Consent Management Platform (CMP)
Software that collects, stores, and enforces user consent preferences for data collection and cookies, helping websites comply with privacy regulations like GDPR and CCPA.
What is a consent management platform?
A consent management platform (CMP) is a tool that presents visitors with choices about how their data is collected and used, then enforces those choices across every tag, pixel, and tracking script on a website. When a user lands on a site, the CMP displays a consent banner or dialog, records the visitor's preferences, and gates downstream data collection accordingly.
CMPs categorize tracking technologies — analytics, advertising, functional, strictly necessary — and allow visitors to opt in or out at the category level. The platform then stores that consent signal (typically in a first-party cookie) and makes it available to tag managers, analytics tools, and server-side endpoints so they can respect the visitor's decision in real time.
Why it matters
Privacy regulations have made consent management a legal requirement for most websites that serve users in the EU, California, or other regulated jurisdictions. GDPR requires explicit opt-in consent before setting non-essential cookies. CCPA gives consumers the right to opt out of the sale or sharing of personal information. Failing to comply carries significant financial penalties and erodes user trust.
Beyond compliance, consent management directly affects data quality. Without a CMP:
- Data gaps widen — Tags fire before consent is granted, or do not fire at all, creating inconsistent datasets.
- Attribution breaks — If consent status is not passed downstream, ad platforms cannot properly deduplicate conversions or match users.
- Audit risk increases — Without a verifiable consent record, organizations cannot demonstrate compliance during regulatory audits.
How it works
A typical CMP workflow follows these steps:
- Banner presentation — The CMP renders a consent dialog on the visitor's first pageview, listing the categories of data collection active on the site.
- Preference capture — The visitor selects which categories to allow or deny. Some CMPs support granular vendor-level control.
- Consent storage — The CMP writes the visitor's choices to a first-party cookie (e.g.,
ilccfor category-based consent) and optionally to a server-side consent ledger. - Signal distribution — Every tag, pixel, or server-side event checks the consent cookie before firing. Events outside the consented categories are suppressed.
- Preference management — Visitors can revisit their choices at any time through a persistent link or widget, and the CMP updates the stored preferences immediately.
CMP integration models
| Model | How It Works | Trade-Off |
|---|---|---|
| Client-side gating | CMP blocks scripts in the browser until consent is granted | Simple setup, but ad blockers can interfere with the CMP itself |
| Tag manager integration | CMP signals consent to GTM or another tag manager, which conditionally fires tags | Relies on correct trigger configuration per tag |
| Server-side enforcement | Consent status is sent with each event to the server, which filters before forwarding | Most reliable — consent is enforced regardless of browser behavior |
How Ingest Labs handles consent management
Ingest Labs integrates natively with leading CMPs including OneTrust and TrustArc, reading category-based consent directly from the ilcc cookie. Consent status is attached to every event at the point of collection and enforced server-side — so even if a browser extension blocks the CMP banner, the server will not forward data for categories the visitor has not consented to. This ensures compliant data collection without sacrificing the accuracy gains of server-side tracking.
See how Ingest Labs handles consent management platform (cmp)
Book a demo to see server-side tracking, identity resolution, and data quality in action.