Consent management implementation for enterprise e-commerce

The challenge

Our customer needed a unified Consent Management Platform (CMP) across web and app. The goal was to meet GDPR and ePrivacy requirements, keep analytics and attribution compliant, and streamline consent handling in all customer touchpoints. The team selected ConsentManager, a Google-verified CMP, based on its advertised support for both channels, flexible customisation, and strong reporting.

Marketing materials and Google partner documentation suggested an easy path. The promise:

• Direct integration with Google Analytics for Firebase and certified attribution partners, no custom work.
• Smooth consent sharing between native app code and embedded web-views.

Expected outcomes

Based on vendor information and internal acceptance criteria, the team planned for:

• A consistent consent prompt across web and app.
• Synced consent state between app, web, and web-views.
• Clean signal passing to Google Tag Manager and other tools.
• Stable styling across all environments.
• Reliable reporting for audit and compliance needs.

What happened in practice

None of the acceptance criteria worked as expected out-of-the-box. Key issues included:

• Inconsistent rendering between channels.
• No automatic sync between app and webview.
• Consent stored only inside the CMP SDK in encrypted form, making it unusable for GTM unless exposed manually.
• Styling options that were slow to work with and incomplete, especially on mobile.
• Several issues in the mobile SDK that remained unresolved.

Technical workarounds delivered by the team

Despite the gaps, the team built practical solutions that restored user experience and ensured compliance.

Web-view behaviour

Out-of-the-box, the CMP showed the consent window again inside app web-views, even when consent was already provided.

• Export consent data via the CMP API as an encrypted string.
• Pass the string from the app into the web-view.
• Process it on the website so the CMP does not trigger again.
  This removed duplicate prompts and reduced friction.

Exposing consent signals for GTM

Since CMP values were stored only internally, external tools could not read them. So we created a custom solution:

• Extract consent values through the CMP API.
• Convert them into key–value pairs in a format GTM can interpret.
• Store them in cookie storage for downstream tools.
  This restored analytics and marketing data flows.

Styling and brand alignment

Custom fonts were not fully supported, and mobile font application remained unreliable. The team tested many approaches, reported issues upstream, and continued working on ways to secure full brand consistency.

Lessons for any retailer choosing a CMP

The final page summarises the core insight: vendor claims do not always match operational results. A CMP might support “web and app” in theory, but real-world integration can take considerably more engineering than expected. Our advice:

• Select a CMP based on actual use cases; do not rely on generic partner statements.
• Test web, app, and especially webview behaviour early.
• Verify how consent data is surfaced for GTM and analytics tools.
• Expect additional effort to align styling.
• Plan extra time to validate SDK behaviour across environments.

Outcome

Although significant gaps were present in the vendor’s promises, we delivered a stable implementation across the omni-channel ecosystem. The retailer now has consistent consent handling, restored analytics pipelines, and a path toward full styling alignment.