Link between consent and the Privacy Policy version

  • What is your solution for having a reliable link between each user’s (re)consent and the accepted version (revision) of the Privacy Policy?

    For instance the Audit Log says:

    [2018/05/16 17:27:19] User gave explicit consent to privacy-policy
    and later on:
    [2018/05/17 09:32:59] User updated their privacy preferences. These are the new approved cookies and consent preferences:
    [2018/05/17 09:32:59] Consent: privacy-policy

    So here we are talking about two different versions of the Privacy Policy.
    Using the date and time of the consent I know what was the revision the user agreed to.

    OK, but if a revision is deleted by mistake then all the consents and records of that acceptance are null and void as we have no copy of the actual text they agreed to, right?

    So what’s your solution?

    Thank you
    Valdinia

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Fernando Claussen

    (@fclaussen)

    Hi @valdinia.

    I did not anticipate users accidentally deleting their policies.

    This is the extent of the functionality for now.
    I’m currently working on V2 with a lot of improvements.
    Do you have a suggestion on how we can make this better?

    Maybe add the actual policy to the audit log?

    @valdinia Good question…

    Thread Starter Valdinia

    (@valdinia)

    I think one possibility would be to save all new versions of the Privacy Policy in a folder (I mean the versions for which I must ask users for explicit consent again).
    Then each user-consent saved in the db will contain also a link to the accepted version of the Privacy Policy.
    (In this way I would avoid saving the same Privacy Policy text in the db with each consent)
    Ok, but the Privacy Policy versions should not be modified or deleted! So how could we avoid this? So should we still save the Privacy Policy text together with the consent in the db in an encrypted table? Probably, even if it would become a big table. I still have to think what would be the best solution.

    Plugin Author Fernando Claussen

    (@fclaussen)

    I think this might be a little out of the scope of the plugin. I guess users should be careful enough to not delete their privacy policy page.

    Thread Starter Valdinia

    (@valdinia)

    Correct, users should be careful enough to not delete their privacy policy page versions, it’s in their best interest.
    What they could do is intentionally modifying an already accepted Privacy Policy version and this is something that should be avoided.

    Plugin Author Fernando Claussen

    (@fclaussen)

    If the content is modified, a notification shows up asking to request re-consent. Or if it was just a typo you can ignore the change.

    Admins need to be responsible.

    “Maybe add the actual policy to the audit log?”

    THIS. It would make it way more GDPR compliant. If a website user makes a complaint, GDPR requires proof when, how and which version of the policy has been accepted.

    Allowing plugin users to copy-paste the actual policy somewhere in the plugin settings, it then would be saved as “current privacy policy”, and once the customer accepts that policy, audit log has the whole policy linked in plain text or something.

    If plugin user updates “current privacy policy” and website user accepts the new one, obviously it shows the new one in audit log when clicking on it or something.

    Just an idea since you asked for them.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Link between consent and the Privacy Policy version’ is closed to new replies.