Skip to main content

Overview

TL;DR: As long as your Consent Management Platform (CMP) is configured to work with Google® Consent Mode v2, OneView will automatically respect user consent.
OneView is a data infrastructure that automatically adjusts its behavior based on each user’s consent. You don’t need to configure OneView to respect consent—it’s built into the core infrastructure. Simply ensure your consent signals are properly configured, and OneView handles the enforcement across the entire marketing ecosystem. When consent is not explicitly GRANTED, it is considered DENIED by default. This follows the privacy by design and by default principle, required by Article 25(1)–(3) of the GDPR. The system supports granular consent control across four key areas:
Consent PropertyWhat It MeansWhen GrantedWhen Denied
analytics_storageUser allows first-party analytics✅ OneView processes event data❌ OneView discards event data
ad_storageUser allows advertising optimization✅ OneView sends Conversion API for Conversion Events❌ OneView does not send Conversion API
ad_user_dataUser allows trasmission of personal data for advertising optimization✅ OneView includes hashed PII in Conversion API❌ OneView does not include PII from Conversion API
ad_personalizationUser allows personalized advertising✅ OneView flags ad personalization as true❌ OneView flags ad personalization as false
This creates a spectrum of functionality: from first-party analytics only (most restricted) to full conversion tracking with personalization (fully permissive). To use OneView, you need a Consent Management Platform (CMP) that supports Google® Consent Mode v2. All major CMPs support this framework. See certified partners.
OneView’s architecture allows you to delay consent for advertising-related purposes at high-intent moments (e.g. checkout, account creation) through less intrusive means (e.g. onboarding step, form checkbox, etc.) to dramatically improve your consent rate.When coupled with cookie banner exemptions for first-party analytics purposes, it is possible to operate OneView completely without cookie banners.
Legal mechanism: This works similarly to email addresses in your CRM—you can store them for necessary contact purposes, such as billing or customer support, then use them for promotional purposes only when explicit consent is granted. OneView applies the same principle to Click IDs.
OneView separates Click ID processing (use for first-party analytics, specifically for source attribution) from Click ID transmission (relay to ad platforms for advertising optimization, via Conversion API), enabling delayed consent collection.
1

Phase 1: First-party attribution (at ad click)

Consent required: analytics_storage only.
  • User clicks your ad
  • CMP grants analytics_storage consent (auto-granted in exempt regions, or via banner)
  • OneView stores Click ID in your workspace for first-party attribution only
  • No data sent to Media Partners yet
In this phase, OneView functions as a first-party analytics database, processing Click IDs and UTM parameters for source attribution without external data sharing.If analytics_storage consent is denied, OneView does not process any data.
2

Phase 2: Third-party advertising (at conversion)

Consent required: ad_storage (+ optional ad_user_data and ad_personalization)
  • User completes a conversion event (e.g., purchase, signup)
  • CMP requests ad_storage consent (e.g., during checkout flow)
  • If granted, OneView sends Conversion API to Media Partners with:
    • The Click ID from Phase 1
    • Personal data (if ad_user_data granted)
    • Personalization flags (if ad_personalization granted)
Exemption rules vary by country and by purpose. Consult your Data Protection Officer (DPO) for guidance on setting up your CMP for the countries you operate in. Iubenda’s GDPR guide provides helpful country-specific information.
OneView can operate completely without cookie banners in countries where first-party analytics are exempted from explicit user consent, as long as advertising-related consent can be gathered at a later stage through less intrusive means (e.g., during checkout). This granular system ensures full compliance while maximizing data quality and providing a great user experience.