Aziel Epilepsia and Fernando Rubio, Airbnb
At Airbnb, we architected a Consent Management Platform that provides a data model and API that solves the GDPR/ePrivacy directive Cookie consent & banner problems, and is extensible to support other consent gestures/scenarios applicable to our users. We allow services in Airbnb to programmatically model the "Terms" to present to an end-user, describe the personas impacted by the consent, and persist an audit log for regulation inquiries. We built this platform from learnings we gained from a prior vendor solution that was no longer meeting our needs. In this talk, we present the concepts and data model we use to implement consent, and the API surface that allows our clients to query whether the client must prompt the user for consent, what terms need to be presented to the user, and persist the new record of consent. We illustrate how this model scales to solve various problems like explicit consent through Cookies Banner, and implicit consent through GPC (Global Privacy Control), and how we adapted the API to fulfill new user flows.
Aziel Epilepsia, Airbnb
Aziel is a Software Engineer in the Airbnb Privacy Engineering team. He currently focuses on Privacy service technical problems regarding user consent and data subject rights.
Fernando Rubio, Airbnb
Fernando is a software engineer on the Airbnb privacy engineering team. He currently focuses on Privacy UX to prevent dark patterns in the UI and build client-side libraries and tooling with embedded privacy, primarily focused on software used to honor user consent and manage client-side storages.
author = {Aziel Epilepsia and Fernando Rubio},
title = {Consent Management at Airbnb},
year = {2024},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}