Show Cookie declaration and ask for consent before user tracking #193
Description
Due to GDPR and EU Data Protection law, beside previously required showing cookie banner (#192), we now have to ask for user consent before tracking cookies are activated.
The following requirements in the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) has to be implemented:
- Prior consent on other than strictly necessary cookies (ePR)
- Prior consent on personal data (GDPR)
- Personal data is transmitted to 'adequate countries' only (GDPR)
Please also make sure to:
- Inform your visitors in plain language about the purpose of your cookies and trackers before setting other than strictly necessary cookies (ePR)
- Provide options for the visitor to change or withdraw a consent (GDPR/ePR)
- Have a mechanism in place to log and prove consents (GDPR)
- Map and document data streams performed by third parties (GDPR)
- Configure your consent method to use explicit/active consent when processing sensitive personal data on your website (GDPR)
- Provide the identity and contact details of the data controller in your company (GDPR)
- Disclose that the visitor is entitled to access, correct, delete and limit processing of personal data (GDPR)
- Disclose that the visitor is entitled to receive personal data so that they can be used by another processor (GDPR)
- Disclose that the visitor has the right to lodge a complaint with a supervisory authority (GDPR)
- Inform about the occurrence of automatic decisions, including profiling (GDPR)
Some useful examples: