What you’ll learn
As the digital world becomes increasingly prevalent in our personal and professional lives, the need for transparent and cohesive privacy and security measures has never been greater. In its spring ā22 release Salesforce unveiled its new tracking and consent JavaScript API. Setting it up and getting it to look and feel exactly as you’d like is not always straightforward. In this blog post, we’ll highlight the features of the new script and what to look out for when setting it up.Ā
Managing cookie and tracking consent with Pardot
To help regulate the collection, processing and handling of personal information, countries and other governing bodies establish directives, laws and other measures to help safeguard usersā personal data. The most well-known law is GDPRāGeneral Data Protection Regulation. In 2018, GDPR went into effect for all EU and EEAāEuropean Economic Area countries. It is currently the toughest privacy and security law in the world (1). The law impacts any business that collects data on any resident of a GDPR country. This means it has a big effect on much of the worldās businesses. Under GDPR, visitors need to have the ability to agree, or not, to website tracking.
Other countries, such as the United States and Canada, also enacted laws to give more visibility to how personal data is used. Under these laws, users need the ability to opt-in to email communications. Ideally, they should confirm the opt in, thus preventing unauthorized use of their email address. Confirmed opt in, also called double opt in, is often achieved with an email asking the user to confirm their recent addition to your email list, such as a newsletter. This blog post by BrainStation does a nice job highlighting the similarities and differences.
Until last year, Account Engagement didnāt address GDPR or tracking consent of first and third party cookies. It did, however, address security and privacy laws, such as CAN SPAM and CASL. By 2021, this lack of functionality was becoming a liability for Account Engagement. Platforms like HubSpot Marketing Hub and Marketo Sales Connect were relatively quick on the uptake to incorporate tracking and consent functionality.
Tracking opt-in preferences with Account Engagement
In its spring ā22 release Salesforce unveiled its new tracking and consent JavaScript API. The first step in setting up the API is via Account Engagement Settings and clicking the edit button on the top right.
Tick the box to activate the Tracking & Consent JavaScript API. By default, the maximum tracking cookie duration is just shy of 10 years (factoring in for roughly two leap years).
You now have more options for for your preferences, such as the message you would like to appear on your website banner and whether you would like to track visitors from all countries or from select countries or regions. The message is simple and straightforward and is not offered in multiple languages. The styling options are also rather limited, especially when compared to competitive products.
Iāve found itās easiest, and gives the greatest peace of mind, to request opt-in from all visitors before tracking them. I often see US clients whoāve only selected a request for opt-in for visitors from the EU, thinking that will cover GDPR. Itās not always possible to know if an EU resident is browsing from a different location. There are also other countries, such as Mexico and Nigeria, that require tracking consent, so theyād need to be considered if youāre aiming to only cater for countries with tracking consent requirements.
There is the option to manually select all of the countries you wish to obtain opt-in consent from. In the interest of time and, again, to ensure peace of mind, itās generally best to request opt-in from all visitors.
The Pardot cookie consent banner
Once the tracking JavaScript had been activated, it wasnāt exactly clear what the next steps were. Would some GDPR verbiage appear on our Pardot forms, like it does with HubSpot? Where would the opt-in banner appear and how would it look? We soon had our answer. The banner appeared only on Pardot landing pages, which made sense, and it was not the most visually appealing.
If you wish to use the Pardot consent banner on all your webpages, youāll need to do some modifications to the tracking code first. The code creates a tracker object and allows you to push various commands, such as page views, back to Pardot. Read more on how the JavaScript works here.
You can also interact with the tracker object and its associated commands outside of the tracking snippet. Salesforce provides a list of commands and syntax on their Tracking and Consent API Overview.
Once youāve created the tracker object, you can add some commands to your tracking snippet to call up the consent banner.
Single-page applications
The Salesforce API is now compatible with single-page applications, too. Simply put, a single-page application is a webpage that doesnāt require a complete page refresh to generate new content. The content is, instead, updated via JavaScript framework such as Angular, React and Vue. If youāve used Gmail or Facebook, youāve used a single-page application. The new API allows users to use Pardot with every type of web application, including a SPA.
Why itās a good idea to add a cookie consent banner to your website
Even if you feel confident your website doesnāt need to be concerned about GPR compliance, it can also help you address other regulatory issues, such as CCPA. While the California Consumer Privacy ActāCCPAāaddresses how usersā data is processed and stored, and doesnāt explicitly require cookie consent, the tracking and consent banner can address CCPA requirements with its links to your company privacy policy ad terms and conditions.
CCPA compliancy applies to a company that:
– Is operated for profit,
– Does business in California,
– Decides why and how personal information is processed, and
– Has one or more of these characteristics:
– Gross revenue of over $25 million per year, or
– Buys, sells, receives or shares personal information from over 100,000 consumers, households or devices per year, or
– Makes half or more of its revenue per year from sharing or selling personal information.
Summary
The demand of internet privacy and security is growing strong and is expected to do so for the foreseeable future. The use of third party cookies, including non-advertising cookies such as Google Analytics, necessitates the need for a cookie consent banner on any business website that does business with residents of the EU, Mexico, Nigeria and possibly other countries. Other regulations, such as CCPA, ensure businesses make certain disclosures about their data and privacy practices, by posting a privacy policy on their website. Marketing Cloud Account Engagement, aka Pardot, can help facilitate compliancy with its Tracking & Consent JavaScript API. This is an advanced feature of Pardot and requires working with a web admin. If youāre looking to add a cookie consent banner on your website and have questions or concerns, please feel free to reach out. Even if youāre not using Pardot, weāve experience working with third party cookie banners and consent plugins and can work with you to determine the best fit for your website and MAS needs.
Resources
(1) https://gdpr.eu/what-is-gdpr/
https://www.termsfeed.com/blog/cookie-consent-outside-eu/
https://en.wikipedia.org/wiki/Single-page_application
https://developer.salesforce.com/blogs/2022/02/how-to-work-with-pardots-new-tracking-consent-javascript-api
https://brainstation.io/blog/a-comparison-of-can-spam-casl-and-gdpr
About the Pardot rename
In April 2022, Salesforce announced the rebrand of Pardot to Marketing Cloud Account Engagement. While the rebrand unfolds and the world adapts to the new nomenclature, we'll typically keep the Pardot name in our blog posts.
There are several permutations of the new name being thrown about, so you may see us use any one of them as things evolve:
- Pardot
- Marketing Cloud Account Engagement
- Marketing Cloud Account Engagement (Pardot)
- MCAE
- MC Account Engagement
- Account Engagement by Pardot
0 Comments