Handling conflicts in enforcement conditions
This article describes how the Consent Orchestration feature handles conflicts in the conditional enforcement of purpose groups and exemptions, while adhering to privacy by design and privacy by default principles.
Privacy principles
Consent Orchestration processes and activates data only when explicit consent is granted or clear conditions are met. It ensures compliance with relevant policies and regulations, protecting against data leaks caused by user error or misconfiguration.
How Consent Orchestration handles conflicts in enforcement conditions
Conflicts in Consent Orchestration arise when multiple enforcement rules overlap or contradict each other. These conflicts are more common when you have multiple consent policies or complex enforcement rules. Here’s how Consent Orchestration manages these conflicts to ensure data protection:
- When at least one purpose group or exemption is active: This can create a conflict because exemptions allow data processing without consent controls, while purpose groups enforce strict rules for data processing. To resolve this conflict, the purpose group is enforced, and exemptions are disregarded. No data processing is allowed without a consent signal.
- When two or more enforcement rules overlap for purpose groups: No data processing will occur, because it’s unclear which should be enforced.
- When exemptions are allowed to overlap: If a single purpose group overlaps with any number of exemptions, the purpose group is enforced and the exemptions are disregarded.
In ambiguous scenarios, such as where two purpose groups are present and their enforcement rules both evaluate to true, Consent Orchestration withholds data processing and activation to protect against potential data leaks. This may result in the loss of data from blocked activations, but it is a precautionary measure to mitigate the risk of data leaks.
Example of conflicting enforcement conditions
This example is for illustration purposes only.
Conflicts can arise in complex scenarios such as domain conflicts. For instance, one purpose group might apply to events where the domain contains A, while another purpose group applies to events where the domain contains B. If an event comes in with a domain that contains both A and B (such as domain AB), both enforcement rules evaluate to true, creating a conflict. In such cases, Consent Orchestration cannot determine which policy to enforce, resulting in withholding data processing and activation to prevent potential data leaks.
The following table shows how Consent Orchestration handles conflicts depending on the number of active exemptions and purpose groups:
This table only applies when Consent Orchestration is active (at least one exemption or purpose group is active, even if no enforcement conditions apply). If no exemption or purpose group is active, Consent Orchestration remains inactive and will not block any activations.
| Exemptions | Purpose Group | Conflict Handling |
|---|---|---|
| 0 | 0 | Block all data processing |
| 1+ | 0 | Allow all data processing |
| Any | 1 | Apply purpose-specific blocking |
| Any | 2+ | Block all data processing |
This page was last updated: June 28, 2024