OneTrust Cookie Management

Table of Contents

• Overview
• Cookie Categories Overview
• Setting Up Cookie Categories
• Cookie Inventory Management
• Cookie Blocking Rules
• Privacy Signal Configuration
• Cookie Consent Management
• Testing and Validation
• Best Practices
• Common Issues and Solutions
• Monitoring and Maintenance
• Related Documentation

---

Overview

Proper cookie management is the foundation of effective consent management. This guide covers how to set up and configure cookie categories, create comprehensive cookie inventories, and establish proper blocking rules in OneTrust.

Cookie Categories Overview

Standard Cookie Categories

OneTrust provides several standard cookie categories that align with privacy regulations:

1. Necessary/Strictly Necessary

   • Essential for website functionality
   • Cannot be disabled
   • Examples: session cookies, security cookies, load balancer cookies

2. Analytics/Performance

   • Website analytics and performance monitoring
   • Requires user consent
   • Examples: Google Analytics, performance monitoring tools

3. Marketing/Advertising

   • Marketing campaigns and advertising
   • Requires explicit consent
   • Examples: ad networks, retargeting pixels, social media pixels

4. Functionality

   • Enhanced website functionality
   • Requires user consent
   • Examples: language preferences, shopping cart, user preferences

5. Personalization

   • Personalized user experience
   • Requires user consent
   • Examples: product recommendations, personalized content

Setting Up Cookie Categories

Step 1: Access Cookie Management

1. Navigate to OneTrust Admin

   • Go to Admin → Data Governance → Cookie Compliance
   • Or use: https://yourcompany.onetrust.com/app/admin/

2. Access Cookie Categories

   • Go to Cookies → Cookie Categories
   • View existing categories
   • Create new categories if need

Step 2: Configure Category Settings

1. Category Properties

   • Name: Clear, descriptive name
   • Description: Explain what the category includes
   • Purpose: Legal purpose for data collection
   • Retention Period: How long cookies are stored

2. Consent Requirements

   • Consent Required: Whether user consent is need
   • Default State: Initial consent state
   • Consent Text: Clear explanation for users

3. Privacy Signal Handling

   • Respect GPC Signal: Whether to respect Global Privacy Control
   • Respect DNT Signal: Whether to respect Do Not Track
   • Signal Actions: What to do when signals are detected

Step 3: Create Custom Categories

If the standard categories don't meet your needs:

1. Identify Custom Needs

   • Review your specific use cases
   • Consider industry requirements
   • Align with privacy regulations

2. Create Custom Category

   • Click "Add Category"
   • Set appropriate properties
   • Configure consent requirements
   • Set privacy signal handling

Cookie Inventory Management

Step 1: Automatic Cookie Scanning

1. Enable Cookie Scanning

   • Go to Cookies → Cookie Scanning
   • Configure scanning settings
   • Set scanning frequency

2. Run Initial Scan

   • Scan your entire website
   • Include all pages and subdomains
   • Review scan results

Step 2: Manual Cookie Addition

1. Add Undetected Cookies

   • Manually add cookies not detected by scanning
   • Include third-party cookies
   • Add cookies from external services

2. Cookie Information

   • Name: Exact cookie name
   • Domain: Where cookie is set
   • Purpose: What the cookie does
   • Duration: How long it persists
   • Third Party: Whether it's from external domains

Step 3: Cookie Categorization

1. Assign Categories

   • Categorize each cookie appropriately
   • Consider the cookie's purpose
   • Align with privacy regulations

2. Review Categorization

   • Ensure accurate categorization
   • Check for misclassified cookies
   • Validate with legal team if need

Cookie Blocking Rules

Step 1: Enable Automatic Blocking

1. Script Management

   • Go to Scripts → Script Management
   • Enable "Automatic Script Blocking"
   • Configure blocking behavior

2. Cookie Blocking

   • Enable cookie blocking for non-necessary categories
   • Set blocking rules for each category
   • Configure blocking exceptions

Step 2: Category-Level Blocking

1. Necessary Cookies

   • Blocking: Never blocked
   • Consent: Not required
   • Purpose: Essential functionality

2. Analytics Cookies

   • Blocking: Blocked until consent
   • Consent: Required
   • Purpose: Website analytics

3. Marketing Cookies

   • Blocking: Blocked until consent
   • Consent: Required
   • Purpose: Marketing and advertising

4. Functionality Cookies

   • Blocking: Blocked until consent
   • Consent: Required
   • Purpose: Enhanced functionality

