Consent Management Platforms (CMPs) and Zeta Cookie Classification
A Consent Management Platform (CMP) is a technological solution designed to assist organizations in adhering to data privacy regulations, including the GDPR, CCPA, and others. These platforms manage user consent regarding the collection, processing, and sharing of personal data. CMPs offer users clear and transparent options for data collection, typically through cookie banners and preference centers, while recording and enforcing their choices.
CMPs are particularly essential for organizations operating websites, apps, or digital campaigns that utilize tracking technologies such as cookies, pixels, and SDKs. Commonly used Consent Management Platforms (CMPs) include OneTrust, TrustArc, Cookiebot, Usercentrics, and Didomi.
How CMPs Work
Consent Notice Deployment
A Consent Management Platform (CMP) like OneTrust presents a consent banner or pop-up when a user visits a website.
This banner clearly outlines the types of data being collected and empowers users to accept or reject various categories of data processing.
Cookie Categorization
Cookies and similar tracking technologies are categorized into distinct groups (e.g., strictly necessary, performance, functional, targeting).
Each category is subject to specific user consent choices.
Consent Logging
The platform securely records user consent decisions to meet audit and legal compliance requirements.
Dynamic Enforcement
CMPs dynamically manage the execution of scripts (Zeta’s Global Tag, for example) or the loading of trackers based on the user's consent selections.
This process ensures that non-essential cookies are activated only when the user has granted the appropriate consent.
Preference Management
Users have the option to revisit and modify their privacy preferences through a settings panel or a footer link.
CMP Cookie Classification Categories
Most CMPs, such as OneTrust, categorize cookies as illustrated in the table below.
Category | Purpose | Examples | Consent Required? |
|---|---|---|---|
Strictly Necessary | These cookies are essential for delivering the requested services, applications, or resources. Without them, users' requests cannot be fulfilled effectively. Typically, these cookies manage user actions, such as requesting visual elements of the website, accessing page resources, or handling login/logout processes. Additionally, this category of cookies plays a crucial role in establishing fundamental functionalities that ensure the security and efficiency of the requested service, including authentication and load balancing requests. | Session tokens, load balancer cookies | No |
Performance | Performance cookies are designed to provide quantitative measures of website visitors. Information collected with these cookies is used in operations to measure website or software KPIs, such as performance. By using these cookies, website owners can count visits and traffic sources to improve the performance of their site and application. If a user does not allow these cookies, the site owner will not know when the user has visited the site. | Page load timing, error tracking, and analytics | Yes |
Functional | Functional cookies are established by website owners or third-party service providers to introduce additional functionalities and enhance website performance. Although these cookies are not directly linked to the services a user may request, they are crucial in supporting features such as auto-filled text boxes, live chat platforms, non-essential forms, and optional security measures like single sign-on (SSO). | Locale setting cookies, saved preferences | Yes |
Targeting/Marketing | Targeting/Marketing cookies are established by advertising partners and various technology vendors to facilitate behavioral advertising and gather remarketing analytics. These cookies collect a range of browsing information essential for creating user profiles and understanding individual habits. This data is utilized to tailor a personalized advertising experience, ensuring that users encounter ads that align with their browsing interests and behaviors when visiting other websites. | Cookies set by Zeta’s DSP pixel | Yes |
1st-party cookies, such as Zeta’s _zti cookie set by Global Tag, must be categorized in a CMP, just like 3rd-party cookies. The primary distinction lies not in who sets the cookie, but in what the cookie does and whether it adheres to privacy regulations such as GDPR, CCPA, or the ePrivacy Directive.
Why 1st-Party Cookies Must Be Categorized?
1. Legal Compliance
Even if a cookie originates from the site owner’s domain (i.e., 1st-party), it may still:
Track behavior across sessions or pages
Collect personal data (e.g., device ID, user ID)
Facilitate personalization or advertising
Under GDPR and similar regulations, any cookie that is not strictly necessary for site operation requires user consent, regardless of its source.
2. User Transparency
CMPs like OneTrust are designed to inform users about all tracking mechanisms.
To correctly classify Zeta’s cookies in your Consent Management Platform (CMP), refer to the CMP Category column in the US and EU tables provided here: Zeta Tags and Cookie Domains.
You don't need to categorize every cookie listed on that page. Only the cookies associated with the specific Zeta solutions your organization has implemented require categorization.