HubSpot Tracking Code with CMS GDPR Consent Tracking


#1

Good afternoon,

Definitions:
Consent Free Tracking - tracking that can be done without GDPR Consent
Consented Tracking - tracking that can only be done once the visitor has consented to being tracked
CMS - third party CMS
Marketing Consent System - a system that stores and logs Marketing Consent, and allows different content to be added to the page depending on whether the relevant Consent has been given
Granular Consent - allow a visitor to consent to some cookies and not others, thus Analytical Systems may be added to the page and not Social Media.

We are based in the UK and so GDPR is a major focus. This ticket may seem a little late given the deadline was a few weeks ago, but we have been waiting for HubSpot to complete its GDPR development.

We provide a proprietary CMS solution to our customers, this includes a Marketing Consent System we developed over 2 years ago when GDPR was first announced.

HubSpot is being used for Marketing Automation and its tracking, and so HubSpot tracking code has been added to the pages of the website.

We need a way to tell HubSpot whether the visitor has consented to being tracked or not.

The simplest way is to skip the entire HubSpot Tracking code when Consent has not been given, but this will also turn off HubSpots Consent Free Tracking, which will skew the data HubSpot records very heavily, since most visitors will not consent to being tracked (although they may consent to Analytics).

Ideally HubSpot could provide two HTML snippets, once that only enables Consent Free Tracking, and the other that enables all Tracking. We can then switch between the one that applies.

I have been looking at the HubSpot Cookie Banner, the text implies that in clicking the supplied button it will affect all cookies on the page, whereas in reality it only affects HubSpot cookies, and does nothing with the other cookies on the page. It is quite misleading and not really compliant. It also seems to be an all on or all off consent, rather than Granular Consent.

It seems the current assumption is that HubSpot is the sole Marketing Consent System, however it lacks the functionality (or at least API) required to control all other content on the page, such as Analytics, third party tools, and Social Media cookies. Can we add additional Consent types?

I have looked at the documentation seen here:
https://developers.hubspot.com/docs/methods/tracking_code_api/get_consent_status
But this only reports on whether Consent in general has been given, rather than which Granular Consent has been given. Also, this only works for client side JavaScript code that can be altered such that it is executed from within this code block, and doesn't apply to server side assigned cookies, or any larger libraries (such as Google Analytics) that would require inside knowledge to alter them to be executed in such a way.

I know HubSpot have spent the last 2 months developing code for the GDPR, and I have been checking on updates regularly, watching the webinars etc, but am still unable to find this information on how to either allow our Marketing Consent System to be in control, or use HubSpots Marketing Consent System to Granularly control the cookie Consent such that the CMS can change the content based on HubSpots Consent.

I appreciate this is a long message, if you need any additional detail please let me know.

Many thanks

Andy


#2

Good Evening.

It has been 14 days and this ticket is yet to have a response. Can I ask what the response time is for tickets in this forum?

I fully appreciate the amount of work involved in creating a GDPR solution for multiple customers of which in most cases you can't predict many variables. We did this ourselves for our CMS system last year, and there were edge cases that were not considered that needed additional development. I just need to know how I integrate our solution with HubSpots. At the moment we are both collecting Consent and asking our website Visitors for Consent to the same things twice. Clearly this needs a solution.

This is not the only unanswered similar ticket here, see:
Customizing Cookie Consent to Affect All Tracking and Cookies - Not Just Hubspot

We have tried contacting our account manager on this issue but are just told to raise a "ticket" (their words) in this forum. Is there something else I should be doing?

Judging by the amount of similar questions regarding the way HubSpots GDPR solution works, and the issues raised, and differences I have seen between HubSpots approach and the actual law itself, will there be a version 2 coming out soon to address them? If so, could you let us know ASAP what problems will be resolved in this release and when it is due.

Many thanks

Andy