GDPR language compliant

  • Resolved wake surfer

    (@trik_sea)


    2 years, 12 months ago

    I’m rebuilding the cookie policy at my clients website. Their lawyers instructed us to use the terminology of the GDPR: Strictly-necessary, Functional, Analytical, Advertising. I see where I can reclassify the purpose of a cookie, but am unclear how to relate this to the manage-consent box on the actual cookie policy. There is no Strictly-necessary “Purpose” in the complianz cookie wizard. I see where I can rename Marketing > Advertising and Statistic > Analytical, but there is no category for Strictly-necessary, which the lawyers say is the only kind we’re allowed to have on unless they opt-in. That means even Functional is opt-in so the existing Functional in complianze wouldn’t be in compliance. What can I do here? We’d be open to the paid plugin if it would provide the features we need.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Mathieu Paapst

    (@paapst)

    Hi @trik_sea

    Lawyer here ?? We are not allowed to give legal advice on this forum. But let me make it absolutely clear that the definitions and purposes we are using in the plugins are actually based on the ePrivacy Directive (aka the European cookielaw), the draft ePrivacy Regulation and statements made by the Data Protection Authorities. Cookies that are categorized under “Functional” are always allowed (also under other international cookie and Privcaylaws in the UK, the US, Brasil, Canada etc) and do not need consent.
    Please also see: https://cookiedatabase.org/function-and-purpose-of-cookies/
    As you can see there the purpose “Functional” (Not Functionality) is actually the same as strictly necessary, technical or essential. These are cookies that are necessary for a website to function properly. In our cookie policy, we also describe these purposes so for your visitors it is absolutely clear for what purposes you are/are not asking consent. Also Data Protection Authorities use the same definitions. See e.g: “The Dutch DPA stresses that consent is not required for functional cookies”.

    Please note that the GDPR does not mention “strictly necessary”. As far as we are aware the GDPR actually does not mention any of the cookie purposes their lawyers suggest you should use, so it would be interesting to hear in which article of the GDPR they have found this.

    Thread Starter wake surfer

    (@trik_sea)

    Thank you for the reply. I really appreciate it. Here’s the link to the descriptions the GDPR has for cookie types (and pasted below). However, I see the the GDPR cookie “template” uses the same descriptions as Complianz. Would both strictly-necessary and Preferences fall under Functional (as far as consent goes)? I’m trying to figure out how to keep my client (also lawyers) happy. I’m also not sure why their definitions seems to conflict with their template.

    https://gdpr.eu/cookies/

    Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.

    Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.

    Statistics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.

    Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.`

    Thread Starter wake surfer

    (@trik_sea)

    To add on, that same page under Cookie Compliance it also says:

    To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:
    Receive users’ consent before you use any cookies except strictly necessary cookies.

    Wouldn’t this mean I have to break them out into separate categories?

    Plugin Contributor Mathieu Paapst

    (@paapst)

    @trik_sea Complianz and cookiedatabase.org use these categories:
    Functional (aka essential/technical/strictly necessary),
    Preferences,
    Statistics and
    Marketing.

    There is no legal nor practical need to break Functional out into separate categories because for all the cookies that are categorized under Functional, it is not necessary to ask for consent.

    With regards to Preferences: That is a separate category that can be activated in Complianz with the help of Google Tag Manager, or by installing the WP Consent API, but in most cases, the cookies placed to save a preference (such as a language, or a shoppingbasket ) are actually a functionality “requested” by the subscriber or the user, that can therefore be categorized under “Functional”.

    Thread Starter wake surfer

    (@trik_sea)

    Ok. Appreciate the response. I’ll see how the client wants to proceed.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘GDPR language compliant’ is closed to new replies.