How To: Manage Cookie Consent In Adobe Analytics

25 Jan 2023

How to mature cookie consent using  Adobe Analytics

Privacy requirements are changing. 

Between GDPR legislation, Google sunsetting third-party cookie support, and users’ demands for more control over their data, things are getting very interesting in the consent space.

Cookies in Adobe Analytics. The EU is known for having the most restrictive privacy regulation in the world.

For companies using Adobe Analytics to track visitor data, these changes are an opportunity, not an obstacle. The changes also affect companies with in-house consent management processes, as those build-it-yourself solutions could be non-compliant. 

Maturing your cookie consent strategy has several benefits:

  • Improved customer experience
  • Rapid compliance
  • Consolidated data collection
  • Catalyses migration to first-party cookies
  • Scalable for growing audiences
  • More granular third-party cookie control

We’ll revisit these in more detail as we break down how to use Adobe Analytics, Adobe Data Collection, and the Adobe Experience Platform to manage cookie consent.

Managing cookie consent with Adobe Analytics and Adobe Data Collection

Adobe Data Collection (part of the Experience Platform) and Adobe Analytics determine which data to collect and from which pages, based on a user’s consent preferences. They also work together to deploy analytics, marketing and advertising functionality.

Note: Adobe Launch was rolled into Adobe Experience Platform in 2021. Keep this in mind if you see literature referring to Launch.

There are two main ways to architect this trust exchange. One is by using a third-party integration like OneTrust. The other is with an Adobe opt-in object. 

1. OneTrust integration

OneTrust is a third-party consent management platform (CMP) that handles user consent for Adobe and non-Adobe services.

We have used OneTrust to simplify rule building in Adobe Analytics for enterprise-sized clients.  

It’s the industry standard CMP. So much so that Adobe mentions it by name in their customer consent literature. In particular, brands looking to move from basic (in-house) cookie consent to a streamlined platform usually find OneTrust to be a great solution.

It works like this:

  • Users set their preferences in a pop-up
  • OneTrust records which cookies the user opts in and out of
  • If the user consents to cookies, OneTrust passes the preference data to Adobe Analytics using a dedicated JavaScript variable
  • If the user doesn’t consent, OneTrust securely stores that information and blocks data collection 


The JavaScript key tells the service to fire if a user consents to cookies. If they don’t consent, you can use a script-blocking rule to fire some, none, or all cookies. 

Crucially, this needs to happen on every page, and it needs to happen first.

This is the big advantage of OneTrust as a CMP. You have greater control over cookies for Adobe and third-party services. OneTrust also integrates with a huge range of third-party applications to embed privacy management within existing workflows.

There is, however, one caveat. OneTrust doesn’t currently provide location information at the user level, only the domain level. So if a user from France visits your US domain, OneTrust (and Adobe services) could track their behaviour according to CCPA rules, thereby violating GDPR. 

2. Adobe opt-in object

Adobe opt-in is an extension of the Experience Cloud ID (ECID) you can use to:

  • Determine if you can set a cookie on the user’s device
  • Control which Experience Cloud solutions can set cookies
  • Set protocols to integrate with your CMP
  • Specify if a visitor integrates with all Adobe solutions at once or in sequence
  • Retrieve approvals from the CMP

So far, so good.

But there’s one big limitation: Opt-in only deals with Adobe services. It doesn’t support or store a user’s cookie preferences for third-party services. You still need a CMP to handle these.

How to implement cookie consent in a tag manager

You might have guessed that we prefer the OneTrust approach at TAP CXM. There are a few reasons why:

  • OneTrust is a simple and reliable CMP from the user’s point of view
  • Clients can proactively migrate towards first-party data collection 
  • OneTrust provides more granular cookie control
  • We’re JavaScript nerds

That last one is important. Making cookie consent work requires detailed knowledge of the layers and dependencies within an organisation’s information architecture.

However, to avoid turning this into a step-by-step guide to building rules in Adobe Analytics, we’ll zoom out and cover the broad strokes.

Step 1: Strategy

Cookie consent impacts everything from advertising revenue to audience segmentation to dynamic content, so it’s an important project.

Before embarking on a cookie consent maturity project, collaborate internally to ensure your organisation is aligned on the reasons, benefits, and costs. 

