Real-Time CDP automatically enforces your data usage policies at the moment of activation, blocking an audience or field from going to a destination that would violate a policy. You label data, define policies that say which marketing actions are allowed on which labels, and assign marketing actions to each destination; when an activation would breach a policy, it is stopped and the interface shows the data lineage explaining which policy was violated and why. Enforcement is built into the activation workflow, so compliance does not depend on someone remembering the rules.
Data usage labels are tags you apply to data (at the dataset level or the individual field level) to categorize it by how it may be used, and they are the foundation the whole governance framework enforces against. Adobe provides
label categories including Contract ("C") labels for contractual obligations, Identity ("I") labels for data that can identify or contact a person, and Sensitive ("S") labels for data such as precise geolocation. Best practice is to label data as it is ingested, so that from the first activation onward, policies can evaluate those labels and prevent non-compliant use.
Real-Time CDP enforces consent through
consent policies that check each profile's consent state before that profile is used, so a customer who has not consented to a given use is filtered out of it automatically. The platform supports standard consent frameworks, including the IAB Transparency and Consent Framework 2.0, and lets you ingest consent signals from a consent management platform and enforce them at segmentation and activation. Consent enforcement runs alongside data usage policies, so both the "may this data be used this way" and "did this person agree" questions are checked before activation.
Yes, through attribute-based access control administered in Admin Console, where roles link users to the specific capabilities, sandboxes, and data they are permitted to use. You can grant or restrict access to particular
Real-Time CDP capabilities per set of users, and control visibility down to labeled data, so a team only sees and acts on the data its role allows. This is what lets a large organization give many teams self-service access to the same platform without every team seeing everything.
It is built in, inherited from Adobe Experience Platform rather than maintained as a separate layer, so you configure governance once and every application on the platform respects it. The labels, policies, and consent rules you define apply to the
underlying data, and they travel with that data through audience building, activation, and export, and across sibling applications like Adobe Journey Optimizer and Adobe Customer Journey Analytics. You are not standing up a parallel governance system for the CDP; you are configuring the platform's framework that the CDP enforces.