Consent in Reverse ETL
With Consent Management in Reverse ETL, you can enforce your end-users' consent preferences that are captured by your consent management platform (CMP) and stored in your warehouse.
To enforce consent stored in your warehouse, build a Reverse ETL model that identifies consent categories. You can create a "consent to" column mapping in a new data model or update an existing data model to include a "consent to" mapping.
Consent management edit and update capabilities limited to Workspace Owners
Only users with the Workspace Owner role are able to create, edit, and disable consent categories. All other users have read-only access to Consent Management features.
Before you can enforce consent stored in your warehouse, take the following steps:
- Set up your third-party consent management tool and create consent categories. Take note of your consent categories and the key or ID associated with each category.
- Know how your company uses each destination. You need to know which destinations to map to each category.
- Store your end user consent in a warehouse that Segment supports for Reverse ETL. Segment supports Reverse ETL capabilities in Azure, BigQuery, Databricks, Postgres, Snowflake, and Redshift data warehouses. Other data warehouses are not supported.
Limited destination availability
Reverse ETL supports the Actions destinations in the Reverse ETL catalog and Segment Connections.
- From the Segment homepage, select the Privacy tab and click Consent Management.
- On the Consent management page, click Create categories.
- Confirm that you have completed the required prerequisites, and click Next.
- On the Create consent categories page, add the following information to the category form:
- Category name: Enter a name that describes your use case for the data sent to this destination. This field only accepts category names that are 20 characters or less.
- Category ID: In OneTrust, this is a string of up to five alphanumeric characters, but other CMPs may have a different format. This field is case sensitive.
- Mapped destinations: Select one or more of your Reverse ETL destinations to map to this category. Category mappings apply to all instances of a destination.
- After you've finished setting up your category or categories, click Save.
Segment recommends mapping all Reverse ETL destinations to a category
Segment assumes all destinations without a mapping do not require user consent and will receive all events containing a consent object. If a destination is mapped to multiple categories, a user must consent to all categories for data to flow to the destination.
To edit or disable consent categories, view the Configure Consent Management documentation.
Success!
If you've already added a Reverse ETL source to your workspace, you can proceed to Step 3: Identify consent columns.
If you haven't already configured a Reverse ETL source in your workspace, follow the instructions in the Reverse ETL: Add a source documentation to add your warehouse as a data source. When you've configured your Reverse ETL source, proceed to Step 3: Identify consent columns.
After you set up consent categories in the Segment app, you must identify the columns in your data warehouse that store end user consent by creating a model, or SQL query that defines the set of data you want to synchronize to your Reverse ETL destinations. When building your data model, Segment recommends that you represent consent as a boolean true or false value and map one consent category to one column.
Creating a data model that does not include information about consent preferences results in no consent enforcement
If you create consent categories in your workspace but fail to identify columns that contain consent preferences in your data model, events flow to all destinations in your workspace regardless of end user consent preferences.
To identify consent when building your model:
- Navigate to Connections > Sources and select the Reverse ETL tab. Select your source and click Add Model.
- Click SQL Editor as your modeling method.
- Create the SQL query that'll define your model. Your model is used to map data to your Reverse ETL destinations.
- Choose a column to use as the unique identifier for each record in the Unique Identifier column field. The Unique Identifier should be a column with unique values per record to ensure checkpointing works as expected. It can be a primary key. This column is used to detect new, updated, and deleted records.
- Click Preview to see a preview of the results of your SQL query. The data from the preview is extracted from the first 10 records of your warehouse.
- Click Next.
- Enter your Model Name.
- Click Create Model.
- Select Add consent mapping.
- On the Add consent mapping popup, identify the column in your model that holds the consent preferences for the consent category.
- Select Add consent mapping to identify columns for all of your consent categories.
- When you're satisfied with your consent mappings, click Save.
To update an existing Reverse ETL model to include consent enforcement:
- Navigate to Connections > Destinations and select the Reverse ETL tab.
- Select the source and the model you want to edit.
- Select the Query Builder tab to edit your query. When you're editing your query, include columns that store information about end user consent preferences. When you've finished making changes, click Save Query.
- Navigate to Settings > Consent settings.
- Select Add consent mapping.
- On the Add consent mapping popup, identify the column in your model that holds the consent preferences for the consent category.
- Select Add consent mapping to identify columns for all of your consent categories.
- When you're satisfied with your consent mappings, click Save.
You can select the Settings tab and click Consent settings to verify that the consent categories in your model match the consent categories you configured in your workspace.
You can store each consent category in its own column in your warehouse, or store your consent information in one single blob column. Segment requires your consent categories to be in their own column in your data model.
The following sample model maps consent categories from each column in your database:
1select2USERID,3name,4email,5distinctid,6Ads,7Personalization,8Analytics,910from CONSENT_PREFERENCES;
The following sample model maps consent categories from one blob column in your database:
1select2USERID,3name,4email,5distinctid,6CAST(CONSENT_OBJ:consent.cookie.Advertising as Boolean) as Ads,7CAST(CONSENT_OBJ:consent.cookie.Personalization as Boolean) as Personalization,8CAST(CONSENT_OBJ:consent.cookie.Analytics as Boolean) as Analytics,910from CONSENT_PREFERENCES;
Failing to identify consent columns in your warehouse might lead to unintentional data loss
If you have destinations mapped to consent categories in the Segment app but fail to identify a column in your warehouse that stores consent for a category, then consent preference for that category will be considered to be false and no data will flow to destinations mapped to the category.
After you set up categories in the Segment app and create a SQL model that extracts consent information, connect your downstream destinations to complete the consent enforcement process.
To add your first destination:
- Navigate to Connections > Destinations and select the Reverse ETL tab.
- Click Add Reverse ETL destination.
- Select the destination you want to connect to and click Configure.
- Select the Reverse ETL source you want to connect the destination to.
- Enter the Destination name and click Create Destination.
- Enter the required information on the Settings tab of the destination.
- Navigate to the destination settings tab and enable the destination. If the destination is disabled, then Segment won't be able to start a sync.
Segment does not count Reverse ETL records filtered by Consent Management toward your Reverse ETL limits
Records filtered out by Consent Management are not counted as part of your Reverse ETL limits. For more information about Reverse ETL limits, see the Reverse ETL Limits documentation.
You can validate that you successfully created your consent mapping in Segment Connections or supported Reverse ETL Actions destinations using the following methods.
Segment automatically adds the consent object to every event that's routed downstream to your Segment Connections destination. Consent enforcement in Connections validates that only consenting data flows downstream to any classic Segment destinations connected to your Segment Connections instance.
Open the Source Debugger for your Reverse ETL source and confirm that the consent object appears on every event and that the consent object has the categories you mapped in Step 3: Identify consent columns.
Open the Profile Explorer and verify that your profiles contain the Segment Consent Preference Updated event.
Segment automatically filters out data from users who have not consented to the category mapped to your destination.
To verify that this behavior is working as intended, open Delivery Overview for a Reverse ETL-supported Actions destination and view the events that were successfully delivered to the destination. The events in your destination should only come from users that consented to send data to the category that your supported Actions destination belongs to.