Arlo uses a tool called OneTrust to manage cookie consent on its website, which is designed to give users control over which types of cookies and tracking technologies are active when they visit the site.
This analysis describes what Arlo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
OneTrust is the mechanism through which Arlo offers users the ability to accept or decline non-essential cookies and tracking technologies; however, the effectiveness of this control depends on whether the configuration correctly gates all third-party trackers behind the relevant consent categories.
Interpretive note: The effectiveness of the OneTrust consent mechanism depends on its specific configuration, which is not fully visible in the HTML source; whether all third-party trackers are correctly gated behind consent categories cannot be confirmed from this document alone.
The OneTrust tool is your primary mechanism for controlling which tracking technologies Arlo activates on your device, but you need to actively engage with the consent preference center to exercise this control rather than relying on default settings.
How other platforms handle this
<script async="async" defer="defer" src='https://consent.trustarc.com/notice?domain=twilio.com&c=teconsent>m=1&js=nj¬iceType=bb'></script> ... <script src="https://consent.trustarc.com/get?name=trustarc-segment-wrapper-v1.1.js"></script>
YOU MUST BE AND HEREBY AFFIRM THAT YOU ARE AN ADULT OF THE LEGAL AGE OF MAJORITY IN YOUR COUNTRY OR STATE OF RESIDENCE. If you are under the legal age of majority, your parent or legal guardian must consent to this agreement.
We rely upon you to obtain any consents from your friends and contacts that may be required by law to allow us to access, upload, and use their personal information for this purpose. You or your friends or contacts may reach us at privacy@draftkings.com to request the removal of this information fro...
Monitoring
Arlo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"<!-- OneTrust Cookies Consent Notice start for arlo.com --> <script async data-cfasync="false" type="text/javascript" src="https://cdn.cookielaw.org/consent/dabf8452-cb28-42ac-b994-02f10392b33c/OtAutoBlock.js"></script> <script async data-cfasync="false" src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" data-document-language="true" type="text/javascript" charset="UTF-8" data-domain-script="dabf8452-cb28-42ac-b994-02f10392b33c"></script>— Excerpt from Arlo's Arlo Privacy Policy
1) REGULATORY LANDSCAPE: OneTrust is deployed as a Consent Management Platform (CMP), which is required for compliance with the ePrivacy Directive and GDPR for EU users, and supports CCPA/CPRA opt-out and disclosure obligations. The specific OneTrust domain script ID (dabf8452-cb28-42ac-b994-02f10392b33c) identifies Arlo's configuration, which should be audited to confirm it correctly categorizes all cookies, blocks non-essential scripts pre-consent, and records consent in a manner satisfying GDPR's accountability requirements. 2) GOVERNANCE EXPOSURE: Medium. The deployment of OneTrust is a positive governance indicator, but the async loading of tracking scripts (Facebook Pixel, Google Tag Manager, Bing Ads, VWO) in the HTML head alongside OneTrust raises questions about whether the auto-blocking configuration correctly prevents these scripts from executing before consent is obtained. The OtAutoBlock.js script is intended to handle this, but misconfiguration is a common source of regulatory exposure. 3) JURISDICTION FLAGS: EU/EEA users require that OneTrust be configured as a GDPR-compliant CMP, including a compliant consent UI, granular category controls, and refusal options that are as easy to exercise as acceptance. California residents require that the CCPA/CPRA opt-out and GPC signal response be implemented. UK users are subject to PECR cookie consent requirements, which align closely with ePrivacy Directive standards. 4) CONTRACT AND VENDOR IMPLICATIONS: OneTrust processes consent records on Arlo's behalf and is a data processor under GDPR. A DPA should be in place with OneTrust. Consent records must be retained to demonstrate compliance in the event of a regulatory audit. The OneTrust configuration should be reviewed whenever new third-party scripts are added to the site to ensure they are correctly categorized and gated. 5) COMPLIANCE CONSIDERATIONS: A technical audit of the OneTrust configuration should confirm: (a) all third-party scripts identified in this document are assigned to the correct consent category; (b) the auto-blocking feature prevents scripts from loading before consent; (c) the consent UI presents reject-all options as prominently as accept-all; (d) consent records include timestamps, category selections, and the version of the consent notice shown; and (e) Global Privacy Control signals are honored for California users. The Arlo privacy policy should cross-reference the OneTrust consent mechanism and explain what each consent category covers.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
OneTrust is the mechanism through which Arlo offers users the ability to accept or decline non-essential cookies and tracking technologies; however, the effectiveness of this control depends on whether the configuration correctly gates all third-party trackers behind the relevant consent categories.
The OneTrust tool is your primary mechanism for controlling which tracking technologies Arlo activates on your device, but you need to actively engage with the consent preference center to exercise this control rather than relying on default settings.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Arlo.