5. Personalization Cookies

   • Blocking: Blocked until consent
   • Consent: Required
   • Purpose: Personalization

Step 3: Advanced Blocking Rules

1. Conditional Blocking

   • Block based on user location
   • Block based on user type
   • Block based on page context

2. Dependency Management

   • Handle script dependencies
   • Manage cookie dependencies
   • Configure fallback behaviors

Privacy Signal Configuration

Step 1: Global Privacy Control (GPC)

1. Enable GPC Processing

   • Go to Settings → Privacy Signals
   • Enable "Process GPC Signals"
   • Configure default behavior

2. Category-Level GPC Settings

   • Necessary: Usually "Allow" (required for function)
   • Analytics: "Block" when GPC detected
   • Marketing: "Block" when GPC detected
   • Functionality: "Block" when GPC detected
   • Personalization: "Block" when GPC detected

Step 2: Do Not Track (DNT)

1. Enable DNT Processing

   • Enable "Process DNT Signals"
   • Configure DNT behavior
   • Set up response rules

2. Category-Level DNT Settings

   • Configure each category to respect DNT
   • Set appropriate actions for each category
   • Test DNT signal handling

Cookie Consent Management

Step 1: Consent Collection

1. Consent Banner

   • Configure banner appearance
   • Set consent options
   • Configure consent text

2. Consent Options

   • Accept All: Accept all cookies
   • Reject All: Reject non-necessary cookies
   • Customize: Allow granular control
   • Save Preferences: Save user choices

Step 2: Consent Storage

1. Storage Configuration

   • Configure cookie storage
   • Set storage duration
   • Configure storage domain

2. Consent Persistence

   • Ensure consent persists across sessions
   • Handle consent updates
   • Manage consent withdrawal

Step 3: Consent Renewal

1. Renewal Triggers

   • Set renewal frequency
   • Configure renewal conditions
   • Handle consent expiration

2. Renewal Process

   • Show renewal banner
   • Collect updated consent
   • Update stored preferences

Testing and Validation

Step 1: Functional Testing

1. Cookie Blocking

   • Verify cookies block without consent
   • Verify cookies load with consent
   • Test category-specific blocking

2. Consent Management

   • Test consent collection
   • Verify consent storage
   • Test consent updates

Step 2: Privacy Signal Testing

1. GPC Testing

   • Use GPC browser extensions
   • Verify GPC signal respect
   • Test category-level GPC handling

2. DNT Testing

   • Enable DNT in browser
   • Verify DNT signal respect
   • Test category-level DNT handling

Step 3: Compliance Testing

1. Regulatory Compliance

   • Verify GDPR compliance
   • Verify CCPA compliance
   • Check other applicable regulations

2. Technical Compliance

   • Verify cookie categorization
   • Check blocking effectiveness
   • Validate consent management

Best Practices

1. Accurate Categorization

• Categorize cookies based on actual purpose
• Don't misclassify cookies to avoid consent
• Regularly review and update categorizations

2. Clear User Communication

• Use clear, understandable language
• Explain what each category does
• Provide examples of cookies in each category

3. Regular Maintenance

• Regularly scan for new cookies
• Update cookie information
• Review and update categories

4. Testing and Validation

• Test regularly in different browsers
• Validate with privacy tools
• Monitor for compliance issues

Common Issues and Solutions

Issue 1: Cookies Not Being Blocked

Cause: Automatic blocking not enabled or rules not configured Solution: Enable automatic blocking and configure blocking rules

Issue 2: Incorrect Categorization

Cause: Cookies categorized incorrectly Solution: Review and recategorize cookies based on actual purpose

Issue 3: Privacy Signals Not Working

Cause: Privacy signal handling not configured at category level Solution: Configure GPC and DNT handling for each category

Issue 4: Consent Not Persisting

Cause: Storage configuration issues Solution: Check storage settings and browser configuration

Monitoring and Maintenance

1. Regular Audits

• Monthly cookie inventory reviews
• Quarterly categorization audits
• Annual compliance reviews

2. Performance Monitoring

• Monitor cookie blocking effectiveness
• Track consent rates by category
• Monitor user experience impact

3. Compliance Monitoring

• Monitor regulatory changes
• Update cookie management accordingly
• Ensure ongoing compliance

Related Documentation

• Getting Started with OneTrust
• Script Blocking
• Privacy Signals
• Common Issues

---

Rember: Proper cookie management is essential for compliance and user trust. Take the time to categorize cookies accurately and configure blocking rules properly.