How To Really Automate Test For Privacy Consent
Privacy is now a de-facto requirement for user experience. We are used to these pop-ups to manage the cookies and privacy settings. But once we select an option, how to ensure our preferences are actually saved?
Test automation is helpful to perform such systematic verifications. But traditional test automation frameworks can lack the capability to test what is happening behind the scenes, within the data and API layers.
In this article, we share how you can automate the privacy consent verifications until the call is made to the third-party provider. We will use Cerberus Testing, the open-source test automation framework, for this use case.
The process consists of three main steps:
- Identify the privacy elements and collect network data
- Run the test to identify the third-party identifier
- Add the necessary controls on the specific provider
Your first step is to clarify the privacy elements in the user experience.
Identify the privacy elements and collect network data
The privacy requirement is handled by specific elements and flows of data. Your first task is to identify the involved elements and their underlying flows.
A simple approach is to open your website or mobile application in a new session. You will normally get various pop-ups for a new visitor. From that point, you can already identify the locators of your privacy consent boxes.
In our case, we identify the “footer_tc_privacy_button_2” as the consent acceptance button. We configure its XPath reference within the Cerberus test case.
We can run our test to collect various network data.
Run the test to identify the third-party identifier
Cerberus Testing natively provides a way to collect network traffic data. You can find more information about this capability in the article How to unlock third-party API testing.
We get the below table once we run our test. Each third-party provider interacting within the page is available in the list. Each line represents a request that was made to this partner with associated status.
Our test case focuses on privacy. We therefore select the ContentSquare provider available in the list, knowing that one of its element locators is related to privacy.
We can now use the identifier as controls in our test case.
Add the necessary controls on the specific provider
Test automation provides value for non-regression and feeling confident about our software changes. For privacy, adding controls increase our trust in the feature stability rather than performing actions only.
You can filter out the third-party in Cerberus Testing by configuring its identifier on a “setNetworkTraffic” action. That way, your control can focus on third-party control with less configuration complexity.
This parameter will let Cerberus Testing verify the presence of total requests made for this provider. Our verification consists in performing the control after we accept the cookies consent pop-up, ensuring the data has been sent after that point.
Our test can then be run through the web interface on-demand, scheduled inside a campaign, and even included inside CI/CD pipelines.
We cover the simple case of ensuring the privacy data flow from the nominal case of accepting. You can replicate the exact same structure for other use-cases like rejecting the consent and verifying particular areas of the site are reacting correctly.
This is the power of an integrated framework to truly accelerate your test automation effort, and in the end, software delivery with speed and confidence.
The importance of your test automation framework
Testing for privacy can be more complex than accepting a pop-up. The responsibility of companies is to ensure that the actual calls and data are correctly up-to-date with the customer preferences.
We share how to implement automated tests using Cerberus Testing, natively providing the features of traffic data collection, third-party listing and controls, and network data. No time was lost coding these features.
The goal of Cerberus Testing is precisely to “Stop coding and start testing”. You have no time to lose in building another new test framework. Your business objectives require a focus on more added-value activities.
Interested to test privacy on your own? Ask for a free plan.