You may have received a document called “Proof of Consent” after you registered for access to your cookie consent registration. Here we will explain how consent registration on websites with the Complianz Privacy Suite works and how the “Proof of Consent” document is structured.
Registration and Data Minimization
Recital 42 GDPR states:
“Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.”
According to the EU Data Protection Authorities the controllers are free to develop methods to comply with this provision in a way that is fitting in their daily operations. At the same time, the duty to demonstrate that valid consent has been obtained by a controller, should not in itself lead to excessive amounts of additional data processing. This principle of data minimization means that controllers should have enough data to show a link to the processing (to show consent was obtained) but they shouldn’t be collecting any more information than necessary. It is up to the controller to prove that valid consent was obtained from the data subject. According to the EU Data Protection Authorities the GDPR does not prescribe exactly how this must be done. The controller shall also be able to show that the data subject was informed and the controller ́s workflow met all relevant criteria for a valid consent. The rationale behind this obligation in the GDPR is that controllers must be accountable with regard to obtaining valid consent from data subjects and the consent mechanisms they have put in place.
With the registration and data minimization guideline combined, a website can offer the following:
- 1. A time-stamped Cookie Policy, which is relevant to the time of registering.
- 2. Consent management settings that are relevant to the time of consent. e.g., a cookie notice and other settings.
- 3. The possibility of revoking settings is in full control of the user. On-page as well.
Your consent registration
We will explain the 3 pointers below. If you have any questions, please contact the website, as shown in the document directly. We cannot reply about privacy issues relating to others.
For these points, we will be referring to the “time of registration.” The exact time of your registration, because of data minimization, is not known by the website and is only available to you, by way of a consent cookie in your browser.
Finding your time of registration
To find the exact time, please find the cookie “complianz_consent_status” which is locally stored in your browser, and find the time and date when this cookie was created. For Chrome you can go to: Settings > Advanced > Privacy & Security > Site Settings > Cookies > See all cookies and site data.
1. A time-stamped Cookie Policy
The time-stamped Cookie Policy will show which version of the Cookie Policy was active during registration. The owner of the website will show the document relevant to the time of consent. This might not have the same time-stamp, but will be the latest draft on which you consented.
2. Consent management settings
Below the cookie policy, you will find the following list, a description is added for each.
3. Additional information for TCF
To know if your document is configured for TCF (a consent framework usually used for publishers, e.g. websites with digital advertising) please find “tcf_active => 1” under cookie banner settings. If this is the case additional information should be considered.
- Under the paragraph “Consent” you will find a link to a list of Vendors. These vendors are third-parties that could receive data for the purposes described under paragraph “Vendors” if your choices would meet the criteria. As explained during your visit, and in the document Proof of Consent, specifically in the “message_optin =>“
- Full vendor list.
4. Full settings control by the user
As explained in the cookie policy, on the website and with the possibilities on the cookie notice and revoke banner. The user has full control over changing consent or removing consent, on-page, and with browser deletion.
