How To Really Automate Test For Privacy Consent

cerberus-how-to-really-automate-test-for-privacy-consent-featured

Privacy is now a de-facto requirement for user experience. We are used to these pop-ups to manage the cookies and privacy settings. But once we select an option, how to ensure our preferences are actually saved?

Test automation is helpful to perform such systematic verifications. But traditional test automation frameworks can lack the capability to test what is happening behind the scenes, within the data and API layers.

In this article, we share how you can automate the privacy consent verifications until the call is made to the third-party provider. We will use Cerberus Testing, the open-source test automation framework, for this use case.

The process consists of three main steps:

  1. Identify the privacy elements and collect network data
  2. Run the test to identify the third-party identifier
  3. Add the necessary controls on the specific provider

Your first step is to clarify the privacy elements in the user experience.

Identify the privacy elements and collect network data

The privacy requirement is handled by specific elements and flows of data. Your first task is to identify the involved elements and their underlying flows.

A simple approach is to open your website or mobile application in a new session. You will normally get various pop-ups for a new visitor. From that point, you can already identify the locators of your privacy consent boxes.

In our case, we identify the “footer_tc_privacy_button_2” as the consent acceptance button. We configure its XPath reference within the Cerberus test case.

We can run our test to collect various network data.

Run the test to identify the third-party identifier

Cerberus Testing natively provides a way to collect network traffic data. You can find more information about this capability in the article How to unlock third-party API testing.

We get the below table once we run our test. Each third-party provider interacting within the page is available in the list. Each line represents a request that was made to this partner with associated status.

Our test case focuses on privacy. We therefore select the ContentSquare provider available in the list, knowing that one of its element locators is related to privacy.

We can now use the identifier as controls in our test case.

Add the necessary controls on the specific provider

Test automation provides value for non-regression and feeling confident about our software changes. For privacy, adding controls increase our trust in the feature stability rather than performing actions only.

You can filter out the third-party in Cerberus Testing by configuring its identifier on a “setNetworkTraffic” action. That way, your control can focus on third-party control with less configuration complexity.

This parameter will let Cerberus Testing verify the presence of total requests made for this provider. Our verification consists in performing the control after we accept the cookies consent pop-up, ensuring the data has been sent after that point.

Our test can then be run through the web interface on-demand, scheduled inside a campaign, and even included inside CI/CD pipelines.

We cover the simple case of ensuring the privacy data flow from the nominal case of accepting. You can replicate the exact same structure for other use-cases like rejecting the consent and verifying particular areas of the site are reacting correctly.

This is the power of an integrated framework to truly accelerate your test automation effort, and in the end, software delivery with speed and confidence.

The importance of your test automation framework

Testing for privacy can be more complex than accepting a pop-up. The responsibility of companies is to ensure that the actual calls and data are correctly up-to-date with the customer preferences.

We share how to implement automated tests using Cerberus Testing, natively providing the features of traffic data collection, third-party listing and controls, and network data. No time was lost coding these features.

The goal of Cerberus Testing is precisely to “Stop coding and start testing”. You have no time to lose in building another new test framework. Your business objectives require a focus on more added-value activities.

Interested to test privacy on your own? Ask for a free plan.

Leave a comment

Your email address will not be published. Required fields are marked *

Cerberus-Testing Terms Of Service


Website Terms and Conditions of Use

1. Terms

By accessing this Website, accessible from http://vgeouyk.cluster030.hosting.ovh.net, you are agreeing to be bound by these Website Terms and Conditions of Use and agree that you are responsible for the agreement with any applicable local laws. If you disagree with any of these terms, you are prohibited from accessing this site. The materials contained in this Website are protected by copyright and trade mark law. These Terms of Service has been created with the help of the Terms of Service Generator and the Privacy Policy Template.

2. Use License

Permission is granted to temporarily download one copy of the materials on Cerberus Testing's Website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:

  • modify or copy the materials;
  • use the materials for any commercial purpose or for any public display;
  • attempt to reverse engineer any software contained on Cerberus Testing's Website;
  • remove any copyright or other proprietary notations from the materials; or
  • transferring the materials to another person or "mirror" the materials on any other server.

This will let Cerberus Testing to terminate upon violations of any of these restrictions. Upon termination, your viewing right will also be terminated and you should destroy any downloaded materials in your possession whether it is printed or electronic format.

3. Disclaimer

All the materials on Cerberus Testing’s Website are provided "as is". Cerberus Testing makes no warranties, may it be expressed or implied, therefore negates all other warranties. Furthermore, Cerberus Testing does not make any representations concerning the accuracy or reliability of the use of the materials on its Website or otherwise relating to such materials or any sites linked to this Website.

4. Limitations

Cerberus Testing or its suppliers will not be hold accountable for any damages that will arise with the use or inability to use the materials on Cerberus Testing’s Website, even if Cerberus Testing or an authorize representative of this Website has been notified, orally or written, of the possibility of such damage. Some jurisdiction does not allow limitations on implied warranties or limitations of liability for incidental damages, these limitations may not apply to you.

5. Revisions and Errata

The materials appearing on Cerberus Testing’s Website may include technical, typographical, or photographic errors. Cerberus Testing will not promise that any of the materials in this Website are accurate, complete, or current. Cerberus Testing may change the materials contained on its Website at any time without notice. Cerberus Testing does not make any commitment to update the materials.

6. Links

Cerberus Testing has not reviewed all of the sites linked to its Website and is not responsible for the contents of any such linked site. The presence of any link does not imply endorsement by Cerberus Testing of the site. The use of any linked website is at the user’s own risk.

7. Site Terms of Use Modifications

Cerberus Testing may revise these Terms of Use for its Website at any time without prior notice. By using this Website, you are agreeing to be bound by the current version of these Terms and Conditions of Use.

8. Your Privacy

Please read our Privacy Policy.

9. Governing Law

Any claim related to Cerberus Testing's Website shall be governed by the laws of fr without regards to its conflict of law provisions.

Thank you for your interest in cerberus,

In order to proceed with your SaaS we need some in order to confirm your instances accesses.

Please provide accurate contacts to secure the process.

You can cancel any time the subscription, please read Terms of Use.