Developer Support
About the Consent Policy
4 min read
·
Last updated on Feb 9, 2023
As per privacy regulation guidelines such as GDPR and CCPA, Wix has enabled a consent policy which allows all parties to adhere to the applicable laws. Third parties can access the consent policy approved by each site visitor.
Workflow
- Site owner sets up a consent policy which includes any or all of the following consent types:
- Essential: lets the visitor move around the website and use essential features like secure and private areas.
- Functional: used to remember choices users make to improve their experience (e.g. language).
- Analytics: lets the site/app owner understand how visitors use the website (e.g. which pages they visit), to provide statistics on how the website is used, improve the website by identifying any errors, and performance issues.
- Advertising/Marketing: used to collect information about the impact of marketing campaigns performed in other websites on users and non-users.
- Data to Third Parties: lets the site/app owner share data with third (or fourth) parties (includes the "sale" of data, as well sharing data for essential or enhanced functionality, e.g., Google Analytics) - specifically for CCPA compliance.
- Site visitor gets a popup/banner about cookies.
- Site visitor interacts with popup/banner, setting their consent policy – they can choose which of the options to allow.
After this point, third parties can access the consent policy per visitor, and can then decide what actions to take per their app’s functionality and interpretation of applicable data privacy regulations such as GDPR and others.
Access to the consent policy set by each site visitor is available via REST API or the iframe JS SDK. The JS SDK also provides access to the default site policy as set by the site owner.
Important:
All apps are bound by the Wix Partner Agreement, which contains obligations related to privacy regulations (including honoring each site visitor’s decision about cookies).
Iframe apps
Make sure to check the visitor's consent policy at the start of each session, and comply completely with the set policy.
Access the visitors’ consent policies with these wix.utils functions:
Worker iframe apps
Access the visitors’ consent policies with these wix.worker functions:
Important:
Consent policy will be passed as a query param in the iframe URL – but it's for internal use and won't necessarily be accurate. Your app shouldn't depend on this.
Embedded script apps
Embedded script apps will be automatically rendered or blocked based on the site visitor’s approval or denial of the above options, which correspond to the script type selected during setup.
If your script falls into more than one category (for example, it's Functional, but also collects Analytics about users) you should select the more restrictive category (so in our example, the script should be marked as Analytics).
If your script has marketing or analytical functionalities but needs to be listed in one of the less restrictive categories in order to carry out its main functionalities, you should create two embedded script components, each one containing the relevant script for its category. If your script structure does not allow you to do this, you can ask for approval to be marked as Functional/Essential via our support, as long as your app takes the user policy into account.
In order to take the users’ selected policy into account, you should use a client side API and event:
- getCurrentConsentPolicy() – get the current user policy
- consentPolicyChanged – listen to any changes in the policy.
This means that the rest of your script (or functionality) should be loaded only if the user has accepted.
Function – getCurrentConsentPolicy(callback)
window.consentPolicyManager.getCurrentConsentPolicy()
Property | Type | Description |
|---|---|---|
defaultPolicy | boolean | False only if the User has selected a policy |
policy | ConsentPolicy (object) | The policy that is currently active |
createdDate | Date / undefined | If this is NOT a defaultPolicy this is when the policy was set |
ConsentPolicy includes:
Property | Type | Description |
|---|---|---|
essential | boolean | Always true - means we allow our necessary cookies / BI |
analytics | boolean | If we are allowed to send / use analytics cookies / BI |
functional | boolean | If we are allowed to send / use functional cookies / BI |
advertising | boolean | If we are allowed to send / use advertising cookies / BI |
dataToThirdParty | boolean | Relates to CCPA law - if we are allowed to transfer data to 3rd parties or embed their scripts |
Event – consentPolicyChanged
Dispatched on the document object. Triggers when a consent policy change was completed successfully.
Sample listener code:
1document.addEventListener("consentPolicyChanged", function(e) {console.log(e.detail)});
The detail object under the event contains a ConsentPolicy object.
Testing for compliance
- Add a cookie banner to your test site.
- Add a “Do Not Sell Data” link to your test site.
- Visit your test site in incognito and interact with the cookie banner and "Do Not Sell Data" Link.
- Verify that your app behaves properly based on your selected cookie policy and data policy.
Note:
For more info, read about Wix’s cookie policy and its adherence to the GDPR.
Was this article helpful?
