Information sent to cookiebot and CookieConsent
Our GDPR Consultant thinks that Cookiebot is not GDPR conform because:
1. Data is sent to consent.cookiebot.com when the user opens a page for the first time and the user can not avoid it.
2. CookieConsent Cookie is set when the user opens a page for the first time and the user can not avoid it.
What can I tell him?
There shouldn't be any data getting sent to consent.cookiebot.com, when the user opens a page for the first time and cannot avoid it, the script is retrieved from there. Cookiebot does not store anything about the user upon page visit. When the user consents, this users IP-address is stored anonymized (by removing the last three digits) to prove that consent was obtained.
The CookieConsent cookie will be set without consent in case that it's classified as a necessary cookie, or the user uses the async version of the script and did not mark up the script that sets this cookie. If it's set as a "preferences" cookie, it won't be set without consent when the user opens a page for the first time.
Please sign in to leave a comment.