Cookie Consent and GDPR

  • Gareth

    (@catapult_themes)


    6 years, 6 months ago

    Please note that Cookie Consent doesn’t store any user data server-side or make use of IP addresses. When a user lands on a site using this plugin and accepts the cookie notification message, the plugin places a cookie on the user’s own machine that records the user’s acceptance. It doesn’t store anything, including IP addresses, server-side.

    This means it’s not possible to allow the user to ‘opt out’ or remove their data from the site running the plugin – because no data is held on the site.

    It’s up to you to decide whether this is relevant with regard to GDPR.

Viewing 5 replies - 16 through 20 (of 20 total)

  • @gisle Thanks for your input. Really useful.

    Ill pretend you didn’t mention ePrivacy for now. I think that’s enough for one day haha.

    I think if you make the effort to explain what they are, what they do and why generally you are okay.

    Look at the requirement for the cookie and what it does. Explain how users can change their own settings and manage their own data.

    If you are using a cookie or plugin that gathers PII then you probably need (or at least it seems its best to have,) an opt in function before they are loaded.

    Most cookies seem okay to me.

    @bastien31 wrote:

    I understood that the user should have the possibilities to consent for specific cookies and decline others and could reverse his choice. This is the case on the CNIL website with the plugin tarteaucitron.js. But plugin like Cookie Consent doesn’t allow that, so is it not a problem?

    It is not a problem as far as EU regulation is concerned.

    However, when using a “one size fits all” plugin like Cookie Consent: If at least one of cookies set on your site collect PII or are used for profiling, you must set Cookie Consent up for hard consent.

    The user can still revoke consent to individual cookies. Since the cookies are stored on the user’s computer, he can delete any specific cookies to reverse his choice revoke your and access to the information in the cookie.

    There exists alternative cookie plugins, such as the one you mention, that lets the user manage cookies using javascript (instead of the built-in functions of his browser). Some views these JavaScript-based cookie managers as enhancements, some view them more critically (YMMV). However there is IMHO nothing in the Directive 2002/58/EC that requires you to provide the user with a cookie manager.

    @gisle Brilliant. Only reason I’m taking such an active interest is because several companies are using scare mongering tactics to sell compliance products. At least we know now (or have a better understanding) where the line should be drawn.

    Try this for Google Analytics to anonymise the IP address – https://www.iubenda.com/blog/ip-anonymization-google-analytics-privacy/

Viewing 5 replies - 16 through 20 (of 20 total)
  • The topic ‘Cookie Consent and GDPR’ is closed to new replies.