Member Sign In


SEO, Content Creation, Marketing

A Customer-centric Approach to Consent Management for Aura-Soma

A Customer-centric Approach to Consent Management for Aura-Soma header image

The Challenge

Aura-Soma’s goal is for their wellness products to help every person fulfil their potential. It was this focus on wellbeing that fuelled their desire to put the decision about tracking their customers’ behaviour in the hands of their customers.

Our expertise was sought to identify and implement a Consent Management Platform (CMP) that mirrored Aura-Soma’s focus; used a future-proofed implementation to align with how privacy laws are evolving; and maintained data accuracy, which was of paramount importance to successful marketing.

Our Approach: Consent Framework & Consent Management Platform Implementation

Identifying the Right CMP: Cookiebot

After we identified Aura-Soma’s platform criteria, our CMP research found Cookiebot was most suitable because it met criteria like:

>Consent logs: This is a compliance requirement of all tools, but it keeps logs of consent that users have given for their data to be collected. Should a user ever ask about their data, the logs will provide the information

>Accessibility: Supports users using assistive software

>Multi-language consent banner: This was essential because Aura-Soma operates worldwide

>Geo-targeted consent management: The banner adapted to the regulations in the user’s location, e.g. the California Consumer Privacy Act (CCPA) when the user was in California

>Development aligned with compliance laws: Actively develops the product as compliance laws change and is one of the first to launch new features

>Cookie policy maintenance: Constantly scans for new tags/tracking and then populates a cookie policy table for you, to keep it up-to-date

>Scalability: Additional domains could be added to the Cookiebot plan, should the business expand

Outlining the Customer-centric Approach

We’ve all seen an increased customer-first approach to privacy laws as they’ve continued to evolve to focus on giving customers control over what data is/isn’t collected about them. Enabling cookies to be set and tools to work, only when a user gives their consent, is another step in this direction.

CMPs offer two options for configuring your site’s tools to adhere to users’ consent preferences, i.e. automatic/default mode and manual/custom mode. We use the latter because:

>It’s in line with how data collection laws are evolving, which helps future-proof the approach

>It puts the customer at the centre of what, how, and why their data is collected – we believe this is most important!

Automatic/default Mode:

This takes a cookie-centric approach, which is severely flawed because it deletes the cookies, but sets them in the first place, which isn’t in accordance with privacy laws as we understand them.

It also makes data accuracy a lot worse because it creates a new user with each cookie, which causes:

>‘Bounce rate’ to increase significantly because every page is a bounce

>‘Pages per session’ to drop to 1

>‘Avg. session duration’ to decrease

>Your landing page report to be skewed, e.g. second and third pages are listed as landing pages

A further reason to avoid this approach is that tools change their cookies (e.g. what information the tool collects), so you can’t easily track cookies and their changes.

Manual/custom Mode:

This takes a customer-centric approach because it ensures technology respects users’ preferences. The compliance comes from the tool only setting a cookie when a user gives their consent, not that a cookie is set and then deleted (like in the cookie-first approach above).

Implementing Cookiebot

Aura-Soma had a mix of hardcoded tracking and tags managed in Tag Manager, as well as a range of Google and non-Google tags. Therefore, we opted for a blended implementation that used:

>Hardcoded installation of the Cookiebot script

>Hardcoded script amendments

>Google’s consent mode

>Tag amendments

Hardcoded scripts for tools were amended to include the appropriate tool category, i.e. ‘necessary’, ‘preferences’, ‘statistics’ or ‘marketing’. This told Cookiebot which category each tool belonged to, which ensured a tool only fired when the user consented to the corresponding tool category.

Google’s ‘Consent Mode’ solution tells Google tags and scripts whether a user has given their consent to data being collected through cookies being set. If a user did not consent, the Google tags and scripts would not set cookies, but they’d still record the anonymised hit, e.g. an anonymous visit to your website. As stated by leading data industry expert Simo Ahava, ‘Most likely Google will at some point build actionable data out of the cookieless data set as well, perhaps after applying extensive modelling to make it align with the data that was collected with storage consent.’ So, we can expect ‘Consent Mode’ to evolve over time and provide additional, valuable data in the future, which is why it was chosen to be part of our solution.

Firing triggers in Tag Manager were configured for each tool category and the tags were then configured to use them. This meant all non-google tags adhered to users’ consent choices using Cookiebot’s hardcoded banner script and our categorisation of cookies. The hardcoded banner script ensured the banner was served to users upon page load, which allowed them to set their tool preferences, enabling the consented tags to fire.

The Results

Once implemented, our solution enabled Aura-Soma to have peace of mind that they now had:

>A future-proofed, customer-centric framework to consent management

>A CMP that allowed customers not be tracked, if that was their choice

>Maintained data accuracy

>A website that meets the compliance requirements of all countries, e.g. GDPR and CCPA

Find Out More