“Do Not Share” is a user preference and operational rule that tells an organization not to share an individual’s personal data with other parties for specific purposes—most commonly advertising, tracking, measurement, or enrichment. In **Privacy & Consent** programs, it functions as a clear boundary: even if data collection is permitted, onward sharing may not be.
“Do Not Sell” is a consumer choice signal that tells a business not to sell (and, in many real-world implementations, not to share) a person’s personal information with third parties in ways that trigger privacy obligations. In **Privacy & Consent** programs, “Do Not Sell” is less about a single button on a website and more about a durable operational promise: the individual’s data must not be routed into data flows that constitute a sale under applicable rules.
A **Data Subject Request** is how an individual asks an organization to take action on their personal data—such as accessing it, correcting it, deleting it, or limiting how it’s used. In **Privacy & Consent**, it’s one of the most important “real-world tests” of whether your organization truly understands where personal data lives, why it’s collected, and how it flows through marketing and analytics systems.
A **Data Retention Policy** defines how long an organization keeps different kinds of data, where that data is stored, who can access it, and when (and how) it must be deleted or anonymized. In digital marketing, this directly affects attribution, personalization, analytics accuracy, customer trust, and regulatory exposure.
Data Residency is the practice of keeping data stored (and often processed) in a specific geographic location—such as a country, state, or economic region—based on legal requirements, customer expectations, or internal policy. In the world of **Privacy & Consent**, Data Residency is more than an IT checkbox: it influences what customer data you can collect, where you can send it, how you prove compliance, and whether your measurement and personalization plans remain viable.
Data Minimization is the discipline of collecting, using, and storing only the data you genuinely need—and nothing extra—so you can meet a specific purpose without expanding privacy risk. In the world of Privacy & Consent, it’s one of the most practical principles you can apply because it forces clarity: what data is necessary, why you need it, how long you should keep it, and who should access it.
Building a reliable **Data Inventory** is one of the most important (and most overlooked) foundations of effective **Privacy & Consent** work. In digital marketing, data often spreads across analytics tags, CRMs, ad platforms, product databases, customer support tools, and spreadsheets—making it hard to know what you collect, why you collect it, and whether you have permission to use it.
Data Hashing is the practice of transforming a piece of data (like an email address or phone number) into a fixed-length, pseudonymous value using a mathematical function. In a marketing environment, it’s most often used to reduce exposure of direct identifiers while still enabling matching, measurement, and audience workflows.
Cross-border Transfer is the movement or access of personal data from one country or region to another. In a digital marketing context, this often happens invisibly—when a website loads analytics tags hosted abroad, when a CRM syncs to a global cloud, or when an agency team logs into customer data while traveling. Because it can change which laws apply and how data subjects are protected, Cross-border Transfer sits at the center of effective Privacy & Consent planning and day-to-day Privacy & Consent operations.
A **Cookie Scanner** is a website scanning process (often software-assisted) that discovers cookies, pixels, SDKs, and tracking technologies running on your digital properties and documents what they do. In **Privacy & Consent**, that discovery step is foundational: you can’t properly disclose, categorize, or control what you haven’t identified. In **Privacy & Consent**, a Cookie Scanner supports accurate consent experiences, cleaner data collection, and safer marketing operations across analytics, advertising, and personalization.
A **Cookie Inventory** is the documented, continuously maintained record of the cookies and similar tracking technologies a digital property uses—what they are, who sets them, what data they collect, how long they persist, and why they exist. In the context of **Privacy & Consent**, it’s the foundation for making accurate disclosures, honoring user choices, and reducing risk without sacrificing measurement.
A **Cookie Category** is the way a website groups cookies (and similar tracking technologies) by purpose—such as essential site operation, analytics, personalization, or advertising—so people can make meaningful choices about what data is collected. In **Privacy & Consent**, Cookie Category is the foundation that turns legal requirements and user expectations into a workable, auditable experience: clear disclosures, granular controls, and consistent enforcement.
Consent-aware Activation is the practice of activating customer and audience data (for campaigns, personalization, analytics, and outreach) in a way that is explicitly governed by what each person has consented to—and what they have not. In Privacy & Consent work, it bridges the gap between capturing permissions and actually using data responsibly across channels.
A **Consent String** is a compact, machine-readable way to store and share a person’s privacy choices—what they agreed to, what they refused, and under which legal basis those decisions should be applied. In **Privacy & Consent**, it acts like a standardized “receipt” that downstream marketing and analytics systems can interpret consistently.
Consent Signal Pass-through is the practical mechanism that ensures a user’s privacy choice—such as accepting analytics cookies, rejecting advertising cookies, or opting out entirely—actually reaches every system that might collect, process, or activate data. In **Privacy & Consent**, it’s not enough to *ask* for permission; you must also *enforce* that decision consistently across tags, SDKs, pixels, servers, and partners.