In particular, map out the relevant legal requirements. That includes GDPR in Europe, CCPA in the USA, plus region-specific privacy regulations.

Step 2: Architecture

Once you can answer the why and who, move on to how.

For example, we architected a three-layer approach for a global client.  (Keep in mind that the solution reflected their unique needs. It may not mirror yours.)

The core components that work together are:

    • OneTrust: The user-facing CMP serving a warm plate of cookie consent options and collecting user-defined preferences 
    • Adobe Data Collection: A data collection mid-layer that tracks visitor behaviour, managing tags, and interfacing with Adobe Analytics
  • Adobe Analytics: The analytics platform bringing all the data together to generate value-adding insight

In this case, we used Adobe Experience Platform Tags as the dedicated tag manager.


Feel free to reach out to TAP CXM for help determining the cookie consent process and requisite platforms.

Step 3: Write the rules

Now let’s address the what of cookie consent.

This step looks different for every organisation depending on the strategy and systems involved, plus applicable regulations.

For example, integrating OneTrust, Adobe Data Collection, and Adobe Analytics requires those JavaScript keys that deploy cookies and fire services like tracking beacons and advertising tags.

But if you’re using the Adobe opt-in approach, the process that communicates a user’s preferences to the platform (and the resulting services that fire) is quite different.

You also need to decide which flavour of cookie consent suits your visitors:

  • Informational cookies tell visitors that cookies on the site track their behaviour; their only choice is to consent or leave the site
  • Opt-out cookies automatically opt visitors in; they need to manage their own preferences
  • Opt-in cookies automatically opt visitors out; they can choose to consent to tracking 

It’s important that the user knows what type of cookie they’re allowing and how their data will be used. Be transparent with this information so users remain in control of their data:

  • Strictly necessary cookies enable basic website features and can’t be denied
  • Functional cookies remember a user’s preferences to provide customised content
  • Targeting or advertising cookies collect data to serve relevant ads based on their preferences
  • Performance cookies anonymously collect usage information to report on a website’s performance

Step 4: Build the rules

Cookie consent in Adobe Analytics uses a rules-based logic.

However, the work actually takes place in the Adobe Experience Platform tag manager, previously known as Adobe Launch. This is where you create the rules that determine whether a user sees the cookie consent banner, and what happens when they click around your site.

The advantage of using a tag manager is the flexibility to make minor changes to tracking and analytics without major website upgrades.

Step 5: Pop-up

We can’t understate the importance of a user-friendly cookie consent pop-up. Users don’t enjoy pop-ups by default, so try to make yours as unintrusive and streamlined as possible.

However, at the same time, you need to be transparent and comprehensive with cookie preferences. Users should be fully informed and in control.

Step 5.5: Testing

Test for user acceptance and back-end stability.

Test often, test repeatedly, and test strenuously, cycling through steps 3-5 until the system is humming. Then test a little more.

Expect this stage to take a while. Continually test and refine after deploying your cookie consent framework, because there’s no such thing as perfect in this business.

Black young woman professional photo

If you're facing difficulties with cookie consent or need assistance with your Adobe Analytics configuration, don't hesitate to contact TAP CXM and talk to one of our experts now

What happens if you don’t have a cookie consent strategy?

GDPR violation

Cookies are only one part of the consent equation. More specifically, tracking beacons are the only thing blocked when users decline cookies using a standard CMP.

User data could still be collected, depending on what other tags and scripts are firing in the background.

Visitors are misled by the not-quite-cookie-consent terminology, which violates GDPR regulations.

Functionality fail

Adobe Data Collection stores user preferences to determine which services fire for a visitor. So if there’s no way to opt-out, remaining GDPR compliant means turning off every service that could constitute tracking or advertising.

Obviously, this isn’t a good result for anybody.

Users receive a jarringly impersonal experience, and brands miss out on behaviour data, the gold dust driving marketing decisions. 

But here’s the good news…

TAP CXM are seasoned experts in consent management. We consult with companies to understand their current cookie consent process and design, build, implement and improve a more mature solution.

It’s all part of improving customer experiences for brands who want to do better.

If you’re crumbling under the pressure of cookie consent, or need an expert to (choc) chip in on your Adobe Analytics setup, contact TAP CXM to speak with a platform specialist.

Sign up to our newsletter

Related posts