From the CMP to purposes
At Piano, we want to make your compliance as simple as possible. To do this, we believe that the choices made by your users should be easily translated into signals interpreted by our various products.
The GDPR introduces the notion of purpose, reason, objective for which personal data has been collected. The main purpose pursued by Piano Analytics is "Audience Measurement" (see purpose limitation of the solution).
Note: Piano offers other products for other purposes (see https://support.piano.io/hc/en-us/articles/14488526650898-AT-Internet-Piano-and-Privacy-PolicyAT Internet, Piano, and Privacy Policy).
Consent for these purposes is usually obtained from users via the Consent Management Platform (CMP):
The user can:
- Accept all - Accept all purposes.
- Refuse all - Refuse all purposes.
- Granularly select the purposes to which they wish to consent.
These three choices available to your users are the information Piano needs to respect their decisions.
By default, Piano categorizes its products according to the following purposes:
All you must do is tell us:
- I have obtained consent for all purposes - We will deposit all cookies and supply all products.
- I have obtained no consent - We will not deposit any cookies or feed any products with personal data.
- I have obtained consent for certain purposes - We will deposit the cookies and supply the products linked to the purposes in question.
And if you consider that our products should be part of other purposes, that's no problem. You have the power to modify this association.
This is how we receive the decisions made by your users. A simple command translating the interactions carried out on the CMP.
This is made possible by associating end-purposes with "modes", a fundamental notion in your compliance process.
Note
If you only use Piano Analytics, you don't need to specify any purpose. All you need to do is specify the "modes", which will automatically be assigned to the "Audience measurement" purpose linked to Piano Analytics.
Modes
To make your Piano solutions compliant, you must send us the choices made by your users on your cookie banner (CMP).
Each interaction on the CMP allows us to know the state of a specific purpose (see "from the CMP to the purposes" above).
These states correspond to "modes" in Piano's consent management vocabulary.
Defining modes
By default, we propose three modes:
- opt-in - the user has consented to the purpose.
- essential (exempted) - The user has not consented to the purpose, but consent has been exempted.
- opt-out - The user has not consented to the purpose.
Thanks to tagging, you'll be able to tell us the status of each of the purposes present on your site/application and linked to Piano products.
Example:
- I accept everything → All purposes are in "opt-in" mode.
- I refuse everything, but I benefit from an exemption for audience measurement → All purposes are in "opt-out" mode, except "Audience measurement" which is in "Essential" mode.
- I accept "advertising" and "content personalization" only → "Advertising" and "Content personalization" will be in "opt-in" mode and the other purposes in "opt-out" mode.
Impact of modes on data
Linking a mode to a purpose has the following consequences:
Purpose | Data | Trackers (Cookies…) | |
Opt-in | The purpose and products related to it, has obtained consent. | All data is collected, without restriction | All cookies are deposited, without restriction |
Essential | The purpose and products related to it are exempt from consent. | Information strictly necessary for the provision of the service is collected. | Essential cookies are deposited. |
Opt-out | The purpose and the products related to it, has not obtained consent. | Data is anonymized and excluded. | Mandatory cookies are deposited. |
Extended Opt-out | The purpose and the products related to it, has not obtained consent. | The data is anonymized and used to feed aggregate reports into the solution (see dedicated Extended opt-out article). | Mandatory cookies are deposited. |
Data governance
Whenever an event is collected with a specific mode, the visitor_privacy_mode property is natively populated with the value of the mode in question.
This allows you to manipulate the right data, with the right permissions, in your interfaces and data exports.
Implementation
The implementation of user choice and consent management is detailed in our developer documentation.