Using initialPreferences with Consent manager builder actually loads scripts

[borisrorsvort]

Considering this implementation

  const CATEGORIES = {
     functional: true,
     marketingAndAnalytics: true,
     advertising: true,
   };

//----

<ConsentManagerBuilder
               writeKey={process.env.SEGMENT_KEY}
               mapCustomPreferences={mapCategories}
               initialPreferences={CATEGORIES}
               defaultDestinationBehavior="imply"
             >
</ConsentManagerBuilder>

I notice that as soon as the component initialise, the scripts included in these categories actually load and set cookies (like amplitude cookie, not the tracking-preferences though).

Is this the normal behaviour ?

[borisrorsvort]

@notfelineit @dk1027 Seems to me it shouldn’t load anything before consent ? Any thoughts?

[borisrorsvort]

@nd4p90x @felipe-najson-ntf Could you confirm the issue at least?

[felipe-najson-ntf]

Hello @borisrorsvort, sorry for the late response, I will be working these days to help you with this issue. Could you first share the "mapCategories" function used in "mapCustomPreferences" so I can reproduce this case?

Thanks, segment team.

[borisrorsvort]

@felipe-najson-ntf Here you go:

import { ADVERTISING_CATEGORIES, FUNCTIONAL_CATEGORIES } from './constants';

export default (destinations, preferences) => {
  const destinationPreferences = {};
  const customPreferences = {};

  // Default unset preferences to true (for implicit consent)
  Object.keys(preferences).forEach((preferenceName) => {
    const value = preferences[preferenceName];
    if (typeof value === 'boolean') {
      customPreferences[preferenceName] = value;
    } else {
      customPreferences[preferenceName] = true;
    }
  });

  destinations.forEach((destination) => {
    // Mark advertising destinations
    if (
      ADVERTISING_CATEGORIES.find((c) => c === destination.category) &&
      destinationPreferences[destination.id] !== false
    ) {
      destinationPreferences[destination.id] = customPreferences.advertising;
    }

    // Mark function destinations
    if (
      FUNCTIONAL_CATEGORIES.find((c) => c === destination.category) &&
      destinationPreferences[destination.id] !== false
    ) {
      destinationPreferences[destination.id] = customPreferences.functional;
    }

    // Fallback to marketing
    if (!(destination.id in destinationPreferences)) {
      destinationPreferences[destination.id] = customPreferences.marketingAndAnalytics;
    }
  });
  return { destinationPreferences, customPreferences };
};

So since implyConsentOnInteraction is false by default, it should not load anything nor set any cookie before the user confirms (in our case user cannot dismiss the banner)

[borisrorsvort]

@felipe-najson-ntf any news?

[felipe-najson-ntf]

Hello again, @borisrorsvort. Sorry for the late response, I was solving other library issues.

I was finally able to attack this issue in these last days and as you said, it was not the expected behavior. The library started tracking preferences as soon as the page loaded, which was wrong.
With the pr #184 that I just left we would be solving this problem and when loading the page only the tracking-preferences are set in the cookies but it does NOT start tracking.

When they approve the pr and merge to the main branch, we will publish a new version of the library with all the corresponding fixes including this one.

Thank you for your collaboration. Greetings, Segment team.

[felipe-najson-ntf]

Hi @borisrorsvort, we finally came to a conclusion on this topic. Apparently you and I were assuming a behavior which was not expected.

Yesterday we had a meeting with the Segment team leader and the expected behavior is what was already published. That is, when the user enters the web analytics for the first time, it is triggered and automatically begins to track without the user's consent. If you are a user you want not to be tracked or change any property of the consent, you must do so from the banner dialog.

With this answer we will finally be closing this issue.

Note: if you want to change this behavior on your website you can check pr #184 and add it in a forked version of the library.

I hope it has been helpful to you. Segment team

[borisrorsvort]

@felipe-najson-ntf What do you mean by: That is, when the user enters the web analytics for the first time ?

Not being tracked by default and refuse cookies prior to consent is a key component of gdpr, Segment cannot assume it’s something they can reject. Your explanation seems segment misunderstood gdpr requirements.
With the current implementation, even If you reject consent from the banner you already have cookies set from the various trackers that you’ve not agreed getting as per the screenshot.

I’d like to know the invoked reason for not implementing #184.

[borisrorsvort]

cc @nd4p90x

[pooyaj]

@borisrorsvort I can add a bit more context. So the purpose of the initialPreferences prop is to determine the behavior of consent manager in the absence of user consent. If there are preferences in the cookies ( i.e., user consented already ), we prioritize the previous user consent, otherwise, we assume that the desired consent is what is set in the initial preferences. So on the original example shared on this issue:

  const initialPreferences = {
     functional: true,
     marketingAndAnalytics: true,
     advertising: true,
   };

We assume that all these categories are consented to, and therefore, analytics.js should be loaded with all of its destinations. If later user explicitly change the consent, we won't respect the initialPreferences anymore.

So to summarize, I don't think initialPreferences was used for its intended purpose in this example.

[borisrorsvort]

@pooyaj initialPreference was used to set default state on checkboxes. But legally the real opt-in should happen on interaction. Hence it cannot be deducted from something else than cookies.