Hi @tunarus, @tageins,
Our solution is compliant as per the below guidelines by the ICO. The below links talks about what constitutes a consent/procuring consent.
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/
Consent means offering individuals real choice and control.
We have provisioned a settings option that will allow the customers a choice for controlling their granular consent by category
Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
We assume the confusion or misunderstanding is attributed to this guideline. We agree that the default state of the non-necessary category is enabled however please note that the default consent is not procured until an informed consent has been obtained from the visitor. We do not default the consent as per the pre-ticked selection and no cookies or scripts are collected or rendered unless the visitor consents to it affirmatively by an explicit user action. Pre-ticked box in our solution just indicates the state of the button and does not enable the script prior to consent.
Explicit consent requires a very clear and specific statement of consent.
We use the default statement of consent “This website uses cookies to improve your experience. We’ll assume you’re ok with this, but you can opt-out if you wish.” with an option for controlling the choice and provide consent accordingly. We assume this statement is a clear indication of the site owners choice of consent model. Hence the visitor is expected to take an informed decision accordingly.
So if we consider the points above as a whole you will see that our solution is no violation of the privacy law, and in best interest of our customers.
Further more there is yet another citation in the ICO about what constitutes a valid consent, about allowing the visitors a free choice to opt in our out.
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/consent/what-is-valid-consent/
–“An online furniture store requires customers to consent to their details being shared with other homeware stores as part of the checkout process. The store is making consent a condition of sale – but sharing the data with other stores is not necessary for that sale, so consent is not freely given and is not valid. The store could ask customers to consent to passing their data to named third parties but it must allow them a free choice to opt in or out.
–The store also requires customers to consent to their details being passed to a third-party courier who will deliver the goods. This is necessary to fulfill the order, so consent can be considered freely given – although ’performance of a contract’ is likely to be the more appropriate lawful basis.”
However considering the apprehension regarding the points above, we have just released a version wherein the site owners can decide the default state of the toggle button(On/Off) of the non-necessary category thereby allowing them better control.
