CookieYes‘ consent logging helps you to keep track of users’ consent and record them. You can use this feature if your data protection authority or the users ask you to demonstrate cookie consent for your website. In this article, we will discuss the user information CookieYes’ cookie consent log stores and how you can use it as proof of consent.

Do I need cookie consent?

If you own a website that uses cookies, you probably do. 

If you use cookies that collect personally identifiable information of the website users and track them, you must obtain user consent. Without informed consent, the data protection acts prohibit storing such cookies on the user’s device. Strictly necessary cookies are exempted from informed consent

For non-necessary cookies, your website must first inform the users about it and gain the user consent to store them on their devices. 

What does the law say about logging and demonstrating consent? 

Article 7(1) of the General Data Protection Regulation (GDPR) states that:

Where the processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to the processing of his or her personal data.

If a website processes the personal data of the EU users, it must be able to show that these people have consented to it. In the case of cookies, the website must keep records to prove that its users have given their consent to store the cookies on their devices.

The EDPB guidelines on consent explain in detail how controllers can maintain the record to demonstrate consent:

Controllers are free to develop methods to comply with this provision in a way that is fitting in their daily operations. At the same time, the duty to demonstrate that valid consent has been obtained by a controller, should not in itself lead to excessive amounts of additional data processing.

That means a website can develop its own ways to keep a record of consent obtained. However, it cannot collect more user data than necessary to keep such a record of consent.

It does not propose a standard mechanism to demonstrate consent. However, it suggests that:

For instance, the controller may keep a record of consent statements received, so he can show how consent was obtained, when consent was obtained and the information provided to the data subject at the time shall be demonstrable.

That is, a website can record the consent statements (status) of the users, how and when it obtained the consent, and what information did it provide to the users at the time of asking for consent. These details will help a website to show that they have obtained informed consent and their consent workflow meets the criteria for valid consent. 

The UK’s independent data protection authority, Information Commissioner’s Officer (ICO), proposes the following details to keep a record of consent:

  • Who consented: name or other identifiers (e.g. IP address, session ID)
  • When they consented: time and date of receiving the consent
  • What they were told at the time: information provided or category for which the users gave their consent
  • How they consented: record or timestamp of how the users registered their consent
  • Whether they have withdrawn consent: and when

How can CookieYes help me to log and demonstrate cookie consent?

CookieYes has always strived to give its customers the best and most reliable cookie management service. Our cookie consent solution ensures that your website follows the required practice for cookie compliance with privacy laws like the GDPR, ePrivacy Directive, and CCPA. That is why we keep including features that align with the requirements of these privacy laws. CookieYes’ consent logging feature is an example of that.

Using CookieYes, you can keep a log of the user consent registered via CookieYes cookie consent notice or banner. It records the users’ IP address (in anonymized form), country, consent status (with what cookie category they consented to), and time and date of consent. 

CookieYes enables consent log by default.

From the CookieYes dashboard, go to Consent Log in the menu. You will see that CookieYes starts to log the user consent as your website receives them.

CookieYes visitor consent log

You can download the cookie consent log in CSV format to demonstrate proof of consent. Click Export as CSV to download the CSV report or Proof of consent to download the PDF report which gives full details on the consent status including the cookies they accepted and rejected. 

What user information does CookieYes collect and store in the consent log?

When a user records their consent via a website that uses the CookieYes cookie consent banner, CookieYes uses a cookie named cookieyesID on your website. This cookie identifies the unique visitors related to the cookie consent. It is a necessary type of cookie that does not track or store the personal data of the users.

CookieYes stores the following user information in the consent log:

  • The anonymized IP address of the users who visit your website and interact with the cookie consent banner. It is not possible to identify a person using an anonymized IP address.
  • The country of the user.
  • The consent status of the user — “accepted,” “rejected,” or “partially accepted”. It includes details about what category of cookies the user gave their consent to load.
  • The time and date when your website received the consent.

CookieYes stores all this information under a unique consent ID assigned to the user.

Does CookieYes store personally identifiable information in the consent log?

No. As you can see, the IP addresses are masked and cannot be used to identify a person.  As already mentioned, CookieYes stores the users’ consent details under a consent ID. This consent ID is unique to each user until they clear or remove cookieyesID. Then, it will generate a different value or consent ID for them the next time they visit your website. Unless the users share their ID, you can’t identify them from the log.

How can I use the CookieYes consent log to demonstrate cookie consent?

If the data protection authority asks for proof of consent, you can easily demonstrate it using the CookieYes consent log. In case they ask for proof of consent of a specific user, you can ask the user for the consent ID. 

The user can find the consent ID from the developer console of the browser. If the site visitor is using Google Chrome, right-click the website and click Inspect (or press Ctrl + Shift + I) to open the console. Go to Application and select the website URL from the Cookies drop-down list on the left sidebar. From the Name, search for cookieyes-consent. You will see the details of the cookies. 

cookieyes consent ID google chrome inspect

Users can find the consent ID within the Value of the cookie named cookieyes-consent

If you are using an older version of CookieYes on your website, follow the same steps until selecting the website URL from the Cookies drop-down list in the console. Now, search for cookieyesID, and you will see the details of the cookies. The Value of cookieyesID is the consent ID of the user. 

cookieyes-consent-old-version-ID-value-google-chrome-inspect

For Mozilla Firefox and Safari, the users need to follow the same steps. The only difference is instead of Application on the console they must select Storage

You can ask your users to share this ID, using which you can identify and demonstrate their consent. 

What happens when the users change their consent?

When the users change their consent, another log of them under the same ID assigned earlier will be created. This helps you to identify their different consent statuses. If they remove or clear cookieyesID from their browsers, the next time they visit your website, they will get a new ID.

Sign up for free and make your website cookie compliant.

If you have any queries or need assistance from us, please feel free to contact our support. We will be happy to guide you through it.