The world's largest online chess platform, with over 200 million registered members and tens of millions of games played daily, faced a consent management challenge that matched its scale. Users access the platform across web browsers, iOS, and Android apps, often switching between devices mid-session. Privacy regulations demanded consistent consent experiences across every touchpoint, and the platform's reliance on programmatic advertising meant IAB framework compliance was essential.
With a global user base spanning dozens of jurisdictions and speaking 57 different languages, the organization needed a unified system that could adapt to regulatory nuances while maintaining the seamless experience its members expect. A chess player in Germany should see GDPR-compliant consent flows with proper TCF signaling to ad partners. A user in California should encounter GPP-appropriate disclosures. And on iOS, consent choices needed to integrate seamlessly with Apple's App Tracking Transparency framework.
FLLR was engaged to implement OneTrust's Cookie Consent and Mobile App Consent modules in a way that would work at this scale while meeting the technical requirements of programmatic advertising compliance.
The Challenge
Managing consent for a platform of this size, with advertising-driven revenue, introduces complexity that generic implementations cannot address.
Fragmented Consent Across Channels
- Web and mobile applications operated with inconsistent consent mechanisms
- Users encountered different experiences depending on how they accessed the platform
- No unified view of consent status across a member's devices
IAB Framework Requirements
- Programmatic advertising partners required proper TCF (Transparency & Consent Framework) signaling for GDPR markets
- GPP (Global Privacy Platform) compliance was needed for US state privacy laws
- TC String generation and propagation had to work consistently across web and mobile
Mobile Platform Complexity
- iOS required integration with Apple's App Tracking Transparency (ATT) prompt
- Android and iOS both needed native SDK integration with TC String support
- Consent flows had to feel native to each platform while maintaining compliance
Global Scale and Localization
- User interface translations were needed for 57 languages
- Cookie scanning had to capture tracking technologies behind authenticated sessions
- The platform does not use Google Tag Manager, requiring alternative approaches to cookie blocking
Our Approach
We approached this engagement with a focus on getting the technical details right. For a platform that depends on programmatic advertising revenue, consent signals that do not propagate correctly to ad partners are not just a compliance risk. They are a business risk.
The first priority was understanding how the platform actually manages tracking technologies. Without GTM in the stack, we needed to design cookie blocking differently. The solution combined Non-Personalized Ads requests for the global audience with TCF String-based controls for GDPR countries. This approach gave ad partners the signals they need while respecting user choices.
For mobile, we knew that iOS would be the more complex implementation. Apple's ATT framework has its own consent prompt that needs to work in harmony with OneTrust's SDK. Getting the timing and user experience right required careful coordination between the two systems.
We also recognized that a domain scan of public pages would miss significant tracking activity. Much of the platform's functionality sits behind authentication, where logged-in users engage with features that involve additional cookies and scripts. We planned for an authenticated scan to get complete visibility.
Implementation
Platform Foundation and SSO
We established the OneTrust environment with appropriate user roles, permissions, and organizational structures. SSO was jointly configured to integrate with the organization's identity management, ensuring that team members access OneTrust through existing authentication flows. Three functional overview workshops brought the internal team up to speed on platform capabilities.
Web Cookie Consent with TCF and GPP
We deployed OneTrust's cookie consent solution with full IAB framework support. This included:
- A comprehensive domain scan, including an authenticated scan to capture cookies and scripts that only appear for logged-in users
- Configuration of the TCF 2.2 framework for GDPR countries, generating proper TC Strings that propagate consent signals to programmatic advertising partners
- GPP configuration for US state privacy law compliance
- Cookie blocking implemented through Non-Personalized Ads requests for global audiences combined with TCF String controls for European users
- Consent model, preference center, and geo-location rules configured to adapt the experience by jurisdiction
- Full script testing and production deployment
Four technical workshops covered the TCF and GPP configurations in depth, ensuring the internal team understands how consent signals flow through to advertising partners.
Mobile SDK Integration with ATT
We implemented OneTrust's Mobile SDK on both iOS and Android, with TC String support on both platforms. The iOS implementation included integration with Apple's App Tracking Transparency prompt, coordinating the OneTrust consent flow with ATT to provide a coherent user experience. Android implementation followed, with both platforms reaching parity on TC String generation by early August.
Language Localization
Given the platform's global reach, we completed translations for 57 languages across all consent interfaces. Users encounter consent experiences in their preferred language whether they access the platform from Tokyo, São Paulo, or Berlin.
Documentation and Enablement
We delivered implementation guides and configuration documents for both cookie consent and mobile implementations. Over 26 meetings were held across the engagement, ensuring knowledge transfer at every stage.
Results
Web Consent
- Before: Inconsistent consent mechanisms
- After: OneTrust Cookie Consent with TCF 2.2 and GPP compliance
Mobile Consent
- Before: Limited native consent controls
- After: OneTrust Mobile SDK on iOS and Android with TC String support
iOS Privacy
- Before: No ATT integration
- After: ATT prompt integrated with OneTrust consent flow
Ad Partner Signaling
- Before: Unclear consent propagation
- After: Proper TC String generation for programmatic partners
Cookie Blocking
- Before: No structured approach
- After: Non-Personalized Ads + TCF String controls by region
Localization
- Before: Limited language support
- After: 57 languages across all consent interfaces
Cookie Visibility
- Before: Public page scanning only
- After: Authenticated domain scan capturing full tracking landscape
The platform now has a consent infrastructure that meets both regulatory requirements and the technical demands of programmatic advertising. Users encounter consistent, localized consent experiences across web and mobile. Ad partners receive proper consent signals. And the internal team has the documentation and training to manage the system as requirements evolve.
The Bigger Picture
This engagement reinforced a principle we return to often: consent management for advertising-supported platforms requires more than banner configuration. It requires understanding how consent signals flow through to revenue partners and ensuring those signals are technically correct.
By implementing OneTrust's Cookie and Mobile Consent modules with full TCF and GPP support, integrating with Apple's ATT framework, and localizing for 57 languages, we helped the organization move from fragmented privacy controls to a unified system that satisfies regulators, respects users, and maintains the consent signal integrity that programmatic advertising depends on.
If your organization operates an advertising-supported platform with global reach, and you need consent infrastructure that handles IAB framework requirements across web and mobile, the question is whether your current implementation is generating the right signals for your partners. If there is any doubt, our team is ready to help.
