The following article, along with the Cookiebot Data Processing Agreement, describes the data being processed when using Cookiebot Consent Management Platform (CMP).
The Cookiebot CMP is designed to provide the essential service of collecting visitor consent for any non-essential services on a website and block these services prior to consent.
The CMP itself does not collect, retain or share any personally identifiable information (PII) or track the visitor in any way before they provide consent. Cookiebot also provides no additional analytics or ad tracking apart from the core essential services we provide as a CMP.
Functionality
The Cookiebot CMP is implemented via a script tag inside the head tag of a website. When the website is loaded, the Cookiebot script loads the Cookiebot Consent banner.
Before consent is given by the visitor:
When loading the Consent Banner from consent.cookiebot.com or consent.cookiebot.eu, Cookiebot receives and processes the following data:
- The website URL that is used to serve the correct consent banner
- The visitor’s browser language that is used to serve the consent banner in the correct language
- The visitor’s user agent that is used to filter synthetic traffic from real traffic
- The visitor’s IP that is required to enable basic routing of messages on the Internet, and to determine the visitors geo-location (country and state) to serve the correct banner, fitting the visitor’s geographical location and legal jurisdiction
The data Cookiebot receives is only processed to serve the visitor the consent banner and none of this data is retained after processing.
After the consent banner is returned and shown to the visitor, the visitor usually takes a consent decision, that involves either denying all consent, giving full consent or partial consent.
After consent is given by the visitor:
This consent decision is sent to Cookiebot where Cookiebot receives the following data:
- The website URL that is used to log the Consent State correctly
The visitor’s user agent that is used to filter synthetic traffic from real traffic
The Consent State to log the consent choice of the visitor
The data Cookiebot receives is processed to document the visitor’s consent choice. To document the consent for potential auditing purposes, Cookiebot generates a Consent ID and saves it along with the Consent State on behalf of the customer within Cookiebot’s consent log database. The storage of the Consent ID along with the Consent State is necessary to exercise the visitor’s right to receive proof of consent from the Controller at any time.
After the consent is stored, Cookiebot returns the generated Consent ID to the website. The Consent ID, along with the Consent State, is stored client side inside a first-party consent cookie. Using first-party cookies as the technology prevents any tracking usecase of the consent cookie across multiple websites.
The consent cookie is not accessible to other websites or third parties. It is also never transmitted to Cookiebot, which does not track visitors to the website across different visits.
The Consent ID is used solely for the purpose described above and never for any kind of user tracking by Cookiebot.
Chart showcasing the processing of data by Cookiebot CMP
Comments
1 comment
this article is very beneficial to me, I will implement this strategy to my website!
Please sign in to leave a comment.