Getting control of your website’s data collection starts with knowing what the terms actually mean. This consent glossary cuts through the noise with clear definitions of the legal and technical concepts that drive privacy compliance and MarTech governance.
Use it to interpret scan results, assess risk, or explain findings to legal, marketing, or engineering stakeholders.
📜 Privacy Regulations and Signals
Note: This is not legal advice. For questions about how these laws and signals apply to your business, consult your legal team.
GDPR (General Data Protection Regulation)
The EU’s privacy law. Requires user consent for tracking and grants individuals rights over their personal data.
CCPA / CPRA (California Consumer Privacy Act / California Privacy Rights Act)
California laws that give users the right to opt out of data sales or sharing. CPRA strengthens enforcement and expands user rights.
LGPD (Lei Geral de Proteção de Dados)
Brazil’s privacy law, modeled on GDPR. Emphasizes lawful processing and user rights.
GPC (Global Privacy Control)
A browser signal used to indicate the consent preferences of a user.
CNIL (France)
France’s data protection authority. A strict GDPR enforcer, especially around cookie usage.
PDPA (Singapore)
Requires consent for personal data collection by private organizations.
PIPEDA (Canada)
Requires knowledge and consent for collecting and using personal data in Canada.
APPI (Japan)
Restricts how businesses collect and transfer personal data, including across borders.
POPIA (South Africa)
Mandates lawful and minimal data collection for all parties handling South African data.
DPA 2018 (UK)
The UK’s post-Brexit version of GDPR. Nearly identical in structure and enforcement.
Other U.S. State Laws
States like Colorado, Connecticut, Utah, and Virginia have passed their own consent laws. Each has different opt-out mechanisms and enforcement standards. Reference the IAPP website for a regularly-updated US State Privacy Legislation Tracker.
✅ Consent Management Concepts
Consent Management Platform (CMP)
A front-end interface that collects and stores user consent preferences. Sends those choices to tag managers and other downstream tools.
Consent Logic
The rules that determine whether a tag should load based on user consent, regional laws, browser signals, or internal policy. Consent logic typically lives inside a tag management system or custom script. It must account for multiple conditions, such as whether consent was declined, whether GPC is enabled, and whether the region requires opt-in enforcement.
Unauthorized Data Collection
Any instance where personal data is collected without valid consent. Includes misfires, undeclared trackers, and tags operating outside TMS controls.
DSAR (Data Subject Access Request)
A user’s request to access, modify, delete, or export their data. Required under laws like GDPR and CCPA.
Tag Categorization
The process of labeling each tag by purpose (such as analytics, advertising, personalization) and consent category (such as strictly necessary, functional, or marketing). This ensures that the TMS can govern tag behavior correctly.
Consent Violation
A tag that collects data on a webpage despite the user having declined consent or not having provided it yet. These violations are often unintentional and caused by logic errors, race conditions, misconfigured CMPs, piggybacked scripts, or hardcoded tags. Regulatory exposure increases when such violations occur without awareness or control. Sentinel scans simulate different consent states to detect and confirm violations in context.
Consent Governance
The combination of systems, logic, and monitoring practices that ensure a user’s consent preferences are consistently honored. Consent governance goes beyond banners or legal language. It includes technical enforcement, visibility into tag behavior, and proactive monitoring for violations.
🏷️ MarTech Concepts
Technology Terms
Tag Management System (TMS)
A platform that centrally controls tag execution. Lets teams set rules for when and how scripts run, including consent enforcement.
Tag
Any client-side script that collects or transmits data. Includes analytics tools, ad pixels, personalization scripts, and more.
Pixel
Traditionally, a 1×1 image file that logs user actions by loading from a server when embedded on a page or in an email. Still common in media measurement and email marketing.
Tracking Technologies
A broad category that includes any mechanism used to collect or transmit user data. This includes tags, cookies, pixels, beacons, fingerprinting scripts, local storage, and session replay tools.
Hardcoded Tags
Tags that are embedded directly into the site’s source code — typically inside the HTML or inline JavaScript. Because they bypass the TMS, they often execute before the CMP has evaluated consent status. This makes them especially risky from a compliance standpoint. Many teams are unaware they exist until violations are flagged.
Piggybacked Tags
Tags that are introduced by other tags, often through third-party scripts or vendor containers. These can bypass consent logic by loading after the CMP has run, without triggering known controls. Piggybacking is common with advertising technologies and remarketing platforms. They are difficult to trace and frequently cause unintentional violations.
Unknown Tag / Unknown Cookie
A tag or cookie detected during a scan that cannot be confidently attributed to a known vendor. Often introduced by partner code or legacy scripts. Requires manual review to determine purpose and risk.
Data Layer
A structured JavaScript object (commonly window.dataLayer) used to store contextual information about the page, session, or user. This information is passed to the TMS to trigger tags based on specific conditions or events.
Tag Governance Terms
SDR (Solution Design Reference)
A documentation artifact that defines how tags are implemented, what data they capture, and how they align with legal and business rules. SDRs help marketing, legal, and engineering teams stay aligned.
Cookie-to-Technology Mapping
A traceable association between each cookie and the technology that sets it. This mapping helps teams understand the business purpose of each tracker and assign vendor accountability. It also supports faster resolution during incident response or compliance reviews.
Tag Deployment Method
Describes how a tag was introduced to the site: through a TMS, hardcoded directly in source code, or injected by another tag (piggybacked). Deployment method is crucial to understanding whether consent enforcement is possible or bypassed.
Tag Auditing
The practice of scanning a site to check tag behavior against documentation or policy. Audits are usually periodic, manual, and narrow in scope.
MarTech Monitoring
An always-on, automated process that detects changes in tag behavior, consent logic enforcement, and unauthorized data collection. Unlike audits, monitoring surfaces issues in real time, reducing the gap between violation and resolution.
📊 Sentinel Insights Scan Terms
Consent Compliance Check
A diagnostic scan that evaluates whether a site’s tags behave in accordance with user consent. Sentinel simulates different consent scenarios – including GPC – to test whether tags are blocked or allowed correctly.
Quick Scan
A free, single-page scan that shows tags and major risks found on that URL.
Full Report
A complete breakdown of tags, technologies, and consent violations. Delivered by email and used by marketing, legal, and engineering teams.
Technologies Found
Third-party platforms detected during a scan. Includes analytics suites, CMPs, ad tech, customer support tools, social media integrations, and personalization engines.
Monitoring vs. Auditing
Auditing is a manual, time-boxed inspection of tag behavior – useful but limited. Monitoring is continuous, proactive, and real-time. For reference, Sentinel provides monitoring to ensure teams catch violations before they escalate.
💡 Missing a term?
Like our technology, this glossary evolves alongside the space. If you’ve come across a term that isn’t listed, let us know and we’ll help define it.
