COPPA Support in the Experience Cloud Identity Service coppa-support-in-the-experience-cloud-id-service

The Children’s Online Privacy Protection Act (COPPA) prohibits the online collection of personal information from children under 13 years old without verifiable parental consent. Customers concerned about COPPA can add an optional variable to their Experience Cloud Identity Service code that prevents it from setting cookies in the third-party domain of a browser.

Cookies and Tracking

When a web page loads, the Experience Cloud ID service calls an Adobe data collection server (DCS). The DCS response includes a Experience Cloud cookie and a demdex.net cookie.

Cookies and COPPA Compliance

Third-party cookies that track visitors across different domains on websites directed to (or primarily for) children, trigger COPPA parental consent requirements. To more easily comply with COPPA for internal website analytics, add the variable disableThirdPartyCookies:true to the Visitor.getInstance function as shown below.

//Call the ID service
var visitor = Visitor.getInstance("insert marketing cloud ID here", {

    //Set disableThirdPartyCookies configuration param
    disableThirdPartyCookies: true

    ...
});

When set to true, the disableThirdPartyCookies object stops the DCS from returning the third-party demdex.net cookie. If a site visitor already has this cookie in their browser, the ID service won’t use it to create a new Experience Cloud ID or return an existing ID. Instead, the Experience Cloud ID service creates a new, random ID in the first-party cookie. Once enabled, you can collect data with the ID service and share it across different Experience Cloud solutions, including other internal operations allowed by COPPA.