Websites use cookie banners to place cookies and collect website users’ data. However, to use cookies, websites need to get Cookie Consent from users.
Cookie Consent refers to an action of allowing a website to place cookies in website users' browsers to collect data about them. This isn't a recommendation. It is a legal requirement by most data privacy laws.
Cookie Consent requirements for websites are the following:
- Prior Cookie Consent is needed. Get cookie consent before you use cookies or activate any trackers on your website to collect personal data.
- Use granular cookie consent principle. Your Cookie Banner must have options to select categories of cookies, which means that users can freely select what type of cookies they agree.
- User consent must be given freely, which means it cannot be forced or pushed for in any way from your side.
- Record cookie consent for proof of compliance.
- Store cookie consent safely since it is considered sensitive legal document.
- Users should be able to withdraw cookie consent from your website easily, at any time, and without any explanation.
- Renew cookie consent at least once per year.
CookieScript allows you to collect, record, and later download, if needed, website users' cookie consent.
How to enable visitor cookie consent recording?
Consent recording can be enabled for each item individually. Just check set the "Record user consents" option:
How to download the consent log?
You can download the consent log in your CookieScript item by going to the User consents menu item. You can then choose a period for which you want to generate the Consent Log:
You will also see the status of your current Consent Record option (if it is enabled or not).
What information is collected in the consent log?
A ZIP file will be downloaded automatically. The ZIP file contains a list of CSV files, one for each day for the chosen period.
When downloading consents, you can also select to combine all consents into one file.
Inside a CSV file you will find a list with the following data for each cookie consent or rejection:
- Unique key that is saved in visitor's cookies. This key can be used to check if the user actually gave consent.
User action (accept / reject). - Masked IP address of a visitor. The last digits are set to 0, so it is not considered private data.
- Date and time when the user clicked the button. Date and time currently is taken from the user browser, so you have to adjust for possible timezone differences
- Page where consent was given
- User browser agent
- Categories that the user selected (if you allow visitors to select cookie categories). If at least one category besides strictly necessary is chosen, action (2) is set to "Accept". If no categories are accepted, action is set to "Reject"
- Text of cookie consent box that user agreed/disagreed to
As you can see, none of the data above can be considered private data, so you do not need any extra consent from the user to use Cookie-Script.
How can the user validate his consent?
If the user wants to validate his consent, he needs to provide his Consent ID key. This is a unique identifier for each consent and it is stored as a first column in the consent log. User can find his unique consent key in the following places:
- Inside About cookies tab in the Cookie Banner. Consent ID is shown right after the text explaining what cookies are.
- On the Cookie Policy page right above the cookie declaration table.
After the user requests to validate his consent with the Consent ID key, you can find his consent information in the log by this unique Consent ID.