SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Enforce and Validate User Consent in Segment Event Payloads Using Source Insert Functions

Issue

Some platforms may send events to Segment with incorrect or outdated user consent states, resulting in data being processed or routed to destinations against the user’s actual preferences. Customers need a way to ensure that the consent information in each event payload matches the true, current consent preferences of the user.

 

Product

Twilio Segment

 

Environment

Segment Console

 

Cause

Segment does not maintain a central database of user consent preferences. Instead, it relies on the your Consent Management Platform (CMP) to stamp the current consent state onto each event payload. If a source sends incorrect consent data, Segment will process the event as-it-is, potentially leading to privacy or compliance issues.

 

Resolution

To enforce correct consent validation and prevent events with mismatched consent from reaching downstream destinations, follow these steps:

  1. Integrate a Consent Management Platform (CMP):
    Ensure your CMP (such as OneTrust or a custom solution) is responsible for managing and updating user consent preferences.

  2. Stamp Consent on Events:
    Configure your CMP or wrapper to attach the current consent state as a consent object on every event payload sent to Segment.

  3. Implement a Source Insert Function:

    • Use a Source Insert Function in Segment to inspect each incoming event.
    • Write custom logic to send an HTTP request to your own service or cache that stores user consent preferences.
    • Compare the consent in the event payload with the stored consent for that user.
    • If there is a mismatch, use throw new DropEvent('Consent mismatch') to drop the event and prevent it from reaching any destinations.

  4. Monitor and Audit:

    • Use the Source Debugger and Segment Inspector to verify that all incoming events contain the correct consent object.
    • Regularly audit your setup to ensure the CMP integration is firing the appropriate consent update events.

 

Additional Information 

  • Device-mode destinations can bypass Segment’s server-side enforcement. Where possible, use cloud-mode destinations for stricter control.
  • Mapping all destinations to consent categories and using Destination Filters with FQL can provide an additional safety net.
  • Custom Source Insert Functions may increase function usage and associated costs; consider optimizing your logic or consulting with a Solutions Architect for complex implementations.
  • For more details, see Segment Consent Management documentation.

 

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk