Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show Cookie declaration and ask for consent before user tracking #193

Open
schlos opened this issue Apr 12, 2018 · 4 comments
Open

Show Cookie declaration and ask for consent before user tracking #193

schlos opened this issue Apr 12, 2018 · 4 comments

Comments

@schlos
Copy link
Contributor

schlos commented Apr 12, 2018

Due to GDPR and EU Data Protection law, beside previously required showing cookie banner (#192), we now have to ask for user consent before tracking cookies are activated.

The following requirements in the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) has to be implemented:

  • Prior consent on other than strictly necessary cookies (ePR)
  • Prior consent on personal data (GDPR)
  • Personal data is transmitted to 'adequate countries' only (GDPR)

Please also make sure to:

  • Inform your visitors in plain language about the purpose of your cookies and trackers before setting other than strictly necessary cookies (ePR)
  • Provide options for the visitor to change or withdraw a consent (GDPR/ePR)
  • Have a mechanism in place to log and prove consents (GDPR)
  • Map and document data streams performed by third parties (GDPR)
  • Configure your consent method to use explicit/active consent when processing sensitive personal data on your website (GDPR)
  • Provide the identity and contact details of the data controller in your company (GDPR)
  • Disclose that the visitor is entitled to access, correct, delete and limit processing of personal data (GDPR)
  • Disclose that the visitor is entitled to receive personal data so that they can be used by another processor (GDPR)
  • Disclose that the visitor has the right to lodge a complaint with a supervisory authority (GDPR)
  • Inform about the occurrence of automatic decisions, including profiling (GDPR)

Some useful examples:
@schlos schlos changed the title Show Cookie declaration and ask for tracking consent Show Cookie declaration and ask for consent before user tracking Apr 12, 2018
@schlos
Copy link
Contributor Author

schlos commented Apr 12, 2018

Example of cookie declaration page generated by CookieBot:
Cookies — Code for Croatia.pdf

@themightychris
Copy link
Member

Is every cookie considered a "tracking cookie" even though we're not an ad network reading people's visits to 3rd-party websites? Is this really just required for any login functionality at all? Isn't the act of logging into a website already pretty explicitly asking the website to track who you are between pages within that site?

Either way if it's required for EU compliance let's figure it out, my musings might be moot

@schlos
Copy link
Contributor Author

schlos commented Apr 21, 2018

I'll try to sum up my findings and then I will post them here. Some similar discussion is going at https://github.com/insites/cookieconsent/issues/242

@themightychris
Copy link
Member

@schlos thanks schlos! I read through that discussion but it's hard to know who's right... I choose to like the position that for purely functional cookies no new workflows are required :-) Looking forward to hearing what you gather from it all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@themightychris @schlos