Expand my Community achievements bar.

Adobe Web SDK and GDPR granular compliance


Level 2

Europe's General Data Protection Regulation (GDPR) defines consent as "granular," which basically means the visitor must have a choice and be in control of what they choose to share. That means only having an "Accept All Cookies" or "Reject All Cookies" option is out of compliance.

According to https://experienceleague.adobe.com/docs/experience-platform/edge/consent/supporting-consent.html, as of Sept 27, 2023, it states "Currently, the SDK only allows users to opt in or out of all purposes, but in the future Adobe hopes to provide more granular control over specific purposes."

Given that, how is Adobe providing customers the option of using Web SDK while also maintaining compliance with the GDPR? 

2 Replies




Note: I get a 404 from the link you provided.




The AEP WebSDK provides 4 distinct options for setting up privacy.


The “Privacy” section sets the consent level for the SDK if the user has not previously provided consent preferences. This sets the default state for consent and event data collection in the SDK. The chosen setting answers the question of “what should the SDK do if the user has not yet provided explicit consent preferences?”

  • In - Collect events that occur before the user provides consent preferences.
  • Out - Drop events that occur before the user provides consent preferences.
  • Pending - Queue events that occur before the user provides consent preferences.
  • Provided by data element


This should provide anyone with enough ability to customize at a very granular level for their privacy needs.


Level 1

No, what I mean is say your Adobe Analytics cookies are categorized as performance cookies and your Adobe Audience Manager cookies as targeting cookies, and your Adobe Target cookies as functional cookies. Instead of selecting accept all or reject all, let’s say the visitor opts to accept performance and functional cookies but rejects targeting cookies (this is the granularity I am referring to), can and how does the WebSDK allow for this? From everything I’ve seen so far, the WebSDK would need to reject ALL Adobe cookies in order to satisfy the request of rejecting targeting cookies, which if so would not be in compliance with the visitor’s request to accept performance and functional cookies.