Consent Enforcement
Datafly Signal enforces user consent at two stages in the event pipeline: once at ingestion and again at delivery. This two-stage approach ensures that consent is respected even when a user’s consent state changes between the time an event is collected and when it is delivered to a vendor.
Two-Stage Enforcement
Browser → Datafly.js (reads consent state)
→ Ingestion Gateway (Stage 1: consent check)
→ Kafka → Event Processor → Kafka
→ Delivery Workers (Stage 2: consent re-check)
→ Vendor APIStage 1: Ingestion
When the Ingestion Gateway receives an event, it reads the consent state from the event’s context.consent object. If consent is not granted for any required category, the event is tagged but still ingested — it enters Kafka and can be processed for analytics purposes.
Stage 2: Delivery
When a Delivery Worker is about to send an event to a vendor, it re-checks the user’s consent state. This second check queries the most current consent state from Redis (updated in real time by Datafly.js when consent changes).
If consent has been revoked between ingestion and delivery, the event is dropped and not sent to the vendor. The drop is recorded in the delivery logs.
The two-stage model prevents a race condition where a user grants consent, triggers an event, then revokes consent before the event is delivered. Without the second check, the event would reach the vendor despite the user having withdrawn consent.
Consent Categories
Datafly Signal supports four standard consent categories:
| Category | Description | Typical Vendors |
|---|---|---|
analytics | Analytics and measurement | Google Analytics, BigQuery |
marketing | Marketing and email | LinkedIn, Webhook (CRM) |
functional | Functional and personalisation | Custom integrations |
advertising | Advertising and retargeting | Meta, Google Ads, TikTok, Pinterest, Snapchat, The Trade Desk |
Categories are configurable per integration. When you create an integration, you specify which consent categories are required:
{
"type": "meta_capi",
"name": "Meta CAPI",
"consent_categories": ["advertising", "marketing"],
"config": { ... }
}This means events will only be delivered to Meta if the user has granted consent for both advertising and marketing.
Consent State in Events
Datafly.js reads consent state from the user’s consent management platform (CMP) and includes it in every event:
{
"type": "track",
"event": "Product Viewed",
"properties": { ... },
"context": {
"consent": {
"analytics": true,
"marketing": false,
"functional": true,
"advertising": false
}
}
}| Field | Type | Description |
|---|---|---|
context.consent.analytics | boolean | Whether the user has granted analytics consent |
context.consent.marketing | boolean | Whether the user has granted marketing consent |
context.consent.functional | boolean | Whether the user has granted functional consent |
context.consent.advertising | boolean | Whether the user has granted advertising consent |
Consent Management Platform Integration
Datafly.js integrates with popular consent management platforms to automatically read consent state:
OneTrust
<script src="https://data.example.com/d.js"
data-pipeline-key="dk_live_abc123"
data-consent-provider="onetrust">
</script>Datafly.js listens for OneTrust’s OptanonWrapper callback and maps OneTrust group IDs to Datafly consent categories.
Cookiebot
<script src="https://data.example.com/d.js"
data-pipeline-key="dk_live_abc123"
data-consent-provider="cookiebot">
</script>Datafly.js listens for Cookiebot’s CookiebotOnConsentReady event and reads consent state from Cookiebot.consent.
Custom Consent Manager
For custom or unsupported CMPs, provide consent state directly via the SDK:
_df.setConsent({
analytics: true,
marketing: false,
functional: true,
advertising: false
});Call _df.setConsent() whenever consent state changes (e.g., when the user updates their preferences). The new state is included in all subsequent events and pushed to Redis for the delivery-time re-check.
Per-Integration Consent Mapping
Each integration specifies which consent categories are required. The Delivery Worker evaluates the event’s consent state against the integration’s required categories:
| Integration | Required Categories | User Consent | Result |
|---|---|---|---|
| GA4 | ["analytics"] | { analytics: true } | Delivered |
| Meta CAPI | ["advertising"] | { advertising: false } | Dropped |
| Google Ads | ["advertising", "marketing"] | { advertising: true, marketing: true } | Delivered |
| Webhook (CRM) | ["marketing"] | { marketing: false } | Dropped |
The rule is: all required categories must be true for the event to be delivered.
If no consent_categories are configured on an integration, all events are delivered regardless of consent state. Always configure consent categories for integrations subject to GDPR, CCPA, or other privacy regulations.
Consent Revocation
When a user revokes consent:
- Datafly.js detects the change (via CMP callback or
_df.setConsent()call). - The updated consent state is sent to the Ingestion Gateway.
- The gateway updates the consent state in Redis, keyed by anonymous ID.
- Any Delivery Workers processing events for this user will read the updated consent state from Redis at delivery time.
- Events that no longer meet the consent requirements are dropped.
User revokes advertising consent
→ _df.setConsent({ advertising: false })
→ POST /v1/consent → Ingestion Gateway → Redis update
→ Delivery Worker reads Redis → advertising: false
→ Meta CAPI event → DROPPED
→ GA4 event (analytics only) → DELIVEREDConsent Audit Trail
Consent state is included in every event payload, creating a built-in audit trail. For each event delivered to a vendor, you can verify:
- What consent the user had granted at the time of the event.
- What consent categories the integration required.
- Whether the event was delivered or dropped.
This information is visible in the Management UI under Sources > Live Events and in the Audit Logs.
For regulatory compliance, export event data with consent state to your data warehouse using the BigQuery, Snowflake, or S3 integrations. This provides a permanent, queryable record of consent for each user interaction.