Consent Management: Configuring Privacy Notices

In this tutorial, we'll review privacy notices and how they're created, updated, and served to visitors based on location.

After reading this, you'll be familiar with how data uses from the previous section automatically generate privacy notices, as well as how to create and manage your own custom privacy notices.

Prerequisites

For this tutorial you'll need:

• A Fides Cloud or Fides Enterprise account
• The role of Owner or Contributor for your Fides organization.
• At least one system with a data use on your data map. Read how to add systems to the Data Map now.

What are Privacy Notices?

A privacy notice in Fides is the text displayed to a visitor explaining your data processing activities. Depending on what you use the data for, this may require consent or simply that the visitor is clearly notified of how you use their data.

Fides simplifies compliance for privacy notices by monitoring your data map and automatically creating the appropriate notices and location targeting based on how your organization uses personal data.

Next, we'll view and customize automatically generated privacy notices and how to create custom privacy notices from scratch.

Learn more about privacy notice fundamentals here.

Viewing and Managing Privacy Notices

To view privacy notices in Fides, navigate to Consent → Privacy notices where you will see a list of currently configured privacy notices based on the data uses specified by your data map.

Each item on the list of privacy notices is comprised of a title, mechanism, locations, last update, status, and a toggle to enable the notice. Let's review these briefly:

• Title: the title of the notice, typically the same title as presented to your visitor.
• Mechanism: the consent mechanism for the privacy notice.
• Locations: the locations this privacy notice will be displayed.
• Last update: the last time the privacy notice was modified.
• Status: the status of a notice. Available status options:
  • Enabled: Notice is enabled and viewable for website consumers.
  • Available: Notice can be enabled.
  • Inactive: Notice cannot be enabled because there is no system with the mapped data use configured.
• Enable: a toggle to activate or deactivate the privacy notice.

Creating a Privacy Notice

Click Add a privacy notice + to create a new notice as shown below:

Creating or Updating a Privacy Notice

Click on any privacy notice to view and edit the notice's details or create a new notice from scratch.

From here, you can set the three components of a privacy notice:

1. Privacy Notice Details: the privacy notice information display to your visitor.
2. Consent Mechanism: the method of consent for this privacy notice.
3. Privacy Notice Configuration: the privacy notice's configuration settings.

Let's review each privacy notice configuration component:

Privacy Notice Details

Privacy notice details are the information displayed to the visitor when the notice is presented.

As shown in the screenshot below, you can configure:

• Title: the title of the privacy notice displayed to the visitor.
• Privacy notice: the detailed text of the notice displayed to the visitor.

Consent Mechanism

The consent mechanism allows you to configure which type of consent is used for the privacy notice.

Let's review each configuration option for consent mechanisms:

Method of Consent

The method of consent to apply to this notice from the following options:

• Opt-In: explicitly require the user to opt-in to the processing of their personal data.
• Opt-Out: the user may opt-out of the processing of their personal data.
• Notice only: this privacy notice does not require consent, simply a notification.

Enforcement Level

Enforcement of the consent can happen on different levels. Enforcement level dictates where the notice should trigger on your system:

• Front end: suppressing data processing for front end systems, like pixels, tags, and cookies.
• System wide: suppressing front end data processing, and back end or server side data processing.
• Not applicable: in the case of notice only, there is no enforcement of suppression required.

GPC Signal

Toggle whether this privacy notice should conform and respond to the Global Privacy Control. Learn more about the Global Privacy Control here.

Privacy Notice Configuration

The privacy notice configuration is used to configure: data uses associated with the privacy notice, locations in which to display the notice, a unique key for cookie consent configuration, and which privacy experience to use to display the notice.

Data Uses

You can configure the data uses associated with the privacy notice. Typically, Fides relies on the default data uses but you can add to these at any time. Read about modifying data uses in the taxonomy here.

Description

Allows you to set a description of the data notice only visible to internal users of your organization.

Location

Defines the locations in which this privacy notice will be displayed. Locations are based on ISO country and state codes (opens in a new tab).

Cookie Key

Fides allows you to create custom, unique cookie keys that are used to configure front end consent enforcement in your tag manager.

The cookie key is used to identify the visitors preferences for the specific privacy notice. For example, if a visitor opted out of Data Sales and Sharing, the cookie on their browser would have the value: data_sales_and_sharing set to false. Learn how to configure front end consent here.

Privacy Experience

You can select the privacy experience that this notice should use to be displayed from the following:

• Privacy Center: display in the privacy center typically available at https://privacy.your-brand.com
• Overlay: display in the overlay and associated pop up.
• API Only: only make this privacy notice available to be set by API, helpful for mobile app-only configurations.

Next, we'll configure privacy experiences for our available notices.