or the latest version).
    2. Click Confirm.
    test website confirm
  4. Ensure the settings are those in the following screenshot, then click Publish Test Scripts.
    publish test scripts dialog
  5. If a Live Preview dialog displays, click Cancel.
  6. Now in the top-right of the screen, click Publish Production.
  7. Update the script version to the latest, and click Confirm.
  8. Confirm settings as show in step 56, then click Publish.
  9. Click the Test Scripts tab, if not already selected.
    test scripts
  10. Click Copy Scripts.
    copy scripts
  11. Provide the scripts to Brightcove's OTT Delivery Team for proper deployment.

What data is collected?

Data is collected for the these main purposes:

  • App behavior
  • Analytics
  • Ad targeting

The steps above configured your system to address these general purposes:

Data Use(s)
Geo-filtering Location services
Device information (model, type, OS version) Login, trace actions, analytics, record favorites, etc.
Ad targeting Specified ads
Locale Number and date formatting, currencies
App information (name, version, errors) Reports on versions used, aggregated errors for proactive corrections, etc.
User navigation and use patterns Google analytics (navigation patterns), sign ups, count search, page opens, etc.
Local storage Persist credentials and login info, user application state, user settings, etc.

Standards body purpose definitions

The purposes for cookie data collection are very thoroughly defined in the IAB Europe Transparency & Consent Framework v2.0. The definitions can be found in Appendix A: Purposes and Features Definitions of the IAB Europe Transparency & Consent Framework Policies document.

The IAB Europe Transparency & Consent Framework v2.2 defines 11 purposes. The following table displays those used by Beacon.

Purpose Name
1 Store and/or access information on a device.
3 Create profiles for personalized advertising.
4 Use profiles to select personalized advertising.
7 Measure advertising performance.
8 Measure content performance