Records of Consent is available in premium, from 4.9.2 onwardsIn the free plugin and our premium plugin below version 4.9.2 we use Proof of Consent, to fulfill the GDPR guidelines to ‘record’ your consent management efforts toward your website visitors. For more information about Proof of Consent and why it conforms to the legal obligations under the GDPR can be found here. In some instances, literal registration of consent per user is needed to conform to specific wishes of your clients, or organizations like IAB Europe when using their Transparency & Consent Framework. We will explain more below.
Registration of Consent
Enabling records of consent can be done in the wizard. As this will void the data minimization principle and will write to your database, please be aware this is a personal choice if not obligated by a specific (privacy) law, client or organization like the IAB Europe. Registering or recording your visitor’s consent will collect the following information;- Anonymized IP Address – Most IP addresses are dynamic, so a full IP Address will be useless to specifically identify a user. We will anonymize and store the IP address.
- A unique userID which is also stored in the local storage of the user’s browser, making identification easier and more reliable than an IP address.
- The consent type of the particular region; e.g., “Opt-in”
- The consent choices – Either the categories on your cookie policy or exceptions like “No choice” and “No warning”, as explained below.
- A timestamp of the latest consent choices by the user. A history of consent is not necessary.
- Proof of Consent document to prove the actual process of your consent management and which cookie policy was relevant during this process.
Exceptions in consent choices
There are 2 exceptions if the categories on your banner are not registered.
- No choice – this happens when the user has not interacted with the cookie banner, but the banner was shown and the consent management process was started. A simple example would be someone who either did not notice the banner, or did not interact on purpose. This happens when banners are not easily visible or the user got what they needed on the page they landed or purposefully did not interact. A soft cookie wall, available under cookie banner settings should minimize this consent option.
- No warning – this consent option is shown when the consent management process was cut off for 2 reasons; either the user is not in a region with a supported privacy law. Or privacy settings, like Do Not Track, and Global Privacy Controls are set in the browser and are respected by Complianz.
Handling a user request
A user might request proof of consent, or the deletion of consent given.
Proof of Consent
A user might ask to show the records of consent. As you’re only obligated to show the process of consent management, we will call it proof of consent when referring to the legal obligation. How to show proof of consent;
- Ask for the UserID, which is stored in the specific browser they have entered your website.
- Search for the UserID under the menu item records of consent.
- Download the proof of consent, which is a snapshot of your settings and cookie consent management at the time of their last consent choice.
- Append this to an email whereby you summarize the other information regarding consent, IP range, consent type, timestamp, and choices.
- Make sure you point them to https://complianz.io/consent/, which is the explanation of the process.
- If they want to be removed, delete the UserID. Their local storage cookie will be void, and settings reset.
- You have now exceedingly met the expectations under the GDPR and other privacy laws.
Locating the UserID (as a website visitor)
This is a quick guide on how to retrieve the UserID as a visitor of the website.
- Open your browser, in this example we will use Chrome.
- Go to Settings – Privacy and security – See all cookies and site data
- The user should look for your URL to show all stored cookies
- Look for the cookie called “cmplz_ID” and they should share the content value, or UserID (125 in the below example) and the time stamp when it was created.
- With this information from your user, you can refer them to the correct data in records of consent.
If they are unable to find or locate their UserID, send the proof of consent which relates to cookies set by Complianz and their timestamp. If there are no cookies available, send a current proof of consent and explain that without cookies and local storage a specific consent management is unattainable as you adhere to the minimization principle and no personal data is stored, so no identification without the user is possible. This also means the current consent will be set to default, which is “No choice” and no consent is yet recorded.
Managing and Deleting Proof of Consents
Managing proof of consents is crucial to prevent your consent log from using too much memory and disk space.
Why Deleting Proof of Consents is Important
- MySQL Database: Consents can take up too much disk space.
- Hosting Space (Hard Disk): Consents can take up too much disk space in the hosting space.
How to Free Up Database Space
You can save database space by deleting old proof of consents:
From Complianz Tools:
- Go to Tools → Records of Consents.
- Select the top-left checkbox to select up to 30 consents at a time.
- Click the red “delete” button on the right side to delete the selected consents.
Using phpMyAdmin or AdminerEvo:
- Access phpMyAdmin or AdminerEvo, tools provided by hosting services to manage MySQL databases.
- Locate the table
cmplz_statistics
and delete the entries. - Note: This method is for technical users. Deleting the wrong table can cause damage to your website. A backup is highly recommended.
How to Free Up Hosting Space (Hard Disk)
Complianz creates a PDF for each consent and stores them in the folder: /wp-content/uploads/complianz/snapshots
.
To free up space:
- Use an FTP Client to delete files from this folder.
- Note: Deleting files from this folder will not delete the consents from the database.