Adobe Experience Platform

I am not sure if this is the right way to capture this use-case. However, I learned there are different cookies within WebSdk like "kndctr". Any idea, if we can utilize them to capture this use-case ?

Hi @SSampsa 

the kndctr ("konductor") cookies are placed by the Adobe Experience Edge Network and contain amon others information about the user consent status e.g., "general=in", but not really anything that would be useful in your case I think.

If you have not done that in the past, maybe there was a (legal) reason for that?

Again, I don't think it is wise to try to track opt outs in any way. 

The only legally compliant way to track cookie opt-outs no matter which consent category, would be without cookies. And Adobe cannot do that, at least not by itself.

Well, you actually can, but it will require a bit of technical setup and know-how. I implemented a custom AA consent tracking for a client that roughly looked like this

1. create a custom CNAME for consent tracking e.g., consent.mydomain.com, that is a proxy that strips all outgoing and incoming cookies
2. write custom code that captures the display of and interaction with the consent banner, sending "forged" AA requests to a dedicated report suite. Forged meaning you fabricate a tracking call with all needed query parameters (your consent categories as props, individual events for banner shown, accepted, declined...)
   Important is to not use any Adobe Library for this to make sure no cookies are set. Add more payload as needed (e.g., user agent)

The beauty of this is that you are flexible enough to do your own bot detection and analysis, since many consent providers like OneTrust aren't able to filter any traffic.

But yeah, nerdy it is.

There is nothing illegal about using cookies per say, but there needs to be a justification for it. This is of course also down to local and per company interpretations, which I will not go into.

As you said this is really easy to do with AppMeasurement, as you can do a scenario like you did, or simply force it to use a fallback model without much trouble, but I was going for a Web SDK based solution and I don't see these running side-by-side as a long term solution.

If we're going to get down and dirty with AEP, doing a server-side HTTP API based data collection allow data collection utilizing e.g. a server generation session or device identifier. This would only be activated if consent is not given and data would be separated from standard tracking due to them not being compatible. When it gets down to this, I also think about the ROI of the whole thing and is it worth it?

A major difference with Web SDK and the old library is that Web SDK is built around using only ECID. There are likely other ways to do this, perhaps even using Data Prep, but the way I see it there are no direct ways to avoid using ECID unlike before. I am working with cases who do what you're aiming for as well with AppMeasurement and I'll surely face this challenge when the time comes.

The cookies utilized by Web SDK (starting with kndctr) provide the ECID, consent details and edge cluster used in their base form, so they won't help with maintaining an identity other than the ECID. Web SDK has some configuration options, such as the ability to modify XDM before it's sent, perhaps one could use it to modify request details or by simply manipulating the cookie value, I can't say that for sure, as the key for me here is reliability and making sure the ID works and behaves as expected. Check out: onBeforeEventSend | Adobe Data Collection on how to manipulate XDM before sending data (there is another function for link-events).

Totally agree, OneTrust can categorized the details based on the categories but we wanted to see this detail in analytics how many users did reject the cookies and we can somehow track limited information for them...