- Optimizely Web Experimentation
- Optimizely Personalization
Optimizely Experimentation provides several options that you can use to support different General Data Protection Regulation (GDPR) implementations in your Optimizely Web Experimentation or Optimizely Personalization projects.
This document is for informational purposes only and does not constitute legal advice. Readers should seek legal advice before taking action concerning the matters discussed herein.
You must use explicit consent for first and third-party marketing cookies. These methods apply to the following EU countries and work well:
- Austria
- Belgium
- Czech Republic
- Denmark
- Finland
- France
- Germany
- Ireland
- Italy
- Lithuania
- Luxembourg
- Portugal
- Sweden
- Switzerland
It may not apply to other EU countries, which do not require explicit consent for first-party cookies:
- Spain
- The Netherlands
- Norway
- Poland
- Bulgaria
- Croatia
- Latvia
- Romania
- Global
Option 1: Disable Optimizely by default
Disable Optimzely from running automatically by calling the optOut
API or executing Optimizely's disable
API call.
Use the optOut
API
Use the optOut
API to opt a visitor out of Optimizely tracking by disabling Optimizely Web Experimentation or Optimizely Personalization. You must execute the API call before the Optimizely snippet runs to stop Optimizely Experimentation or Optimizely Personalization from executing on the first page load.
- Add the following code above the Optimizely snippet to set the
optimizelyOptOut
cookie or use theoptOut
API. A common implementation for theopt-out
API option is to set the cookieoptimizelyOptOut
through a consent manager.
function getCookie(name){
var match = document.cookie.match(name + '=([^;]*)');
return match ? match[1] : undefined;
}
if (!getCookie('consent')) {
window["optimizely"].push({
"type": "optOut",
"isOptOut": true
});
} - Load the Optimizely snippet as normal.
- Optimizely immediately checks for the
optimizelyOptOut
cookie. If the cookie:-
= true
– Optimizely does not execute further JavaScript. -
= false
– Optimizely executes the rest of the JavaScript and deletes theoptimizelyOptOut
cookie. - Does not exist – Optimizely executes the rest of the JavaScript.
-
- Optimizely immediately checks for the
- Implement code so that when a visitor consents, there is something your
optOut
logic can read from (cookie, local storage value, JavaScript variable, and so on) to know whether the visitor consented and execute theoptOut
API accordingly. - Implement code to toggle the cookie from true to false (using JavaScript) or delete it (using JavaScript) when a user gives explicit consent.
Users see the control variation (the original content) until they consent.
For Optimizely Experimentation or Optimizely Personalization to start working, when explicit consent is given, you must:
- Reload the page programmatically.
- Wait until the visitor reloads the page.
- Wait until the visitor goes to another page.
This option does not let you test on the first page viewed or the landing page when the user has not given explicit consent.
Use the disable
API call
Use the disable
API call before the Optimizely snippet runs to instruct Optimizely Experimentation or Optimizely Personalization to not execute and not track a site visitor when the snippet begins execution. The disable
API call can stop the Optimizely snippet from running only if placed above the snippet like the preceding optOut
API call or within the project's Project JavaScript.
Add the following code that checks if the visitor consented above the Optimizely snippet or within the project's Project JavaScript:
function getCookie(name){ var match = document.cookie.match(name + '=([^;]*)'); return match ? match [1] : undefined; } if (!getCookie('consent')) { window.optimizely = window.optimizely || []; window.optimizely.push({ "type": "disable" }); }
The code must execute before the Optimizely Experimentation snippet or within the Optimizely project's Project JavaScript so that the disable
API call does not execute if the visitor consents. If the visitor has not consented, execute the disable
API call. Implement code so that when a visitor consents, there is something your disable
logic can read from (for example, cookie, local storage value, JavaScript variable, and so on) to know that the visitor consented.
Users see the control variation (the original content) until they consent. For Optimizely Experimentation or Optimizely Personalization to start working, when explicit consent is given, you must:
- Reload the page programmatically.
- Wait until the visitor reloads the page.
- Wait until the visitor goes to another page.
This option does not let you test on the first page viewed or the landing page when the user has not given explicit consent.
If the user has not given explicit consent, you can disable Optimizely and show a full page covering the original page. On this page, consent options are shown to the visitor for analytical tools that require consent, including Optimizely.
When the visitor consents, the page is reloaded, and the page displaying possible consent options is hidden and not shown again. Tools that the visitor has authorized should start working normally. An example page can be seen in Option 4: Use a tag manager.
Option 2: Do not automatically execute the Optimizely snippet
Contact Optimizely Support to implement a change to your Optimizely snippet that causes Optimizely Experimentation or Optimizely Personalization to not run until the activate
API call is executed.
After Support makes the change, implement logic that only lets the activate
API call execute:
- When the visitor has already consented upon page load.
- (Optional) When the visitor consents.
Example activate
API call:
window.optimizely = window.optimizely || [];
window.optimizely.push({
"type": "activate"
});
activate
API call when the visitor consents can possibly cause flickering if the visitor is added to a visible variation change.Option 3: Load Optimizely but hold sending events
Use the holdEvents
and sendEvents
API for granular control over the timing of when the Optimizely snippet sends events to the logging endpoint. By executing the holdEvents
API before the Optimizely snippet loads by having it execute above the snippet or within the project's Project JavaScript, the snippet will:
- Bucket a visitor into the experiment (so they see the variation changes).
- Set an
optimizelyEndUserId
cookie on the visitor (if the project is not using Bring your own visitor ID (BYOID)). -
Hold all events from being sent to Optimizely until the
sendEvents
API is called, which can be coded to execute when explicit consent is granted. If explicit consent is not granted, those events will never be sent.- Events would still be collected and enqueued in the visitor's local storage of their browser before explicit consent is granted, but they will not be sent. Events are sent after explicit consent is granted, and the
sendEvents
API is called (including those with timestamps before consent is granted).Because queued events from using theholdEvents
API are held in local storage, you should implement logic to erase Optimizely’s local storage object at the beginning of a session or earlier if a visitor has not consented yet. The browser's local storage space can become full if too many queued events are stored in local storage.
- Events would still be collected and enqueued in the visitor's local storage of their browser before explicit consent is granted, but they will not be sent. Events are sent after explicit consent is granted, and the
The benefit of this option is that users see the variation changes immediately without any tracking events being sent to Optimizely before consent. The downside is that this option may not meet your privacy requirements or legal interpretations of GDPR.
Option 4: Use a tag manager
Use a tag manager or a consent manager on your site. You can use conditional logic in the tag or consent manager to load the Optimizely snippet only if a visitor consents.
- Users see the control variation (the original content) until they consent.
-
For Optimizely Experimentation or Optimizely Personalization to start working, when a user gives explicit consent, you must:
- Reload the page programmatically.
- Wait until the visitor reloads the page.
- Wait until the visitor goes to another page.
- This solution does not let you test on the first page viewed or the landing page when a user has not given consent.
You can not inject the Optimizely snippet if a user has not consented. Instead, you can display a full page covering the entire original page. On this page, consent options are displayed to the visitor for analytical tools that require consent, including Optimizely Experimentation or Optimizely Personalization. Tools that the visitor has authorized should start working normally. Because the original variation was never shown to the visitor, as a full page covered it, it lets you experiment on the first page viewed.
Please sign in to leave a comment.