CookieHub helps you make your web site GDPR compliant using various methods designed to comply with the requirements related to storage and processing of personal information.
Ultimately, CookieHub makes getting in compliance easy, but if you want to learn about the specific GDPR requirements and what this plugin does, this handy guide will break it down quickly.
If you've yet to find a concise definition on GDPR, the concept is quite simple on paper. GDPR stands for the General Data Protection Regulation. It's a European law that impacts website owners at a global scale because it governs how anyone (from anywhere) collects and processes the personal data of individuals who reside in the European Union.
So, even if you operate your website out of the USA or anywhere else in the world, you need to make sure you're GDPR compliant if you get visitors from the EU.
Cookies are actually only mentioned once in the GDPR, so you may be wondering: Why is it such a big deal? The fact is, cookies are a cornerstone when it comes to GDPR compliance.
After all, cookies are one of the most common techniques used for collecting and tracking a user's personal data, and that's why the GDPR has set out specific rules regarding how your site can use cookies.
At the most basic level, your website must do all of the following in order to be in compliance with GDPR.
Cookie banners are the most common way that website owners can obtain cookie consent, and that's why CookieHub exists! We help make collecting GDPR-compliant cookie consent easy. So, let's break down each of these requirements further to show you what CookieHub does to simplify your efforts.
The EU General Data Protection Regulation (GDPR) states in Recital 30 that when cookies can be used to identify a person or person's device, it's considered personal data:
Natural persons may be associated with online identifiers [...] such as internet protocol addresses, cookie identifiers or other identifiers [...] This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
This applies to many web services which are used to collect data and analyze user behavior and display targeted ads.
As stated in Recital 32, a consent should be given to process any personal data:
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her [...] This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. [...]
How CookieHub Helps You Meet This Requirement:
When the CookieHub cookie consent solution is implemented on your web site, it will seek the user's consent to specified cookie categories.
The consent should be clear and inactivity is not considered consent meaning that you cannot assume the user agrees to be tracked by using the web site as explained in Recital 32:
[...] Silence, pre-ticked boxes or inactivity should not therefore constitute consent. [...]
Recital 42 also supports Recital 32 that inactivity is not considered consent:
Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.
How CookieHub Helps You Meet This Requirement:
CookieHub is configured by default to allow the user to opt-in and won't load any third party tracking services until user has allowed certain categories (when implemented correctly).
In Recital 32, it's also stated that the user must be able to consent only to certain activities if cookies are used for multiple purposes:
Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
How CookieHub Helps You Meet This Requirement:
CookieHub allows you to customize cookie categories that can be allowed or disallowed on your web site. You can configure which category each third party tracking service falls into and allow your users to take informed decisions.
Recital 42 states that you must be able to demonstrate the user's consent:
Where processing is based on the data subject's consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation[...]
How CookieHub Helps You Meet This Requirement:
When the Consent Log feature is enabled, user consents are tracked. You can download the consent log which contains unique token that can be matched to the token stored in the users browser to see which cookie categories were allowed.
Recital 42 also states that a cookie declaration in clear and plain language should be present:
In accordance with Council Directive 93/13/EEC a declaration of consent preformulated by the controller should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms. For consent to be informed, the data subject should be aware at least of the identity of the controller and the purposes of the processing for which the personal data are intended.
How CookieHub Helps You Meet This Requirement:
CookieHub scans your web site for cookies and automatically categorizes each cookie. Users will be able to see a list of cookies in use along with purpose of each cookie before consenting. Additionally, you can provide a link to your cookie policy page where you can provide detailed information about how personal data is handled.
In article 7, section 3 it's stated that the user must be able to easily withdraw consent at any time:
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
How CookieHub Helps You Meet This Requirement:
When CookieHub is implemented on your website, users can always click the settings icon in the lower left or right-hand side of their browser to change cookie settings and withdraw consent.