A **Consent Signal** is the digital instruction that tells your website, app, and marketing stack what a person has agreed to (or declined) when it comes to data collection and data use. In **Privacy & Consent**, it’s the difference between “we think we can track this” and “we are allowed to track this for these purposes.”
Consent Revocation is the act of a person withdrawing previously granted permission for a business to collect, use, share, or store their data for specific purposes. In **Privacy & Consent** programs, it’s the moment when “yes” becomes “no,” and your systems must respond quickly, consistently, and provably across channels.
Consent Refresh is the practice of re-checking, re-confirming, or re-collecting a person’s permissions for data use over time—so your marketing, analytics, and personalization remain trustworthy, compliant, and effective. In **Privacy & Consent** work, it bridges the gap between “someone agreed once” and “someone still agrees under today’s conditions.”
A **Consent Receipt** is a durable, shareable record that captures what a person agreed to, when they agreed, how they agreed, and what that consent allows a business to do with their data. In **Privacy & Consent** work, it functions like a transaction confirmation: it makes consent auditable, portable, and easier to prove if questions arise later.
Consent Propagation is the discipline of carrying a person’s consent choices (and restrictions) reliably across every system that collects, processes, or activates data. In **Privacy & Consent** programs, it’s the difference between capturing a consent decision once and actually honoring it everywhere it needs to apply—analytics, advertising, email, CRM, personalization, and data warehousing.
A **Consent Notice** is the on-screen message (or in-app prompt) that informs people about data collection and asks them to make choices—such as accepting, rejecting, or customizing tracking and communications. In modern **Privacy & Consent** work, it’s one of the most visible touchpoints between your brand and your audience, and it directly affects trust, compliance posture, and measurement quality.
Consent Mode V2 is a measurement and tagging approach designed to help organizations respect user choices while still maintaining useful marketing and analytics signals. In the world of **Privacy & Consent**, it sits at the intersection of compliance, customer trust, and performance marketing—helping teams adapt when users decline certain categories of cookies or tracking.
Consent Management is the discipline of collecting, storing, honoring, and proving an individual’s choices about how their data is used—especially for marketing, analytics, and personalization. Within **Privacy & Consent**, it’s the operational layer that turns privacy principles into real, enforceable actions across websites, apps, and customer systems. In a world of strict regulations, browser restrictions, and rising consumer expectations, Consent Management isn’t just a compliance checkbox; it’s a foundation for trustworthy measurement and sustainable growth.
A **Consent Log** is the record of when, how, and what a person agreed to (or declined) regarding the use of their data. In **Privacy & Consent**, it’s the evidence layer behind every permission-based action—email marketing, analytics, personalization, retargeting, and even basic cookie placement. Without a reliable Consent Log, teams may *think* they’re compliant and respectful, but they can’t prove it, enforce it, or scale it.
Consent Category Mapping is the practice of translating a person’s privacy choices (what they did or did not consent to) into clear, enforceable categories that your website, apps, tags, analytics, and marketing tools can actually act on. In **Privacy & Consent** programs, this mapping is the bridge between a consent banner and the real operational behavior of your tech stack.
A **Consent Banner** is the on-screen notice (typically on websites and apps) that informs users about data collection and asks for permission to use certain categories of data—most commonly cookies, device identifiers, and similar tracking technologies. In **Privacy & Consent**, the Consent Banner is often the first “moment of truth” where a brand demonstrates transparency, earns trust, and operationalizes user choice. In **Privacy & Consent**, it also acts as the switchboard that determines what marketing and analytics can legally and ethically run.
A **Consent Audit** is the disciplined process of checking whether your organization collects, stores, and uses customer consent in a way that is accurate, provable, and aligned with your stated choices, policies, and legal obligations. In **Privacy & Consent**, it acts as the reality check between what your banners, forms, and preference centers *say* and what your systems and vendors *actually do*.
CMP Integration is the process of connecting a Consent Management Platform to the tools that collect, store, and activate customer data—analytics, tags, ad platforms, CRMs, and data warehouses—so user choices are respected end-to-end. In **Privacy & Consent** work, it’s the difference between merely *showing* a consent banner and actually *enforcing* consent decisions across every tracking and marketing workflow.
Basic Consent Mode is a privacy-first way to run marketing and analytics tags so they behave differently depending on a visitor’s consent choices. In the broader world of **Privacy & Consent**, it represents a “collect data only after permission” approach that helps organizations respect user preferences while reducing compliance risk.
Attribution Reporting API is a browser-based approach to measuring ad-driven conversions while reducing reliance on cross-site identifiers and user-level tracking. In the context of **Privacy & Consent**, it represents a shift from “track everything” measurement to “measure outcomes with guardrails,” helping teams understand performance without exposing granular browsing histories.