Align Pardot tracking with your cookie consent policy (part 1/2)

Today with GDPR and similar regulations, the internet is full of different kinds of consent banners. The banners are used to request the visitors for their consent for tracking their web behaviour.

Upon the first visit, the visitor can usually choose to opt-in or opt-out from tracking, with multiple different levels for the opt-in (e.g. statistical, personalisation, targeting). Often the consent banner can also be opened again later to change these preferences. These preferences should set the boundaries for how the different tracking codes on the website are allowed to load.

However, if you are also using Pardot, note that with Pardot’s default settings, the consent selection for Pardot tracking is made through Pardot’s own cookie banner, not through the common consent banner on your website.

This could result in two consent banners being shown on the website at the same time, which obviously is not the best option for a great user experience. Another and more pressing issue is that Pardot tracking scripts might not obey your general website consent logic.

First, let’s briefly go through the background of how consent and tracking codes are managed on websites in general and how Pardot relates to that. Or feel free to jump straight to the second part with technical setup to see the hands-on instructions on how to align Pardot tracking with your site’s consent policy.

Managing tracking codes and consent

Websites typically use a consent management platform (CMP) — like OneTrust or Cookiebot — for managing the consent preferences for all of the site’s tracking codes. The actual tracking setup configuration is often done through a tag management system (TMS).

The hierarchy of the tools then looks something like this:

• The CMP collects and stores the visitors’ opt-in preferences through a consent banner. It can also crawl the website for cookies to identify any new tracking codes.
• The firing rules in the TMS make sure that all of the tracking codes obey the preferences saved by the CMP.

Simplistically, the process of implementing a new tracking script on the website then involves installing the code via the TMS and configuring the firing rules so that the script will not load if the needed consent is not there.

Pardot and cookie consent

Pardot is typically used to create forms and landing pages. These are hosted by Pardot under a custom domain. The forms could be embedded on the website using a cross-domain iFrame. If your website is located under the www.yoursite.com domain, the iFrame form might exist under go.yoursite.com, for example.

From the user experience point of view, a form embedded on the website as an iFrame probably doesn’t look any different than another form that doesn’t use an iFrame. However, technically speaking, the iFrame is its own website located under another domain.

This adds some complexity to consent management and how tracking works. Pardot automatically includes tracking codes to any iFrame form or landing page created by it. These tracking codes can’t be disabled, and they are also out of reach for the TMS to block.

This means that Pardot tracking does not fit the typical cookie consent management process described earlier. We need to rely on Pardot’s own Tracking Opt-in feature as well to be able to block all unwanted tracking regardless of whether the script is being loaded from the main website, an iFrame or a landing page.

However, turning on the Tracking Opt-in in Pardot involves some additional problems. Pardot hasn’t been designed to let the visitors change their consent selections for tracking. The Tracking Opt-in makes sure that any new visitors are not being tracked before active opt-in, but it doesn’t let returning visitors change their preferences for opt-in. It also, by default, relies on its own consent banner instead of being connected to the main consent banner.

The default implementation of the Tracking Opt-in can cause issues in having to ask visitors for their consent multiple times through different banners. The tracking can also work in unexpected ways because the Pardot-managed opt-in could be out of sync with the selections made for the rest of the website.

What’s next

So now you know the background of the issue. Now head over to our technical tutorial that explains how to overcome the issues mentioned and align Pardot tracking (website, iFrame forms, landing pages) with an external consent banner using Google Tag Manager. Read the second part of this blog post here.