OneTrust consent management
OneTrust is a privacy and consent-management platform (CMP) that presents consent banners, records choices, and exposes consent signals that tag managers and analytics scripts read before firing. It supports frameworks such as the IAB TCF. This page describes its data model and privacy posture even-handedly, without ranking it against other CMPs.
What this means
OneTrust presents a consent banner, categorizes cookies and tags (for example strictly necessary, analytics, marketing), and stores each visitor's choices. Other scripts query that state before running, so consent is enforced at load time.
It integrates with tag managers and supports industry frameworks such as the IAB Transparency and Consent Framework, passing a consent string that downstream vendors interpret.
Data model and posture
The core records are consent receipts: which categories a visitor accepted or rejected, when, and under which policy version, keyed to an identifier so the choice persists.
Consent records are themselves personal data, and the posture depends on accurate cookie scanning, correct category mapping, and re-prompting when policies change. A misconfigured CMP can let tags fire without consent or block legitimate ones — the model is only as good as its mapping.
- Banner plus category-based consent capture
- Consent state read by tags before firing
- Supports IAB TCF consent strings
- Consent receipts are personal data themselves
How it appears in analytics and logs
OneTrust on a page means a consent layer runs before analytics: tags are blocked or allowed based on stored consent state, so missing analytics hits can reflect declined consent rather than a tracking fault.
Diagnostic use case
Use OneTrust to collect and store user consent and to gate analytics, advertising, and other tags so they execute only for the categories a visitor has allowed.
What WebmasterID can help detect
WebmasterID's cookie-free measurement reduces consent-category complexity, but where a CMP like OneTrust is present its signals should still gate any cookie-based tags alongside it.
Common mistakes
- Mapping analytics tags to the wrong consent category.
- Letting tags fire before the consent signal is read.
- Forgetting to re-prompt when the cookie policy changes materially.
Privacy and accuracy notes
A CMP records consent as personal data and shapes what downstream tools may process; correct category mapping is essential. This is educational, not legal advice.
Related pages
- Cookiebot consent management
Cookiebot is a consent-management platform that automatically scans a website for cookies and trackers, presents a categorized consent banner, and can block scripts until a visitor consents. It records consent for documentation. This page describes its data model and privacy posture even-handedly, without ranking it against other CMPs.
- Usercentrics consent management
Usercentrics is a consent-management platform (CMP) that presents consent interfaces, records and documents choices, and signals consent to tags across web and mobile, with support for frameworks such as the IAB TCF. This page describes its data model and privacy posture even-handedly, without ranking it against other CMPs.
- GDPR and web analytics: the practical picture
The GDPR governs processing of personal data of people in the EU. For analytics that means: identifiers and IP addresses can be personal data, consent is often required for cookie-based tracking, and minimisation matters. Cookieless, first-party, anonymised measurement reduces the surface — but this is a factual overview, not legal advice.
- Privacy-first analytics
Cookie-free measurement that limits consent complexity.
Sources and verification notes
- OneTrust — Consent management documentationVendor docs on consent capture and category gating.
- IAB Europe — Transparency & Consent FrameworkFramework whose consent string CMPs emit.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.