Table of Contents
Records of Consent is available in premium, from 4.9.2 onwardsIn the free plugin and our premium plugin below version 4.9.2 we use Proof of Consent, to fulfill the GDPR guidelines to ‘record’ your consent management efforts toward your website visitors. For more information about Proof of Consent and why it conforms to the legal obligations under the GDPR can be found here. In some instances, literal registration of consent per user is needed to conform to specific wishes of your clients, or organizations like IAB Europe when using their Transparency & Consent Framework. We will explain more below.
Registration of ConsentEnabling records of consent can be done in the wizard. As this will void the data minimization principle and will write to your database, please be aware this is a personal choice if not obligated by a specific (privacy) law, client or organization like the IAB Europe. Registering or recording your visitor’s consent will collect the following information;
- Anonymized IP Address – Most IP addresses are dynamic, so a full IP Address will be useless to specifically identify a user. We will anonymize and store the IP address.
- A unique userID which is also stored in the local storage of the user’s browser, making identification easier and more reliable than an IP address.
- The consent type of the particular region; e.g., “Opt-in”
- A timestamp of the latest consent choices by the user. A history of consent is not necessary.
Exceptions in consent choices
There are 2 exceptions if the categories on your banner are not registered.
- No choice – this happens when the user has not interacted with the cookie banner, but the banner was shown and the consent management process was started. A simple example would be someone who either did not notice the banner, or did not interact on purpose. This happens when banners are not easily visible or the user got what they needed on the page they landed or purposefully did not interact. A soft cookie wall, available under cookie banner settings should minimize this consent option.
- No warning – this consent option is shown when the consent management process was cut off for 2 reasons; either the user is not in a region with a supported privacy law. Or privacy settings, like Do Not Track, and Global Privacy Controls are set in the browser and are respected by Complianz.
Both of these will also suggest the user will default to functional cookies only.
Handling a user request
A user might request proof of consent, or the deletion of consent given.
Proof of Consent
A user might ask to show the records of consent. As you’re only obligated to show the process of consent management, we will call it proof of consent when referring to the legal obligation. How to show proof of consent;
- Ask for the UserID, which is stored in the specific browser they have entered your website.
- Search for the UserID under the menu item records of consent.
- Download the proof of consent, which is a snapshot of your settings and cookie consent management at the time of their last consent choice.
- Append this to an email whereby you summarize the other information regarding consent, IP range, consent type, timestamp, and choices.
- Make sure you point them to https://complianz.io/consent/, which is the explanation of the process.
- If they want to be removed, delete the UserID. Their local storage cookie will be void, and settings reset.
- You have now exceedingly met the expectations under the GDPR and other privacy laws.
Locating the UserID (as a website visitor)This is a quick guide on how to retrieve the UserID as a visitor of the website.
- Open your browser, in this example we will use Chrome.
- Go to Settings – Privacy and security – See all cookies and site data
- The user should look for your URL to show all stored cookies
- Look for the cookie called “cmplz_ID” and they should share the content value, or UserID (125 in the below example) and the time stamp when it was created.
- With this information from your user, you can refer them to the correct data in records of consent.
If they are unable to find or locate their UserID, send the proof of consent which relates to cookies set by Complianz and their timestamp. If there are no cookies available, send a current proof of consent and explain that without cookies and local storage a specific consent management is unattainable as you adhere to the minimization principle and no personal data is stored, so no identification without the user is possible. This also means the current consent will be set to default, which is “No choice” and no consent is yet recorded.