Privacy & Compliance
This page maps Silo’s collection controls to the major privacy regimes so you can configure a property correctly for its audience. It is not a treatise on the law and the heavy lifting of consent capture is not Silo’s job — see the responsibility split below.
Silo vs. your CMP — who does what
Section titled “Silo vs. your CMP — who does what”Consent is decided in the browser and your CMP is the single source (see Consent). Silo ships no banner: it honors whatever your CMP reports and gates its own collection accordingly. So the work splits cleanly, and only the left column is something Silo can enforce:
| Silo enforces (configure it) | Your CMP is responsible for (Silo can’t enforce) |
|---|---|
Gating collection until consent (consent.mode: opt-in) | A banner whose Accept All / Reject All are equally prominent on the first layer |
| ubid off by default, as its own consent category | Capturing a genuine, freely-given choice (asymmetric reject = invalid consent) |
| Honoring GPC unconditionally | Logging consent (timestamp + version) and a persistent re-entry point to withdraw |
Failing safe on a CDN outage (offlineFallbackMode) | Surfacing the notice that profiling tech exists and how to activate it |
If rejecting is harder than accepting, the consent your CMP collects can be legally invalid — at which point Silo’s gate is faithfully honoring a consent signal that doesn’t hold up. Getting the banner right is a precondition for everything below; Silo can’t substitute for it.
Regime → Silo control
Section titled “Regime → Silo control”| Regime | Core requirement (plain-language) | How you configure Silo |
|---|---|---|
| GDPR + ePrivacy (EU/EEA) | Prior, affirmative consent before non-essential collection or device access. | consent.mode: opt-in for the property; set consent.offlineFallbackMode: "opt-in" so a CDN outage fails closed. See opt-in vs opt-out. |
| Québec Law 25 | Opt-in consent; profiling/identification functions must be off by default (§8.1); profiling that analyzes health/behaviour is sensitive PI → specific, informed consent. | Same opt-in mode. ubid is already opt-in by default, independent of consent.mode — see ubid in sensitive contexts. |
| PIPEDA (rest of Canada) | Meaningful consent; express consent for sensitive data. | opt-in or opt-out per property via silo.consent.mode in Remote Settings; use opt-in for sensitive/health audiences. |
| CCPA / CPRA (California) | Opt-out model; must honor an opt-out preference signal (GPC). | opt-out default is acceptable; Silo honors GPC unconditionally as that opt-out signal — see GPC. |
mode is per-writeKey and lives in the CDN settings (silo.consent.mode), so
it’s tunable without a redeploy. Set EU/EEA and Québec properties to opt-in.
ubid in sensitive contexts
Section titled “ubid in sensitive contexts”ubid (universal browser id) is browser-fingerprinting-class profiling tech, so it carries the strictest requirements — and Silo’s defaults are already built for them:
- Off by default, always. ubid defaults to
opt-inregardless of the property’sconsent.mode. Nothing is computed, persisted, or stamped until the visitor consents — this is what satisfies Law 25 §8.1’s “off by default” rule at the SDK level. See ubid. - Its own consent category — don’t bundle it. Silo maps the
ubidcapability to a CMP category of the same name by default, separate fromanalytics. On health/sensitive or patient-facing properties, keep it that way: wire a dedicated, plainly-labelled CMP category for ubid so it’s a specific, informed choice rather than swept into a generic “Accept All”. Useconsent.maponly to match your CMP’s category name — not to fold ubid into analytics.
Authoritative sources
Section titled “Authoritative sources”Silo’s behaviour is documented here; for the law itself and current enforcement, go to the regulators directly rather than relying on this page.